Re: Persmission Denied
- From: outzen@xxxxxxxxxxxxx (Jakob Outzen)
- Date: Sat, 07 May 2005 10:23:21 GMT
Im afraid thats not it! Have not enabled anonymous access (using
integrated).
Have done some testing - have succesfully been able to run a wscript
through asp (see below), disabling a user account in AD, however this
has only been possible running the asp page directly on my test IIS
(IIS 6.0 w2k3 member srv).
When I try to run from a client (standard XP) I get "HTTP 500 -
Internal Server Error". Think Im still being denied access?
>Jakob Outzen wrote:
>> Need to be able to perform user administration on Active Directory
>> objects using a web interface. Have made a .vbs script which is
>> working when executed directly on DC, however when embedding it in an
>> asp application (vb script), I keep getting persmission denied.
>> Running asp on an IIS 6.0 member server in a w2k3 environment.
>> Have read that this problem has to do with that its the IIS
>> application being validated when trying to access the AD!
>>
>> Is it possible to supply the proper credentials via the script, or
>> can I grant the IIS application on the member server the proper
>> permission in AD (its an intranet server with trusted users) .
>> Any help much appreciated!
>is your IIS virtual dir set up to use anonymous access? if so, you may
>want to set it to use integrated windows auth or some other auth for
>that site.
<%
Dim strStatus, strDomain, strBrugerOU, strBrugernavn, strFornavn,
strTestUser, strAfd_Elever
Dim strAfdeling, strAdgangskode, strEfternavn, strKlasse, objTrans,
strUserDN, objUser
Dim strStandardKode, strGruppeOU
Const ADS_PROPERTY_UPDATE = 2
Const ADS_UF_ACCOUNTDISABLE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
strStatus = "OK"
strDomain = "dc=domain,dc=dk"
strBrugerOU = "ou=Elever"
strGruppeOU = "cn=Elever,ou=Users"
strBrugernavn = "testuser"
If (strStatus = "OK") Then
strUserShort = strBrugernavn
strBrugernavn = "RKRNET\" + strBrugernavn
strUserExist = False
' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")
' Initialize NameTranslate by locating the Global Catalog.
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Use the Set method to specify the NT format of the object name.
objTrans.Set ADS_NAME_TYPE_NT4, strBrugernavn
' Use the Get method to retrieve the RPC 1779 Distinguished Name.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
%>
var js_bnavn = '<%=strUserDN%>';
<%
If Err Then AdsiErr()
' Bind to the user object in Active Directory with the LDAP provider.
Set objUser = GetObject("LDAP://"; & strUserDN)
'If (objUser) Then
'strUserExist = True
'End If
objUser.Put "userAccountControl", 514
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC OR
ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
Set objUser = Nothing
Else
%>
var js_confirm = '<%=strUserExist%> User was not founrd!';
<%
End If
Sub AdsiErr()
'******** not used ********'
WScript.Quit(1)
End Sub
%>
regards
Jakob Outzen
jo@xxxxxxxxxxxxxxxxx (remove "cutitout" to reply)
.
- References:
- Persmission Denied
- From: Jakob Outzen
- Re: Persmission Denied
- From: Frank A
- Persmission Denied
- Prev by Date: Re: Homedrive field in Active Directory
- Next by Date: wscript.timeout ?
- Previous by thread: Re: Persmission Denied
- Next by thread: Re: Persmission Denied
- Index(es):
Relevant Pages
|
