Re: Error using LDAP query

Hi,

If your clients are XP, they have the ADSystemInfo object, so don't worry
about that. Most likely all of your users have "Domain Users" as their
primary and this group will not be included in memberOf. If a user is a
member of at least 2 other groups, the Join will work. You get the error on
"Set oUser". Your script runs without error for me when I am logged into a
domain. But, I repeated this while logged in locally and got an error on the
same line. At a command prompt the error was "No mapping between account
names and security IDs was done" (no source). Could your users be logged in
locally rather than into the domain? Finally, does it matter which machine
the user logs into? For testing, you don't need to run this as a logon
script, since I believe it should behave the same if you just run it at a
command prompt.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--
"David" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C6AF3E19-06BD-4595-A423-E50C3D139EE6@xxxxxxxxxxxxxxxx
> Thank you for your reply. I have tested on three users, all being a member
of
> no less than two groups and recieved the error. However, let me make sure
I
> understand you correctly. One of the users I tested on, was a member of a
> created group we will call "test group", and also a member of "Domain
Users"
> that is relevant to the script. So I am assuming you are referring to the
> "domain user" group as being the primary. However, in another instance, I
> tested on one of my users who is a member of two created groups other than
> "Domain Users". So I dont think this could be the issue.
>
> All my clients are Windows XP Pro SP1 or 2. I am not sure what you are
> referring to as registering ADSystemInfo, is there a certain .dll file you
> are referring to. And if this is the case, it seems odd that all machines
I
> have tested or users for that matter did not have this file registered,
which
> would really create an issue for me and any other admin in the world
wanting
> to use scripts of this magnitude.
>
> Thank you again.
>
> "Richard Mueller [MVP]" wrote:
>
> > Hi,
> >
> > The script you posted requires Windows 2000 or above. Any clients with
Win9x
> > or NT will not have have the ADSystemInfo object. My guess is that the
error
> > is raised because ADSystemInfo is not registered on the machine.
> >
> > Also, the script will raise an error if the user has only one or no
entries
> > in the memberOf collection. The memberOf collection does not include the
> > "primary" group of the user. If memberOf has one group, it will be data
type
> > "String". If it has no group memberships it will be Empty. Only if there
are
> > at lease two groups will it be "Variant()" (an array) that the Join
function
> > can handle without error. I have used code similar to:
> >
> > arrstrGroups = oUser.memberOf
> > If IsEmpty(arrstrGroups) Then
> > sGroups = ""
> > ElseIf (TypeName(arrstrGroups) = "String") Then
> > sGroups = LCase(arrstrGroups)
> > Else
> > sGroups = LCases(Join(arrstrGroups))
> > End If
> >
> > For example logon scripts, including some that work on Win9x and NT
clients,
> > see this link:
> >
> > http://www.rlmueller.net/freecode2.htm
> >
> > Basically, on older clients you must retrieve the UserName from the
> > WshNetwork object, then use the NameTranslate object to convert this to
the
> > Distinguished Name of the user. The NameTranslate object is available on
any
> > client with DSClient installed, or W2k and above. I hope this helps.
> >
> > --
> > Richard
> > Microsoft MVP Scripting and ADSI
> > Hilltop Lab web site - http://www.rlmueller.net
> > --
> > "David" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:9935D23A-48C8-4FAA-9D1B-EE069878C901@xxxxxxxxxxxxxxxx
> > > I looked up the error codes and could not really find anything. error
> > codes
> > > as follows
> > >
> > > 0x80005000
> > > source: (null)
> > >
> > > Thanks
> > >
> > > "Marty List" wrote:
> > >
> > > >
> > > > You said this line "fails with numbers":
> > > > Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
> > > >
> > > > Those numbers are probably error codes, and they might help you (an
> > others
> > > > here) troubleshoot this. If that line is failing, it probably means
the
> > > > line before it (Set oADSysInfo = CreateObject("ADSystemInfo")) has
> > failed
> > > > and now oADSysInfo is null and can't be used in the next line.
> > > >
> > > >
> > > > "David" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > news:3173A0F9-7293-4ECF-B085-6BEECE739406@xxxxxxxxxxxxxxxx
> > > > > The user is a local admin of the machine. I have researched this
> > script
> > > > > thoroughly, and the lines of code I included in the post are
correct.
> > To
> > > > > anwser your question, the users does have full control of that dll
> > file.
> > > > >
> > > > > Thanks for the reply, any other suggestions.
> > > > >
> > > > > "Marty List" wrote:
> > > > >
> > > > >>
> > > > >> This script runs on Windows XP SP1 with a domain account that is
not
> > a
> > > > >> member of Domain Admins or the local Administrators:
> > > > >>
> > > > >> On Error GoTo 0
> > > > >> Set oADSysInfo = CreateObject("ADSystemInfo")
> > > > >> WScript.Echo oADSysInfo.UserName
> > > > >> Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
> > > > >> WScript.Echo oUser.distinguishedName
> > > > >> Set oUser = Nothing
> > > > >> ' For troubleshooting, try again with the domain specified:
> > > > >> Set oUser = GetObject("LDAP://"; & oADSysInfo.DomainDNSName & _
> > > > >> "/" & oADSysInfo.UserName)
> > > > >> WScript.Echo oUser.distinguishedName
> > > > >>
> > > > >>
> > > > >> Make sure the users have read access to this file:
> > > > >> %SystemRoot%\system32\Activeds.dll
> > > > >>
> > > > >>
> > > > >>
> > > > >> "David" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > >> news:AF09C4C5-86ED-4C90-A5AA-A9D8750162C0@xxxxxxxxxxxxxxxx
> > > > >> > I have currently wrote a logon script for my domain user
accounts.
> > The
> > > > >> script
> > > > >> > basically query's AD for group membership and then maps drives
> > > > >> accordingly. I
> > > > >> > tested the script on myself and all was fine. I tested on a
couple
> > of
> > > > >> users
> > > > >> > and I get errors, nothing works. I get an error with nubmers
and
> > > > >> > "source:null" on the same line every time:
> > > > >> >
> > > > >> > Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
> > > > >> >
> > > > >> > The script basically is general and includes this:
> > > > >> >
> > > > >> > Dim oNetwork
> > > > >> > Dim oADSysinfo
> > > > >> > Dim oUser
> > > > >> > Dim sGroups
> > > > >> >
> > > > >> > 'Defining values and querying AD for user information
> > > > >> >
> > > > >> > Set oNetwork = CreateObject("WScript.Network")
> > > > >> > Set oADSysInfo = CreateObject("ADSystemInfo")
> > > > >> > Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
> > > > >> > sGroups = LCase(Join(oUser.MemberOf))
> > > > >> >
> > > > >> > 'Checking group membership and mapping appropriate drive
> > > > >> >
> > > > >> > 'Mapping the H: drive for users per group membership
> > > > >> >
> > > > >> > If Instr(sGroups, G_MEM) Then
> > > > >> > oNetwork.MapNetworkDrive "H:", "\\server\share
> > > > >> > End If
> > > > >> >
> > > > >> > More to this script, but this is the most relavent part. Can
anyone
> > > > >> > help
> > > > >> > please. The only thing different is that I am a domain admin,
but
> > of
> > > > >> course
> > > > >> > everyone cannot be a domain admin.
> > > > >> >
> > > > >> > Thanks
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >>
> > > > >>
> > > > >>
> > > >
> > > >
> > > >
> >
> >
> >


