Och, I just love using M$ API's.

Currently using their COM/LDAP API to provide iDM with a windows/2000 user create and manage facility.
So. Whats wrong ? Nowhere can I find a list of properties that a "user" object can posess. Your supposed to enumerate them from the schema. Right. But does that work ? No. Fine.

Aside from that, there's yet another naming standard (for instance: cn=admin,cn=users,dc=ad,dc=com) with no idea if an object is a container (and therefore a "dc" or is a container-like object (and therefore accessed via "cn").

I guess this is why there's a huge lack of systems on the market that manage M$ AD (win2k style) using LDAP.

Still, aside from the poor documentation, badly coded examples, and lack of schema documentation - its all getting there. Created users last night. Today - Groups! (Oh - this'll make you laugh. Windows NT didnt support nested groups. Win2k documentation treats these as new fangled fantastic features. Sigh. In Notes since version 1 ? )