Two important features of Active Directory require administrators to create their own tools:
The ability to extend the Active Directory schema with your own classes and attributes, which allows you to store additional data with objects
The ability to delegate control of administration of Active Directory in a very detailed manner
If you take advantage of these, there is a large chance that you will want to provide customized tools for administration.
For example, you might decide that a group of users is to manage only certain properties of certain objects, say which users can go into a group. There is no point in giving them Active Directory Users and Computers snap-in; that's like using a sledgehammer to crack a nut. Why not create a tool of your own that only allows them to manipulate the values that they have permission to? If you then incorporate logging into a file or database within this application, you have a customized audit trail as well.
Tools of this nature do not lend themselves to VBScript since they tend to require a much more enhanced GUI interface. Consequently, you are left with three choices:
Write code in a compiled language like Visual Basic or VB.NET that supports complex GUI routines.
Write code for a web-based interface using HTML and Active Server Pages (ASPs) or using ASP.NET.
Write code in another scripting language such as Perl that supports complex graphical controls.
We will concentrate on the first two in this chapter.