• Home
• Tutorials
• Forums
• Reference
• Developers
• Advertise
• About Us
• Pablo's ColdFusion Blog

Using CFLDAP to Query or Modify Active Directory
Using CFLDAP to Query Active Directory

The CFLDAP command gives you the ability to query Active Directory to pull out (or insert) information into AD. Once place it has been useful in our organization is for creating an online directory and keeping it up to date. This can also be used to check an account against active directory for authorization. Here’s how it works:

To query active directory based on a person’s username, use the following:

First build a form, call it login.cfm and add to fields:
One textbox called username and the other called password.
Add a submit button and pass the form data to a page called adquery.cfm

Here’s the code for the adquery.cfm page. Put this right at the top of the page:

<cfldap action="query"
           server="servername.domain.net"
           name="Results"
           start="DC=domain,DC=net"
           filter="(&(objectclass=user)(SamAccountName=#form.username#))"
           username="domainname\#form.username#"
           password="#form.password#"
           attributes = "cn,o,l,st,sn,c,mail,telephonenumber, givenname,homephone, streetaddress, postalcode, SamAccountname, physicalDeliveryOfficeName, department">

Action: explain what you want to do
Server: your server
Name: Name of your query
Start: Where your query should start. If you have a large AD, you can search certain OU by adding an OU= in front of the DC part.
Filter: filters out computer accounts by setting it to Objectclass=user. The SamAccountName part says only retrieve records where the Username is what you put in on the form before this page.
Username: This is the username to validate againist the server with. In this case, I am using the info from the form. You can fill this in statically with an account that is used just for this purpose.
Password: Account password.
Attributes: These are the field you want to pull from active directory. Most of them are pretty self explanitory.

Then just use the field on the page like you would use any other database query.

Now, to modify AD with CFLDAP, we change the code a little. First create a form with the field on it you want to modify. In this case, we’ll use mobile phone and postal code. Pass those variable to a page containing the following:

<cfldap action="modify"
           DN="#form.dn#"
           attributes="postalcode=#form.postalcode#;mobile=#form.mobile"
           modifytype="replace"
           server="server.domain.net"
           username="username"
           password="password">

Notice we change the action to modify instead of query.

DN: The Distiningued name of the object you want to modify. Look this one up on Microsoft if you have problems.
Attributes: Fields in AD we wanna modify.
ModifyType: Replace. We are not adding or deleting info, we are just replacing it.
Server: servername
Username: username of the account you want to use to modify AD, not the account you are modifying.
Password: password

Good luck with this guys. It can be a great tool, but can be a pain to get working. The code has to be flawless or you’ll get an error. Look online at a few other sites if you are still having problems.