Printout Header
RSS Feed

Provider Specific Attributes

We discussed the approach to read ALL the attributes from an Active Directory object (or an object in any other LDAP directory) in the SelfADSI article 'Reading LDAP Directory Object Attributes'. The data returned with the appropriate methods can be processed in a script.

Anyhow, there is a problem when the regarding directory server returns an attribute with the ADSI data type 'provider specific'. This is never the case in Active Directory environments, but can be seen often when you try to access a Novell eDirectory or another LDAP system which defines it's own attribute syntaxes.

If an LDAP server returns the data type 'Provider Specific', the term should better be 'attribute data type cannot clearly identified by the script'. It's difficult to read the values of such attributes (it's strange that you don't have problems to write these values in most cases). If you attempt the access with normal read methods (like Get or GetEx), you will probably get this error return code:

0x8000500C - "The Active Directory datatype cannot be converted to/from a native DS datatype"

All you can do here is to evaluate the regarding LDAP directory schema - and we need a particular method to convert the data in a format which can be handled in a script. To achieve this, you read the attribute data into the local property cache for the connected directory object. This cache is filled with the ADSI method GetInfo and can be accessed later on with the GetPropertyItem function. This function allows you to specify the data format for the regarding values within certain limits. A reasonable approach would be to always read the data in the LDAP syntax octet string and convert it into any other format afterwards.

Const ADSTYPE_OCTET_STRING = 8 Set obj = GetObject("LDAP://,ou=apps,o=cerrotorre", _ "cn=supervisor,ou=users,o=cerrotorre", "P@ssw0rd", 0) obj.GetInfo 'fill the attribute cache 'get attribute "appPath" from the cache as a binary value Set prop = obj.GetPropertyItem("appPath", ADSTYPE_OCTET_STRING) valuearray = prop.Values '...the function always return an array For Each value In valuearray data = value.OctetString 'the actual value is read hstr = OctetToHexStr(data) 'Ouput WScript.Echo hstr & vbCrLf WScript.Echo PrintOutHex(hstr, 16) & vbCrLf WScript.Echo HexStrToAscii(hstr, True) Next Function OctetToHexStr(var_octet) 'Converts binary data to a hex string Dim n OctetToHexStr = "" For n = 1 To lenb(var_octet) OctetToHexStr = OctetToHexStr & Right("0" & hex(ascb(midb(var_octet, n, 1))), 2) Next End Function Function PrintoutHex(var_hex, width) 'Takes a hexstring and returns an output in a hex editor style 'The width parameter determines how many byte per line the output has Dim k1, k2, s1, s2 PrintOutHex = "" For k1 = 1 To Len(var_hex) Step (width *2) s1 = Mid(var_hex, k1, (width *2)) s2 = "" s3 = HexStrToAscii(s1, False) For k2 = 1 To Len(s1) Step 2 s2 = S2 & Mid(S1, k2, 2) & " " Next s2 = s2 & String((width *3)-Len(s2), " ") If (k1=1) Then PrintOutHex = PrintOutHex & s2 & "| " & s3 Else PrintOutHex = PrintOutHex & vbcrlf & s2 & "| " & s3 End If Next End Function Function HexStrToAscii(var_hex, format) 'Converts a hex string to an ASCII string. 'If 'format'=TRUE, tabs and CR/LFs are inserted Dim k, v HexStrToAscii = "" For k = 1 To Len(var_hex) Step 2 v = CInt("&H" & Mid(var_hex, k, 2)) If ((v>31) And (v<128)) Then HexStrToAscii = HexStrToAscii & (chr(v)) Else If (format) Then Select Case v Case 8 HexStrToAscii = HexStrToAscii & vbTab Case 10 HexStrToAscii = HexStrToAscii & vbCrLf Case 13 Case Else HexStrToAscii = HexStrToAscii & "." End Select Else HexStrToAscii = HexStrToAscii & "." End If End If Next End Function

The result: The binary raw data is first displayed as a pure hex string, after that a second output shows it like it would be in a hex editor, the last output is pure ASCII text:

ScreenShot Script Output

ADSI Reference on the MSDN: Property Cache Interface

In Active Directory environments, attribute values should NEVER be returned in the format 'Provider specific' by the server. If this is the case, there has to be a malfunction of the regarding domain controller or in the ADSI interface. In other directory services environments (like eDirectory), you may encounter these provider specific attributes some times.