Re: Error using LDAP query
- From: "Richard Mueller [MVP]" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 18 Jul 2005 17:24:19 -0500
Hi,
The script Marty posted should be good for troubleshooting, but I think he
wants to use "On Error Resume Next" instead of "On Error GoTo 0". "On Error
Resume Next" makes the script ignore errors, which is not good practice, but
will help troubleshoot in this case, after which it should be removed. The
Echo statements will help us determine what is going on. Or, you can run the
script with "On Error GoTo 0" and tell us which line raises the error.
Also, you may still be getting errors with the Join function if memberOf is
not an array (because it has only one or no groups in the collection). I've
never seen a case where the ADSystemInfo object is not available on clients
with W2k or above.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--
"Marty List" <usenet@xxxxxxxxxxxx> wrote in message
news:O7LAKw5iFHA.3296@xxxxxxxxxxxxxxxxxxxxxxx
>
> From what I've read we still haven't identified exactly which line is
> failing. I know you said this line is failing:
> Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
>
> But it could be because the line before it (Set oADSysInfo =
> CreateObject("ADSystemInfo")) failed to set oADSysInfo to a valid object.
>
> For troubleshooting, try running this simple script as a user (non-Domain
> Admin) and post the output.
>
>
> On Error GoTo 0
> Set oADSysInfo = CreateObject("ADSystemInfo")
> WScript.Echo oADSysInfo.UserName
> Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
> WScript.Echo oUser.distinguishedName
> Set oUser = Nothing
> ' For troubleshooting, try again with the domain specified:
> Set oUser = GetObject("LDAP://"; & oADSysInfo.DomainDNSName & _
> "/" & oADSysInfo.UserName)
> WScript.Echo oUser.distinguishedName
>
>
>
>
> "David" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:C8374F35-3C1E-4744-91F7-422361D8AAFD@xxxxxxxxxxxxxxxx
> > Richard--
> >
> > Thanks again for the reply. Absolutely my users are logging into their
> > workstations as domain users, no local login. I have tried three
different
> > users, on three seperate workstations and get the same error. The
> > difference
> > I can find, again, is that I am domain administrator, which I don't see
> > why
> > this would be relevant for scripting. I created a script, just so you
> > know,
> > that was simple "IF Then Else" statements checking for group membership,
> > and
> > it worked great. When I went to this method however, is when I started
> > running into issues. I have another Network Administrator that i work
with
> > at
> > another site, set him up to use the script I am having trouble with now,
> > and
> > works great for him, catch is again, that he is a domain admin. I am at
my
> > wits end with this, I just don't understand why it is returning a null
> > value.
> >
> > I found this earlier looking through some of the archived posts, please
> > review below:
> >
> > First guess is a non-string varible. Maybe try:
> >>
> >> Response.Write CurrentUser.MemberOf
> >>
> >> to see what the value actually is. And if it's 0 groups you may be
> >> returning a NULL.
> >>
> >> You might fix it with:
> >>
> >> GroupList = "" & CurrentUser.MemberOf
> >> strGroups = LCase(Join(GroupList))
> >>
> >> The empty pair of quotes added to the front results in a string to
> >> process.
> >>
> >> Jeff
> >
> >
> >
> > The user in this case was having similiar issues, however, he was
getting
> > errors when the user was a member of 0 groups or >1. Don't know if this
> > helps
> > any, but thought I would point out, I think y ou even replied to this
one.
> >
> > Thanks
> >
> >
> > "Richard Mueller [MVP]" wrote:
> >
> >> Hi,
> >>
> >> If your clients are XP, they have the ADSystemInfo object, so don't
worry
> >> about that. Most likely all of your users have "Domain Users" as their
> >> primary and this group will not be included in memberOf. If a user is a
> >> member of at least 2 other groups, the Join will work. You get the
error
> >> on
> >> "Set oUser". Your script runs without error for me when I am logged
into
> >> a
> >> domain. But, I repeated this while logged in locally and got an error
on
> >> the
> >> same line. At a command prompt the error was "No mapping between
account
> >> names and security IDs was done" (no source). Could your users be
logged
> >> in
> >> locally rather than into the domain? Finally, does it matter which
> >> machine
> >> the user logs into? For testing, you don't need to run this as a logon
> >> script, since I believe it should behave the same if you just run it at
a
> >> command prompt.
