Re: Can' get LDAP to work in WorkGrp
- From: "Jeffery Hicks [MVP]" <jhicks@xxxxxxxxxx>
- Date: Wed, 21 Nov 2007 15:46:07 -0500
That's the first thing I thought to. But I tried using ADO with alternate credentials and it from non-domain member as long as I specified a domain controller in the LDAP string. I was a little surprised it worked.
--
Jeffery Hicks
Microsoft PowerShell MVP
http://www.scriptinganswers.com
http://www.powershellcommunity.org
Now Available: WSH and VBScript Core: TFM
Coming Soon: Windows PowerShell: TFM 2nd Ed.
"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message news:%23p02V6HLIHA.4272@xxxxxxxxxxxxxxxxxxxxxxx
Alternate credentials with ADO requires that the client be joined to the domain. You might have better luck using the OpenDSObject method. See this link:
http://msdn2.microsoft.com/en-us/library/aa706065.aspx
You will need to specify a Domain Controller in the binding string. I have not tried this, so I can't say if it will work.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"Jeffery Hicks [MVP]" <jhicks@xxxxxxxxxx> wrote in message news:%23deaidHLIHA.536@xxxxxxxxxxxxxxxxxxxxxxxIt might work if you can specify a domain controller in your query:
"SELECT Name FROM 'LDAP://DC01/dc=testdomain,dc=local' WHERE objectCategory='user'"
--
Jeffery Hicks
Microsoft PowerShell MVP
http://www.scriptinganswers.com
http://www.powershellcommunity.org
Now Available: WSH and VBScript Core: TFM
Coming Soon: Windows PowerShell: TFM 2nd Ed.
"Tom" <private@xxxxxxxxxxx> wrote in message news:A52DC59E-F027-4CF4-B5C7-3D7186583CED@xxxxxxxxxxxxxxxxHi,
I have a similar problem. I too wish to query active directory and am using
similar code to Maverick to do so (the piece with the connection details is
actually identical and the only real difference is I am running a different
query).
The machine I am using is a member of the domain being queried. If I log on
as a user from that domain I can run the script and it works fine. However,
if I log on to the same machine but as a user from a different domain and run
the script I get the exact same error message as Maverick.
Although I specifiy an account in the domain in my script it is as if Active
Directory is still using the credentials with which I logged on to decide
whether or not I should be granted access to.
Has anyone got any ideas?
Tom
"Jeffery Hicks [MVP]" wrote:
I don't think you'll ever be able to get that to function in a workgroup.
The AD provider is looking for a domain controller but your workgroup
machine isn't configured to use one. You might be able to use a direct LDAP
connection to a specific domain controller, possibly passing alternate
credentials as well, but the script will look different than what you have
here.
--
Jeffery Hicks
Microsoft PowerShell MVP
http://www.scriptinganswers.com
http://www.powershellcommunity.org
Now Available: WSH and VBScript Core: TFM
Coming Soon: Windows PowerShell: TFM 2nd Ed.
"maverick" <maverick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:04BA0383-16E8-43ED-987E-4B5295D1C49C@xxxxxxxxxxxxxxxx
> Hi,
>
> I tried running the script appended below which runs fine on a > machine
> joined to a domain.
> How can i get this script to run from a machine which is not joined > to the
> domain(xyz.mc.uk)?
>
> I get the following error on the client which is not joined to the > domain?
>
> Windows Script Host
> ---------------------------
> Script: C:\Documents and Settings\Administrator\Desktop\Search.vbs
> Line: 21
> Char: 1
> Error: Table does not exist.
> Code: 80040E37
> Source: Provider
>
>
> Is there a way out to run this script from a machine which is not in > the
> domain?
>
>
>
> Script
>
> strUserName = "1234567"
> strLDAP = "<LDAP://dc=xyz,dc=mc,dc=ck>"
> dtStart = TimeValue(Now())
>
> Set objConnection = CreateObject("ADODB.Connection")
> Set objCommand = CreateObject("ADODB.Command")
> objConnection.Provider = "ADsDSOObject"
>
> objConnection.Properties("User ID") = "xyz.mc.ck\user"
> objConnection.Properties("Password") = "Pwd0334"
> objConnection.Properties("Encrypt Password") = TRUE
> objConnection.Properties("ADSI FLAG") = 1
>
> objConnection.Open "Active Directory Provider"
> set objCommand.ActiveConnection = objConnection
>
> objCommand.CommandText = _
> strLDAP & ";(&(objectCategory=User)" & _
> "(mobile=" & strUserName &
> "));distinguishedName,mobile,sAmAccountName,cn;subtree"
>
> Set objRecordSet = objCommand.Execute
>
> If objRecordset.RecordCount = 0 Then
> WScript.Echo "sAMAccountName: " & strUserName & " does not exist."
> Else
> WScript.Echo objRecordSet.fields("distinguishedName").value &" > exists."
> DNAME = objRecordSet.fields("distinguishedName").value
> set objUser = GetObject("LDAP://"; & DNAME )
> wscript.echo "itworked"
> objUser.Put "userPrincipalName", "mtself@xxxxxxxxx"
> objuser.setInfo
> End If
>
> objConnection.Close
>
>
.
- Follow-Ups:
- Re: Can' get LDAP to work in WorkGrp
- From: Richard Mueller [MVP]
- Re: Can' get LDAP to work in WorkGrp
- References:
- Can' get LDAP to work in WorkGrp
- From: maverick
- Re: Can' get LDAP to work in WorkGrp
- From: Jeffery Hicks [MVP]
- Re: Can' get LDAP to work in WorkGrp
- From: Tom
- Re: Can' get LDAP to work in WorkGrp
- From: Jeffery Hicks [MVP]
- Re: Can' get LDAP to work in WorkGrp
- From: Richard Mueller [MVP]
- Can' get LDAP to work in WorkGrp
- Prev by Date: Re: Can' get LDAP to work in WorkGrp
- Next by Date: Re: Can' get LDAP to work in WorkGrp
- Previous by thread: Re: Can' get LDAP to work in WorkGrp
- Next by thread: Re: Can' get LDAP to work in WorkGrp
- Index(es):
Relevant Pages
|
