Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ADSI and LDAP Queries

39 views
Skip to first unread message

Mandoskippy

unread,
Jul 19, 2006, 1:27:26 PM7/19/06
to
I have a script that uses two Hey Scripting Guy examples and tries to
merge them with no luck.

I need to list all the domain controllers in a domain.

http://www.microsoft.com/technet/scriptcenter/resources/qanda/dec04/hey1216.mspx

and do it with a non-domain computer and alternate credentials

http://www.microsoft.com/technet/scriptcenter/resources/qanda/dec05/hey1209.mspx

Ok no problem right? Well, since my computer (or the computer running
the script) is not a memeber of the domain, using the RootDSE is out
(Example Code:)

Set objRootDSE = GetObject("LDAP://RootDSE")
strConfigurationNC = objRootDSE.Get("configurationNamingContext")

And since I need that strConfigurationNC I just added CN=Configuration,
in front of the DN of hte domain so I set
strConfigurationNC = "CN=Configuration,DC=Corp,DC=Example,DC=Com"

No problem... I then use the alternative credential example

objConnection.Properties("User ID") = AuthUser
objConnection.Properties("Password") = AuthPAss
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3

to use an account for this purpose. Great

So my code looks like this...


dim arDCs()
dim arDCsVal
Dim strConfig
Dim DNSDomainName
Dim strDNSDomain
Dim objConnection
Dim objCommand


strDNSDomain = "CN=Configuration,DC=corp,dc=example,dc=com"

Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = "example\administrator"
objConnection.Properties("Password") = InputBox("enter Password",
"password", "")
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3

objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

call FillDCAr

Sub FillDCAr()
Dim strBase
Dim strFilter
Dim strattributes
Dim strQuery
Dim objRecordSet
Dim objDC


strQuery = "Select ADsPAth From 'LDAP://" & strDNSDomain & "' where
objectClass='nTDSDSA'"

objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False
'On Error Resume Next
Set objRecordSet = objCommand.Execute
'If Err <> 0 Then
' Wscript.echo strQuery
' Wscript.quit
'End If
'On Error Goto 0


' Enumerate parent objects of class nTDSDSA. Save Domain Controller
' AdsPaths in dynamic array arDCs.

Do Until objRecordSet.EOF
Set objDC =
GetObject(GetObject(objRecordSet.Fields("AdsPath")).Parent)
arDCsVal = arDCsVal + 1
ReDim Preserve arDCs(arDCsVal)
arDCs(arDCsVal - 1) = objDC.DNSHostName
objRecordSet.MoveNext
Loop
End Sub


And all I get is "Table does not exist" Is there a way to bind to a
non associated (workstation connecting to a DC that is not in the same
domain as the Workstation) using alternative credentials?

Thanks!

Richard Mueller

unread,
Jul 19, 2006, 10:39:00 PM7/19/06
to
I don't use SQL syntax when I query AD with ADO, but you need to set your
scope to subtree. From the link you gave, I think you are missing the
following:

Const ADS_SCOPE_SUBTREE = 2
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

That might explain the empty recordset. Also, do not use "On Error Resume
Next", as Microsoft does in the example. There is no need for it and it
makes troubleshooting a nightmare.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

"Mandoskippy" <mandoli...@gmail.com> wrote in message
news:1153330046....@s13g2000cwa.googlegroups.com...

Mandoskippy

unread,
Jul 20, 2006, 12:43:51 PM7/20/06
to
Thank you for your reply. I incorporated your suggestions (see working
code below) and I still get the error "Table does not exist" I did some
log checking.. and when I have the authentication information commented
out, I get the same error. BUT when commented out, I see a logon
failure on my domain controller (I see the username and domain of the
workstation trying to connect) , with the login information not
commented ouI never get that security event (whether I use a good
password or not) (neither success or failure) This happens when I
change nothing except commenting out the authentication items (user,
password, encrypt password, and ADSI Flag) Any thoughts?


dim arDCs()
dim arDCsVal
Dim strConfig
Dim DNSDomainName
Dim strDNSDomain
Dim objConnection
Dim objCommand

Const ADS_SCOPE_SUBTREE = 2

strDNSDomain = "CN=Configuration,DC=example,dc=local"

Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"

objConnection.Properties("User ID") = "EXAMPLE\Exampleadmin"


objConnection.Properties("Password") = InputBox("enter Password",
"password", "")
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3

objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

call FillDCAr

Sub FillDCAr()
Dim strBase
Dim strFilter
Dim strattributes
Dim strQuery
Dim objRecordSet
Dim objDC


strQuery = "Select ADsPAth From 'LDAP://" & strDNSDomain & "' where
objectClass='nTDSDSA'"

objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'On Error Resume Next
Set objRecordSet = objCommand.Execute
'If Err <> 0 Then
' Wscript.echo strQuery
' Wscript.quit
'End If
'On Error Goto 0


' Enumerate parent objects of class nTDSDSA. Save Domain Controller
' AdsPaths in dynamic array arDCs.

Do Until objRecordSet.EOF
Set objDC =
GetObject(GetObject(objRecordSet.Fields("AdsPath")).Parent)
arDCsVal = arDCsVal + 1
ReDim Preserve arDCs(arDCsVal)
arDCs(arDCsVal - 1) = objDC.DNSHostName
objRecordSet.MoveNext
Loop
End Sub

topherthomas13

unread,
Jan 12, 2007, 1:34:00 PM1/12/07
to
Mandoskippy.

I was having the same exact problem as you. In my build process, I have a
script that generates a computer name based off of input, renames the
machine, and adds it to the domain. Consequently, machine accounts were
being overwritten and people were getting knocked off the domain. I needed
to implement a way for my script to check for the existence of the proposed
machine name before adding it to the domain. I used pretty much the same
exact code that you used and got the same results as you (Table does not
exist). I figured it was because the script was being run from a machine
that was not a part of the domain. After playing around for a bit, I
discovered the answer. I needed to add the full path to my domain controller
in my LDAP query.

For example: SELECT name FROM
'LDAP://servername.fabrikam.com/DC=fabrikam,DC=com' WHERE
objectCategory='computer' and Name='somecomputername'

The only other thing that I did differently from what you already had was I
set the ADSI Flag to 1 instead of 3. That seemed to do the trick. I am now
able to ensure that a computer will not be named the same as an existing
computer account.

I know it's been since July that a new message was posted in this thread but
I thought I would answer it anyway. You may have already found the answer by
now but if not, hope this helps.

Lasse

unread,
Apr 11, 2007, 6:08:03 AM4/11/07
to
Hi,

This thread might be dead, but incase someone would like to help me out...

I've tried all your suggestions regarding the authentication issue. When I
use the code as described below I get the following error:
Source: Provider
Error: Unspecified error
Code: 80004005

Any ideas?

Lasse

0 new messages