Re: modify AD computer script to run from locally authenticated account on server

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


The WinNTSystemInfo object returns the NT name (pre-Windows 2000 logon name)
of the user, not the Distinguished Name (DN). This makes sense, but does not
help you, you need the DN. I've heard that a server bind is sometimes
necessary, the only drawback is that you need to specify a server. The
following might help:

' Add the following.
Const ADS_SERVER_BIND = &H200

' Then use:
strServer = "MyServer"
Set objNewOU = objNS.OpenDSObject("LDAP://"; & strServer & "/" & strOU,
strUser, strPassword, _
    ADS_SECURE_AUTHENTICATION Or ADS_SERVER_BIND)

--
Richard Mueller
MVP Directory Services
Hilltop Lab -http://www.rlmueller.net
--

Richard,

I am still stuck. I switched back to the "ADSystemInfo" but I assume
I will need to pass credentials to run ADSystemInfo from AD? Here is
the code as it stands.


------begin paste ---------

Const ADS_SERVER_BIND = &H200
Const ADS_SECURE_AUTHENTICATION = &H1

' DC to bind to
strServer = "domaincontroller"

' Specify username to connect.
strUser = "domain\account"

' Specify password.
strPassword = "password"

' Specify DN of new OU container.
strOU = "OU=New Container,DC=sub,DC=root,DC=local"

' Retrieve DN of local computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strComputerDN = objSysInfo.ComputerName

' Bind to new OU object in AD with alternate credentials.
Set objNS = GetObject("LDAP:")
Set objNewOU = objNS.OpenDSObject("LDAP://"; & strServer & "/" & strOU,
strUser, strPassword, _
ADS_SECURE_AUTHENTICATION Or ADS_SERVER_BIND)

' Move the computer object in AD.
objNewOU.MoveHere "LDAP://"; & strComputerDN, vbNullString

--------end paste----------


The error I get is:

Line: 18
Char: 1
Error: Logon failure: account currently disabled
Code: 80070533
Source: Null


Frustrating.

.

Relevant Pages

  • Re: >27x132?
    ... ISPF switches dynamically to the 60x160 size (you have to specify max on option 0). ... So your apar isn't really buying you anything that I can see, except maybe during logon. ... I think your logmode specifies an alternate screensize and so you are running into the problem that you describe. ...
    (bit.listserv.ibm-main)
  • Re: Login / Password / Domain (?) Problem on XP Pro Install
    ... to the boot menu, it merely prompts me for the boot device, ... >> which rejects your logon. ... >> specify anything about user accounts. ... >> the recovery console as an administrator with a null password, ...
    (microsoft.public.windowsxp.setup_deployment)
  • RE: SBS2003 Security Certificate / RWW Client connection / Connection Manager
    ... logon screen, I am trying to logon to the domain account ... >2) When you connect to the client machine, ... And does that window specify that you are ... >Small Business Server ...
    (microsoft.public.windows.server.sbs)
  • Re: modify AD computer script to run from locally authenticated account on server
    ... then add the server bind code further down. ... ' Specify NetBIOS name of domain. ... strPassword = "123456" ... ' Use the Set method to specify the NT format of the name. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to restrict a domain user to logon on multiple machines at the same time
    ... You can either use cconnect.exe from the Resource Kit or you can specify ... which machines the user can logon to, you find this setting in the user's ...
    (microsoft.public.win2000.group_policy)