Accessing Active Directory Service Interfaces (ADSI) from Java
Accessing Active Directory Service Interfaces (ADSI) from Java |
|
This example demonstrates how to access Active Directory Service Interfaces (ADSI) from Java. J-Integra® for COM is a Java interoperability component that bridges Java and ADSI. It provides bi-directional access of Java objects and COM components.
This example shows you how to programmatically automate ADSI from Java using the COM API that ADSI exposes, in order to create a new "local" user account from Java. You can run the Java client on a Windows machine to access its local ADSI, or run the Java client on a non-Windows machine (such as Linux) to access ADSI on a remote Windows machine.
We assume that you are familiar with Java -- no COM knowledge should be required. We assume you have downloaded and expanded the J-Integra® kit from http://j-integra.intrinsyc.com/ and installed it correctly.
You can try this example on local Windows machine first to get a feel for how easy it is to use J-Integra® to access ADSI from Java. Once you make it working on local machine, you can then try to run the Java client on a non-Windows machine to remotely access ADSI on another Windows machine.
Run J-Integra®'s com2java tool on the Windows machine, and select C:\WINNT\system32\activeds.tlb as the type library, choose an empty directory named activeds (e.g. C:\activeds) as output directly, and use activeds as Java package name. Click the Generate Proxies button to generate Java proxies from ADSI type library.
This example is written for ADSI on Windows 2000 machine. If you use a different version of Windows, you need to look at the generated Java proxies of ADSI and call the methods accordingly.
Create a .java file named CreateUser.java. Then copy and paste the Java code below:
public class CreateUser {
public static void main(String[] args) throws Exception {
try {
String host = "localhost"; // IP name of NT machine we are talking to
String ntDomain = "linardellw2k"; // Its domain (use machine name if no domain)
String adminUser = "administrator";
String adminPassword = "...";
String newUserName = "fred";
String newUserPassword = "fredsSecretPassword";
String newUserFullName = "Frederick Bloggs, esq.";
String newUserDescription = "A new user created from pure Java";
createUser(host, ntDomain, adminUser, adminPassword,
newUserName, newUserPassword, newUserFullName, newUserDescription);
} catch (Exception e) {
e.printStackTrace();
} finally {
com.linar.jintegra.Cleaner.releaseAll();
}
}
/**
* createUser. Create a new Windows User account via the Active Directory Services.
*
* @param host. The TCP/IP name of the Windows 2000 machine on which the user should be created
* @param domain. The NT domain for the machine (specify the machine name if no domain)
* @param adminUser. The name of an account with Administrator priviliges
* @param adminPassword. The password for the administrator account you specified
* @param newUserName. The NT UserName for the new account
* @param newUserPassword. The NT password for the new account
* @param newUserFullName. The full name to be specified for the new account
* @param newUserDescription. The description associated with the new account
* @exception java.io.IOException If there are communications problems or if the create fails.
*/
public static void createUser(String host, String domain, String adminUser, String adminPassword,
String newUserName, String newUserPassword, String newUserFullName,
String newUserDescription) throws java.io.IOException {
// DCOM authentication: Make sure domain, adminUser, adminPassword are valid credentials.
// Uncomment this line if CreateUser.java remotely accesses ADSI:
// com.linar.jintegra.AuthInfo.setDefault(domain, adminUser, adminPassword);
// Connect to the Windows NT ADSI namespace COM object
// (messier than normal because there is no TLB with this class in it)
activeds.IADsOpenDSObject adsOpen = new activeds.IADsOpenDSObjectProxy(WINNT_NAMESPACE_CLSID, host, null);
// Open the specific domain we want, 1 == "Secure Encryption"
Object tmpObject = adsOpen.openDSObject("WinNT://" + domain, adminUser, adminPassword, 1);
activeds.IADsContainer computer = new activeds.IADsContainerProxy(tmpObject);
// Create the new user
activeds.IADsUser user = new activeds.IADsUserProxy(computer.create("user", newUserName));
// Set various properties, and confirm the change
user.setPassword(newUserPassword);
user.setFullName (newUserFullName);
user.setDescription(newUserDescription);
user.setInfo();
}
private static final String WINNT_NAMESPACE_CLSID = "250e91a0-0367-11cf-abc4-02608c9e7553";
} |
On the Java client machine, make sure your CLASSPATH and PATH environment variables are set up according to J-Integra® installation instructions. Compile and run the example in J-Integra®'s native mode (you need to use DCOM mode if remotely accessing ADSI):
javac CreateUser.java
java -DJINTEGRA_NATIVE_MODE CreateUser
When you run the example nothing much will happen, but on the NT machine you will see the new user under the Computer Management tool.
You can also run the Java client on a remote machine, such as Linux, Solaris, UNIX and AIX. For instance, if you run it on a Linux machine, then you must do the following.:
We do not provide the documentation of the generated Java proxies since the Java proxies are just mapped from the programming API of the COM component. For more information about ADSl programming, please refer to Microsoft Platform SDK: Active Directory Service Interfaces and Mapping VB code to Java code.