.

Relevant Pages

  • Re: login problem
    ... One group other than "Domain Users" is not enough to prevent the error. ... the direct member of at least two groups, ... Often a script is flawed and no one even knows for a long time. ... For Each strGroup in objUser.MemberOf ...
    (microsoft.public.scripting.vbscript)
  • Re: AD users and groups
    ... What we are talking about here is dynamical groups such Domain Users. ... it will be re-added again by the script. ... > this special group, however, eventually many users are removed from this ... this means make the domain users group an member of your ...
    (microsoft.public.win2000.active_directory)
  • Re: Error using LDAP query
    ... I have tested on three users, all being a member of ... All my clients are Windows XP Pro SP1 or 2. ... > The script you posted requires Windows 2000 or above. ... The NameTranslate object is available on any ...
    (microsoft.public.windows.server.scripting)
  • Re: Add Domain Users group to local Power Users group
    ... for scripts that add domain users / groups to local groups but haven't ... variable inside the script so that the script works on all computers. ... You pass the AdsPath of the new member to the method. ... ' Bind to the local group with the WinNT provider. ...
    (microsoft.public.scripting.vbscript)
  • Re: Add Domain Users group to local Power Users group
    ... for scripts that add domain users / groups to local groups but haven't ... variable inside the script so that the script works on all computers. ... You pass the AdsPath of the new member to the method. ... ' Bind to the local group with the WinNT provider. ...
    (microsoft.public.scripting.vbscript)
Loading