<aside> πͺ
Active Directory Service Interfaces (ADSI) is a set of COM interfaces used to access the features of directory services from different network providers. ADSI is used in a distributed computing environment to present a single set of directory service interfaces for managing network resources. Administrators and developers can use ADSI services to enumerate and manage the resources in a directory service, no matter which network environment contains the resource.
ADSI enables common administrative tasks, such as adding new users, managing printers, and locating resources in a distributed computing environment.
</aside>
<aside> πͺ
COM (Component Object Model) interfaces are a mechanism used in Windows to allow programs to communicate with each other, regardless of the programming language they are written in.
Essentially, COM is a component-based programming model where software objects expose interfaces that other applications can use to interact with them.
A COM interface is a predefined set of methods (functions) that an object exposes for external interaction. These interfaces are strictly defined, ensuring compatibility between different components.
Example of using ADSI through COM:
' Connect to Active Directory
Set objUser = GetObject("LDAP://CN=John Doe,CN=Users,DC=example,DC=com")
' Modify a user attribute
objUser.Put "description", "New description"
objUser.SetInfo
</aside>
When we enumerate the domain, most of the time, we are interacting with the LDAP service. There are three LDAP APIs:
<aside> π‘
All LDAP requests from a directory client ultimately go through the native LDAP C API.
</aside>
This enumeration technique focuses the DirectoryServices (SDS) namespace which provides us easy access to the domain objects. It is based on ADSI and it uses .NETβs ability to interoperate with COM to provide a managed code wrapper around some of the ADSI interfaces.
There are actually three namespace we can use to interact with the LDAP service:
System.DirectoryServices
It provides easy access to Active Directory Domain Services from managed code. The namespace contains two component classes, DirectoryEntry and DirectorySearcher, which use the Active Directory Services Interfaces (ADSI) technology.
System.DirectoryServices.ActiveDirectory
It provides a high-level abstraction object model that builds around AD services tasks. It is used to automate AD management tasks and is not used to access data resides within AD.
System.DirectoryServices.Protocols
Unlike the first two namespace, it has no dependencies upon the ADSI COM-based system for directory access, it supports LDAP by calling directly into the Windows LDAP library (wldap32.dll).
<aside> π‘
This namespace is used in ADCollector because S.DS.P provides highest level of control and performance (and it seems like we can only create computer objects with the Protocols namespace). But this topic is all about the first namespace System.DirectoryServices.
</aside>