Re: Access Denied

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 13 Mar 2008 16:26:56 -0500

---

Are you sure the current logged on user is an ADAM admin and has permissions
to do such operations?

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CA56E663-51AF-45B3-B598-36C3AE3F9466@xxxxxxxxxxxxxxxx

Can anyone tell me why I get an access denied error using this code? I am
wanting to be able t dynamically add and remove users from a group using a
login script. The code below is supposed to remove a user, but I get an
access denied message.

The object and group get successfully set with the code, but
objGroup.Remove
objUser.AdsPath fails.

Dim objADAM ' Binding object.
Dim objGroup ' Group object.
Dim objUser ' User object.
Dim strGroup ' Group.
Dim strPath ' Binding path.
Dim strOU ' Organizational unit.
Dim strUser ' User.

' Construct the binding string.
strPath = "Some path here"

WScript.Echo "Bind to: " & strPath

' Specify User.
strUser = "CN..."

' Specify Group.
strGroup = "CN..."

WScript.Echo "Remove: " & strUser
WScript.Echo " from"
WScript.Echo " " & strGroup



' Bind to root.
Set objADAM = GetObject(strPath)

' Output error if bind fails.
If Err.Number <> vbEmpty Then
WScript.Echo "Error: Bind failed."
WScript.Quit
End If

' Remove User from Group.
Set objGroup = objADAM.GetObject("group", strGroup)
Set objUser = objADAM.GetObject("user", strUser)
objGroup.Remove objUser.AdsPath

' Output success or error.
If Err.Number <> vbEmpty Then
WScript.Echo "Error: Remove failed."
WScript.Echo Err.Description
Else
WScript.Echo "Success: User removed from group."
End If

.

---

• Follow-Ups:
  • Re: Access Denied
    • From: John

• References:
  • Access Denied
    • From: John

• Prev by Date: Re: Unknown LDAP query
• Next by Date: Re: salutation
• Previous by thread: Access Denied
• Next by thread: Re: Access Denied
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: User account querry ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... every user object and their security descriptor, ... Dim strDN, objACE, blnSelf, blnEveryone ... (microsoft.public.windows.server.active_directory) Re: LDAP problem ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Dim oSearchResult As System.DirectoryServices.SearchResult ... if bindUser was 1 the user login and password were ok, ... (microsoft.public.dotnet.security) Re: Some or all identity references could not be translated. ... Don't use an NTAccount for the IdentityReference. ... SecurityIdentifier type and build that based on reading the objectSid ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Dim dInfo As New DirectoryInfo ... (microsoft.public.dotnet.framework.aspnet.security) Re: Some or all identity references could not be translated. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Dim user As New UserPrincipal ... There is no such object on the server. ... strSamAccountName, String strPassword, String strOU, String ... (microsoft.public.dotnet.framework.aspnet.security) Re: Changing ADAM user password ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Running the bind from another W2K3SP1 machine ... support in digest or something like that. ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2008-03