Namespace Binding

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
BrettBaumer@sbcglobal.net
Posts: 12
Joined: Thu Oct 26, 2006 3:03 am

Namespace Binding

Post by BrettBaumer@sbcglobal.net » Mon May 21, 2007 5:23 am

What is a quick and easy way to verify that my namespace bind is successful?

I have an existing script which enumerates users in domain X. It works like a champ. I've modified the DN to connect to domain Y and do the same job. Now, it exits without any output. The script looks fine, and the OU structure is the same. So I'm not sure why it's not working. Here is the line I've modified:

objCommand.CommandText = _ "SELECT sAMAccountName FROM 'LDAP://ou=Users,ou=LS,dc=originaldomain,dc=com' WHERE objectCategory='user'"

objCommand.CommandText = _ "SELECT sAMAccountName FROM 'LDAP://ou=Users,ou=LS,dc=newdomain,dc=net' WHERE objectCategory='user'"

User avatar
BrettBaumer@sbcglobal.net
Posts: 12
Joined: Thu Oct 26, 2006 3:03 am

Namespace Binding

Post by BrettBaumer@sbcglobal.net » Mon May 21, 2007 5:23 am

What is a quick and easy way to verify that my namespace bind is successful?

I have an existing script which enumerates users in domain X. It works like a champ. I've modified the DN to connect to domain Y and do the same job. Now, it exits without any output. The script looks fine, and the OU structure is the same. So I'm not sure why it's not working. Here is the line I've modified:

objCommand.CommandText = _ "SELECT sAMAccountName FROM 'LDAP://ou=Users,ou=LS,dc=originaldomain,dc=com' WHERE objectCategory='user'"

objCommand.CommandText = _ "SELECT sAMAccountName FROM 'LDAP://ou=Users,ou=LS,dc=newdomain,dc=net' WHERE objectCategory='user'"

User avatar
jvierra
Posts: 12950
Joined: Tue May 22, 2007 9:57 am
Contact:

Namespace Binding

Post by jvierra » Mon May 21, 2007 7:19 am

Comment out your "On Error Resume Next" to see the errors.



User avatar
jvierra
Posts: 12950
Joined: Tue May 22, 2007 9:57 am
Contact:

Namespace Binding

Post by jvierra » Mon May 21, 2007 8:10 am

Can you connect to LDAP using the string LDAP://dcname

This is a simple default authentication test.

If this works then it's probably an error in teh script. If not it can be caused many many things.

To be sure your syntax is correct use a dc in teh local domain. This will also check teh LDAP provider to some extent. WHen it is connecting - that is vouget not error - then substitute teh dc in the remote domain.

Just use a file with a single line

Set ldap = GetObject(LDAP://dcname)

Remember - first connect to a dc in teh local domain then to one in the remote domain.
jvierra2007-05-21 15:11:43

User avatar
jvierra
Posts: 12950
Joined: Tue May 22, 2007 9:57 am
Contact:

Namespace Binding

Post by jvierra » Mon May 21, 2007 9:05 am

You request looks like this.
ou=Users,ou=LS,dc=NEWDOMAIN,dc=NET

First try this single line file likes this:

Set ldap = GetObject("LDAP://dc=dcname,dc=NEWDOMAIN,dc=net")

If this fails try to ping dcname.newdomain.net. This should eliminate DNS failure which is a normal issue in this case.

The domain name is newdomain.net (dc=newdomain,dc=net)
The outer OU looks like this: LS
The innser OU looks like this: Users.

WIth ADUC verify that ther is an OU named LS with a sub OU named Users and verify that you have privfeleges to view it's objects.


User avatar
BrettBaumer@sbcglobal.net
Posts: 12
Joined: Thu Oct 26, 2006 3:03 am

Namespace Binding

Post by BrettBaumer@sbcglobal.net » Tue May 22, 2007 4:24 am

Here is the script I'm using:

On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")Set objCommand = CreateObject("ADODB.Command")objConnection.Provider = "ADsDSOObject"objConnection.Open "Active Directory Provider"Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 500objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Sort On") = "sAMAccountName"

'Get users.objCommand.CommandText = _ "SELECT sAMAccountName FROM 'LDAP://ou=Users,ou=LS,dc=OriginalDomain,dc=com' WHERE objectCategory='user'" Set objRecordSet = objCommand.Execute

Dim arUserID()i = 0

'Put users in array.objRecordSet.MoveFirstDo Until objRecordSet.EOF WScript.Echo objRecordSet.Fields("sAMAccountName").Value ReDim arUserID(i) arUserID(i) = objRecordSet.Fields("sAMAccountName").Value objRecordSet.MoveNext i = i+1Loop

WScript.Echo "There are " & (UBound(arUserID)+1) & " records."

This is the original script. The OU structure is exactly the same as the new domain. It recursively pulls all user objects from all the OUs under the Users OU. It works like a champ. The only modification I've made was to change the dc as we've previsouly discussed. It does not work for the new domain - which led me to my original post.

I'm running this script with an OriginalDomain account from within the OriginalDomain. This works for the OriginalDomain, but not the NewDomain. I do have rights to view and modify accounts in the NewDomain.

Locked