> >>
> >> --
> >> Richard
> >> Microsoft MVP Scripting and ADSI
> >> Hilltop Lab web site - http://www.rlmueller.net
> >> --
> >> "David" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:C6AF3E19-06BD-4595-A423-E50C3D139EE6@xxxxxxxxxxxxxxxx
> >> > Thank you for your reply. I have tested on three users, all being a
> >> > member
> >> of
> >> > no less than two groups and recieved the error. However, let me make
> >> > sure
> >> I
> >> > understand you correctly. One of the users I tested on, was a member
of
> >> > a
> >> > created group we will call "test group", and also a member of "Domain
> >> Users"
> >> > that is relevant to the script. So I am assuming you are referring to
> >> > the
> >> > "domain user" group as being the primary. However, in another
instance,
> >> > I
> >> > tested on one of my users who is a member of two created groups other
> >> > than
> >> > "Domain Users". So I dont think this could be the issue.
> >> >
> >> > All my clients are Windows XP Pro SP1 or 2. I am not sure what you
are
> >> > referring to as registering ADSystemInfo, is there a certain .dll
file
> >> > you
> >> > are referring to. And if this is the case, it seems odd that all
> >> > machines
> >> I
> >> > have tested or users for that matter did not have this file
registered,
> >> which
> >> > would really create an issue for me and any other admin in the world
> >> wanting
> >> > to use scripts of this magnitude.
> >> >
> >> > Thank you again.
> >> >
> >> > "Richard Mueller [MVP]" wrote:
> >> >
> >> > > Hi,
> >> > >
> >> > > The script you posted requires Windows 2000 or above. Any clients
> >> > > with
> >> Win9x
> >> > > or NT will not have have the ADSystemInfo object. My guess is that
> >> > > the
> >> error
> >> > > is raised because ADSystemInfo is not registered on the machine.
> >> > >
> >> > > Also, the script will raise an error if the user has only one or no
> >> entries
> >> > > in the memberOf collection. The memberOf collection does not
include
> >> > > the
> >> > > "primary" group of the user. If memberOf has one group, it will be
> >> > > data
> >> type
> >> > > "String". If it has no group memberships it will be Empty. Only if
> >> > > there
> >> are
> >> > > at lease two groups will it be "Variant()" (an array) that the Join
> >> function
> >> > > can handle without error. I have used code similar to:
> >> > >
> >> > > arrstrGroups = oUser.memberOf
> >> > > If IsEmpty(arrstrGroups) Then
> >> > > sGroups = ""
> >> > > ElseIf (TypeName(arrstrGroups) = "String") Then
> >> > > sGroups = LCase(arrstrGroups)
> >> > > Else
> >> > > sGroups = LCases(Join(arrstrGroups))
> >> > > End If
> >> > >
> >> > > For example logon scripts, including some that work on Win9x and NT
> >> clients,
> >> > > see this link:
> >> > >
> >> > > http://www.rlmueller.net/freecode2.htm
> >> > >
> >> > > Basically, on older clients you must retrieve the UserName from the
> >> > > WshNetwork object, then use the NameTranslate object to convert
this
> >> > > to
> >> the
> >> > > Distinguished Name of the user. The NameTranslate object is
available
> >> > > on
> >> any
> >> > > client with DSClient installed, or W2k and above. I hope this
helps.
> >> > >
> >> > > --
> >> > > Richard
> >> > > Microsoft MVP Scripting and ADSI
> >> > > Hilltop Lab web site - http://www.rlmueller.net
> >> > > --
> >> > > "David" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> > > news:9935D23A-48C8-4FAA-9D1B-EE069878C901@xxxxxxxxxxxxxxxx
> >> > > > I looked up the error codes and could not really find anything.
> >> > > > error
> >> > > codes
> >> > > > as follows
> >> > > >
> >> > > > 0x80005000
> >> > > > source: (null)
> >> > > >
> >> > > > Thanks
> >> > > >
> >> > > > "Marty List" wrote:
> >> > > >
> >> > > > >
> >> > > > > You said this line "fails with numbers":
> >> > > > > Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
> >> > > > >
> >> > > > > Those numbers are probably error codes, and they might help you
> >> > > > > (an
> >> > > others
> >> > > > > here) troubleshoot this. If that line is failing, it probably
> >> > > > > means
> >> the
> >> > > > > line before it (Set oADSysInfo = CreateObject("ADSystemInfo"))
> >> > > > > has
> >> > > failed
> >> > > > > and now oADSysInfo is null and can't be used in the next line.
> >> > > > >
> >> > > > >
> >> > > > > "David" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> > > > > news:3173A0F9-7293-4ECF-B085-6BEECE739406@xxxxxxxxxxxxxxxx
> >> > > > > > The user is a local admin of the machine. I have researched
> >> > > > > > this
> >> > > script
> >> > > > > > thoroughly, and the lines of code I included in the post are
> >> correct.
> >> > > To
> >> > > > > > anwser your question, the users does have full control of
that
> >> > > > > > dll
> >> > > file.
> >> > > > > >
> >> > > > > > Thanks for the reply, any other suggestions.
