the Active Directory Service Interfaces (ADSI) WinNT provider doesn't have a search mechanism like the ADSI Lightweight Directory Access Protocol (LDAP) provider does, I'm using a script similar to the one in Listing 3 to perform the search operation. This script takes a long time to run because our domain contains thousands of user accounts. Can you offer any suggestions to improve the script's performance?
To improve the script's performance, you can bind directly to the user object in question instead of enumerating all users. When the user exists, the GetObject function succeeds. When the user doesn't exist, GetObject fails. This approach will not only significantly improve your script's performance but also reduce the script's impact on your network and domain controller (DC).
The script in Listing 4 demonstrates how to use the bind operation to determine whether a user exists. The code at callout A in Listing 4 is key. This code begins by enabling the On Error statement, VBScript's error-handling mechanism. Next, the script tries to bind directly to the user object in the NT 4.0 domain. This code works equally well with Active Directory (AD) in Windows 2000 and local SAM databases in NT 4.0 member servers and workstations. Following the GetObject call, the script checks the VBScript Err object to determine whether GetObject succeeded.
When the Err object's Number property is 0 (i.e., no error), GetObject succeeded, so the script sets blnFound to True. When the Err object's Number property is equal to the Win32 error code assigned to the USERNAME_NOT_FOUND constant, GetObject failed, so the script sets blnFound to False. When the Err object's Number property is something other than 0 or the USERNAME_NOT_FOUND constant's value, some other error occurred. The script echoes that value to the console and immediately exits.