Authentication (ADSI)

In ADSI, credentials that consist of a user name and password are used to provide or restrict access to objects in the directory service. The ADsGetObject function uses the credentials of the calling thread for authentication. The ADsOpenObject function and IADsOpenDSObject::OpenDSObject method can be used to specify credentials other than those of the calling thread. When an object is bound to with an authenticated user, the user is allowed access to the object as supported by the underlying directory service security requirements.


The ADsOpenObject function and IADsOpenDSObject::OpenDSObject method should not be used to validate user credentials. For more information about validating user credentials, see Microsoft Knowledge Base article 180548 HOWTO: Validate User Credentials on Microsoft Operating Systems.


The following code example shows how to use the OpenDSObject method to authenticate a user.

Dim MyNamespace As IADsOpenDSObject
Dim X

OnError GoTo CleanuUp
Set MyNamespace = GetObject("LDAP:")

' For authentication, pass a variable for the user name and password to be used for 
' authentication. For security reasons, it is recommended that you use the ADS_SECURE_AUTHENTICATION flag.
Set X = MyNamespace.OpenDSObject(DN, oUserName, oPassword, ADS_SECURE_AUTHENTICATION)     

    MsgBox ("An error has occurred.")
    Set MyNamespace = Nothing
    Set X = Nothing