> >> > > > > >
> >> > > > > > "Marty List" wrote:
> >> > > > > >
> >> > > > > >>
> >> > > > > >> This script runs on Windows XP SP1 with a domain account
that
> >> > > > > >> is
> >> not
> >> > > a
> >> > > > > >> member of Domain Admins or the local Administrators:
> >> > > > > >>
> >> > > > > >> On Error GoTo 0
> >> > > > > >> Set oADSysInfo = CreateObject("ADSystemInfo")
> >> > > > > >> WScript.Echo oADSysInfo.UserName
> >> > > > > >> Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
> >> > > > > >> WScript.Echo oUser.distinguishedName
> >> > > > > >> Set oUser = Nothing
> >> > > > > >> ' For troubleshooting, try again with the domain specified:
> >> > > > > >> Set oUser = GetObject("LDAP://"; & oADSysInfo.DomainDNSName &
_
> >> > > > > >> "/" & oADSysInfo.UserName)
> >> > > > > >> WScript.Echo oUser.distinguishedName
> >> > > > > >>
> >> > > > > >>
> >> > > > > >> Make sure the users have read access to this file:
> >> > > > > >> %SystemRoot%\system32\Activeds.dll
> >> > > > > >>
> >> > > > > >>
> >> > > > > >>
> >> > > > > >> "David" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> > > > > >> news:AF09C4C5-86ED-4C90-A5AA-A9D8750162C0@xxxxxxxxxxxxxxxx
> >> > > > > >> > I have currently wrote a logon script for my domain user
> >> accounts.
> >> > > The
> >> > > > > >> script
> >> > > > > >> > basically query's AD for group membership and then maps
> >> > > > > >> > drives
> >> > > > > >> accordingly. I
> >> > > > > >> > tested the script on myself and all was fine. I tested on
a
> >> couple
> >> > > of
> >> > > > > >> users
> >> > > > > >> > and I get errors, nothing works. I get an error with
nubmers
> >> and
> >> > > > > >> > "source:null" on the same line every time:
> >> > > > > >> >
> >> > > > > >> > Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
> >> > > > > >> >
> >> > > > > >> > The script basically is general and includes this:
> >> > > > > >> >
> >> > > > > >> > Dim oNetwork
> >> > > > > >> > Dim oADSysinfo
> >> > > > > >> > Dim oUser
> >> > > > > >> > Dim sGroups
> >> > > > > >> >
> >> > > > > >> > 'Defining values and querying AD for user information
> >> > > > > >> >
> >> > > > > >> > Set oNetwork = CreateObject("WScript.Network")
> >> > > > > >> > Set oADSysInfo = CreateObject("ADSystemInfo")
> >> > > > > >> > Set oUser = GetObject("LDAP://"; & oADSysInfo.UserName)
> >> > > > > >> > sGroups = LCase(Join(oUser.MemberOf))
> >> > > > > >> >
> >> > > > > >> > 'Checking group membership and mapping appropriate drive
> >> > > > > >> >
> >> > > > > >> > 'Mapping the H: drive for users per group membership
> >> > > > > >> >
> >> > > > > >> > If Instr(sGroups, G_MEM) Then
> >> > > > > >> > oNetwork.MapNetworkDrive "H:", "\\server\share
> >> > > > > >> > End If
> >> > > > > >> >
> >> > > > > >> > More to this script, but this is the most relavent part.
Can
> >> anyone
> >> > > > > >> > help
> >> > > > > >> > please. The only thing different is that I am a domain
> >> > > > > >> > admin,
> >> but
> >> > > of
> >> > > > > >> course
> >> > > > > >> > everyone cannot be a domain admin.
> >> > > > > >> >
> >> > > > > >> > Thanks
> >> > > > > >> >
> >> > > > > >> >
> >> > > > > >> >
> >> > > > > >>
> >> > > > > >>
> >> > > > > >>
> >> > > > >
> >> > > > >
> >> > > > >
> >> > >
> >> > >
> >> > >
> >>
> >>
> >>
>
>
.
- Follow-Ups:
- Re: Error using LDAP query
- From: Marty List
- Re: Error using LDAP query
- References:
- Error using LDAP query
- From: David
- Re: Error using LDAP query
- From: Marty List
- Re: Error using LDAP query
- From: David
- Re: Error using LDAP query
- From: Marty List
- Re: Error using LDAP query
- From: David
- Re: Error using LDAP query
- From: Richard Mueller [MVP]
- Re: Error using LDAP query
- From: David
- Re: Error using LDAP query
- From: Richard Mueller [MVP]
- Re: Error using LDAP query
- From: David
- Re: Error using LDAP query
- From: Marty List
- Error using LDAP query
- Prev by Date: Send an e-mail using a script
- Next by Date: Login script based on group membership
- Previous by thread: Re: Error using LDAP query
- Next by thread: Re: Error using LDAP query
- Index(es):
Relevant Pages
|
