Re: Verify existence of computer object

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

David Trimboli wrote:

I'm writing a script that will allow a Help Desk user delete an Active
Directory computer object prior to its re-imaging. My script binds to the
containing OU then calls the Delete method of that OU, naming the computer
object to be deleted. The script works fine.

My question regards error-handling in the case that the computer object
has already been deleted from Active Directory (say, the user already ran
the script). The default error message is verbose, but probably a little
scary to a non-scripter. I've been trying to find a way to verify the
existence of a computer object BEFORE attempting to delete it so that I
can include my own error message. (The Err object seems to have a blank
description when a deletion fails because the object doesn't exist.)

What would be the easiest way of doing this?

You can trap the error, using "On Error Resume Next". Just restore normal
error handling after the statement that might raise an error with "On Error
GoTo 0". The Err object is used to retrieve error information. This object
has properties Number, Description, and Source. It might make sense to bind
to the user object, instead of the parent OU. If this bind fails, the user
object does not exist. If it succeeds, invoke the DeleteObject method of the
object. For example:
=======
On Error Resume Next
Set objUser = GetObject("LDAP://cn=TestUser,ou=Sales,dc=MyDomain,dc=com";)
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "User not found."
Else
On Error GoTo 0
objUser.DeleteObject (0)
Wscript.Echo "User object deleted."
End If
=======
Or, you can trap the error when

objOU.Delete "user", "cn=TestUser"

fails. However, how do you query for the user name and parent container? Or
are all of your users in the same OU so you can hard code the DN of the OU.
You might want to query for the NT name (pre-Windows 2000 logon name) of the
user, then use the NameTranslate object to convert this to the Distinguished
Name. For more information see this link:

http://www.rlmueller.net/NameTranslateFAQ.htm

Then you can bind to the user object and invoke DeleteObject. If the user
does not exist, an error is raised on the Set method of the NameTranslate
object, so you would trap that error. For example:
==========
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1



' Prompt for user name.

strNTName = InputBox("Enter User NT Name", "Delete User")

' Determine DNS name of domain from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE";)
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)


' Use the Set method to specify the NT format of the user name.
' Trap error if user does not exist.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strNTName
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "User does not exist."
Wscript.Quit
End If
On Error GoTo 0
' Use the Get method to retrieve the RPC 1779 Distinguished Name.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)



' Escape any "/" characters with backslash escape character.

' All other characters that need to be escaped will be escaped.

strUserDN = Replace(strUserDN, "/", "\/")

' Bind to the user object in Active Directory with the LDAP provider.
Set objUser = GetObject("LDAP://"; & strUserDN)



' Delete the user object.

objUser.DeleteObject (0)


--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


.

Relevant Pages

  • Re: Dynamically Moving Computer Objects
    ... Is there a way that I can move them at login, where the script would ... Bind to the computer object. ... In a logon script, the ADSystemInfo ...
    (microsoft.public.windows.server.scripting)
  • Re: error checking
    ... Using "On Error Resume Next" throughout a script masks all errors, ... each computer (no need to repeat the bind operation). ... ' Add the domain user to the local group. ... If the user object does not ...
    (microsoft.public.windows.server.scripting)
  • Re: Moving user to another container
    ... The main thing is you need to bind to the user object, objUser. ... I guess I do need your script because I still want to use the csv file. ... ' Use the Set method to specify the RPC 1779 format of the domain name. ...
    (microsoft.public.windows.server.active_directory)
  • Re: /var/named Changes Ownership to Root on Boot
    ... I find that bind isn't running. ... hard-coded a 4-line script that just starts bind no matter what. ... after a reboot so I am asking for an explanation of what I have ...
    (freebsd-questions)
  • man page syntax for +script
    ... The man pages for [bind] and [comm hook] both describe how you can either replace the current script or append to it, but they give slightly different syntaxes. ... I'd successfully appended scripts before, but yesterday I was trying to append a and getting the syntax wrong because of the man page. ...
    (comp.lang.tcl)