
AD – A Javascript implementation of common Active Directory tasks - robinj6
https://github.com/dthree/ad/blob/master/readme.md/#
======
dsl
I really appreciate the effort put in to a library like this, fantastic work.

However I would strongly warn anyone considering using it to do massive
amounts of testing in their real production network. Implementing against the
current version is easy, but lets remember: this is a protocol old enough to
buy cigarettes. It not only changes in behavior between versions, it also has
edge cases where things behave differently when the version you are running is
an upgrade. Or an upgrade in progress. Or part of a forest that also has...
etc.

------
0xbear
I'm pretty sure Microsoft had this 15 years ago. AD is accessible through COM.
Anything that's accessible through COM is scriptable in JS and VBScript (if it
still exists, it's been a while).

~~~
pjc50
.. and Powershell. It's very, very hard to discover what this API is though.

~~~
youdontknowtho
Ops project or PowerShell?

~~~
pjc50
COM APIs within powershell generally and AD ones in particular.

------
AndrewCHM
[https://gist.github.com/Summertime/95cc7bec49d3948ce2f76ded0...](https://gist.github.com/Summertime/95cc7bec49d3948ce2f76ded0233dde4)
An attempt to transcribe the examples to powershell cmdlets, in case anyone
was wondering how much it differs to the tools pre-existing for the task

\- - -

I have to say, other than setup and lack of permission handling the js lib
has, I would find myself preferring it

------
holydude
I am not very proficient in javascript so excuse my idiotic questions but how
does this work ? Does this need to talk to some low level api or nodejs
supports this or ?

~~~
robinj6
You would download and run this on a Node server. It then uses LDAP to talk to
Active Directory, and exposes a Javascript library to make that talk simple.

~~~
delinka
I don't think the server part is necessary. Regardless of where you run it, it
relies on ldapjs to talk LDAP to Active Directory.

~~~
youdontknowtho
LDAPJS is neat. You can actually run an LDAP server in NODE. I haven't played
with it too much, but that's one of those things I just didn't think I would
see.

------
ToFab123
Let me get this straight. Passwords, including the password of a domain admin,
are hardcoded as plain text in client side JavaScript files. Surely, I must be
reading this wrong?

~~~
IncRnd
The authors are even aware of this! The admin password in their first example
is "howinsecure".

~~~
tracker1
A recent shared secret, I defaulted to "not very secure" for local
dev/testing, but uses an environment variable in practice.

~~~
IncRnd
Thank you for the clarification.

