|
|
I am trying to run the following script to force a password change at next
logon. I am running this on a Domain Member workstation while logged on as a
Domain Admin:
Set objUser = GetObject _
("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
objUser.Put "pwdLastSet", 0
objUser.SetInfo
The only line I changed is to account for my user and OU hierarchy:
("LDAP://CN=username,OU=Users and Workstations,OU=Devel and
QA,OU=Users,DC=COMPANYNAME,DC=local")
I recieve the following error:
Error: 0x80005000
Code: 80005000
Help.....
|
|
Micah wrote:
[Quoted Text] >I am trying to run the following script to force a password change at next
> logon. I am running this on a Domain Member workstation while logged on
> as a
> Domain Admin:
>
> Set objUser = GetObject _
> ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
>
> objUser.Put "pwdLastSet", 0
> objUser.SetInfo
>
> The only line I changed is to account for my user and OU hierarchy:
>
> ("LDAP://CN=username,OU=Users and Workstations,OU=Devel and
> QA,OU=Users,DC=COMPANYNAME,DC=local")
>
> I recieve the following error:
>
> Error: 0x80005000
> Code: 80005000
If the error was raised on the "Set objUser" statement, then the AdsPath is
wrong (the object with that Distinguished Name could not be found in AD). If
the error was raised on the "objUser.SetInfo" statement, then perhaps you
lack permission to assign a value to pwdLastSet.
Your example AdsPath describes an object with Common Name "Username" in an
OU called "OU=Users and Workstations". This OU is in the OU called "OU=Devel
and QA", which is in an OU called "OU=Users", which is in the domain with
DNS name "COMPANYNAME.Local". If "OU=Users" is really the standard
"cn=Users" container, that could be the cause of the error.
Another possibility is that the Relative Distinguished Name of one of the
components (the Common name of the user or the name of one of the OU's)
contains a character that must be escaped, such as a comma. For example, if
the Common Name of the user is "Smith, William", then the comma must be
escaped with the backslash, "\", escape character. For example:
"CN=Smith\, William,OU=users and Workstations,OU=Devel and
QA,OU=Users,DC=COMPANYNAME,DC=local"
Other characters that need to be escaped are "#", "\", and "/".
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
|
|
I see a couple of things I did wrong, I hade the OU liniage reversed. Once I
corrected this I recieved this error: THERE IS NO SUCH OBJECT ON THE SERVER
Also, my OU names have spaces, do these require exceptions?
"Richard Mueller [MVP]" wrote:
[Quoted Text] > Micah wrote: > > >I am trying to run the following script to force a password change at next > > logon. I am running this on a Domain Member workstation while logged on > > as a > > Domain Admin: > > > > Set objUser = GetObject _ > > ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") > > > > objUser.Put "pwdLastSet", 0 > > objUser.SetInfo > > > > The only line I changed is to account for my user and OU hierarchy: > > > > ("LDAP://CN=username,OU=Users and Workstations,OU=Devel and > > QA,OU=Users,DC=COMPANYNAME,DC=local") > > > > I recieve the following error: > > > > Error: 0x80005000 > > Code: 80005000 > > If the error was raised on the "Set objUser" statement, then the AdsPath is > wrong (the object with that Distinguished Name could not be found in AD). If > the error was raised on the "objUser.SetInfo" statement, then perhaps you > lack permission to assign a value to pwdLastSet. > > Your example AdsPath describes an object with Common Name "Username" in an > OU called "OU=Users and Workstations". This OU is in the OU called "OU=Devel > and QA", which is in an OU called "OU=Users", which is in the domain with > DNS name "COMPANYNAME.Local". If "OU=Users" is really the standard > "cn=Users" container, that could be the cause of the error. > > Another possibility is that the Relative Distinguished Name of one of the > components (the Common name of the user or the name of one of the OU's) > contains a character that must be escaped, such as a comma. For example, if > the Common Name of the user is "Smith, William", then the comma must be > escaped with the backslash, "\", escape character. For example: > > "CN=Smith\, William,OU=users and Workstations,OU=Devel and > QA,OU=Users,DC=COMPANYNAME,DC=local" > > Other characters that need to be escaped are "#", "\", and "/". > > -- > Richard Mueller > Microsoft MVP Scripting and ADSI > Hilltop Lab - http://www.rlmueller.net> -- > > > |
|
No, spaces are fine. No special treatment required. The error message
indicates the Distinguished Name (DN) is the problem. You might try making
sure you can bind to the domain, then the first level OU, etc. For example:
Set objDomain = GetObject("LDAP://DC=COMPANYNAME,DC=local")
Set objOU1 = GetObject("LDAP://ou=Users,DC=COMPANYNAME,DC=local")
Set objOU2 = GetObject(LDAP://OU=Users and Workstations,OU=Devel and
QA,OU=Users,DC=COMPANYNAME,DC=local)
You should be able to figure out the DN from where the object resides in
ADUC, once you get used to how the hierarchy works. The Common Name of the
user is the value in the field labeled "Name" in ADUC. You can also use ADSI
Edit to browse objects and their properties, such as distinguishedName.
Unfortunately, ADUC does not display distinguishedName.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"Micah" <Micah[ at ]discussions.microsoft.com> wrote in message
news:BFA36B0E-7F61-4B18-A20D-342A3382F45B[ at ]microsoft.com...
[Quoted Text] >I see a couple of things I did wrong, I hade the OU liniage reversed. Once >I > corrected this I recieved this error: THERE IS NO SUCH OBJECT ON THE > SERVER > > Also, my OU names have spaces, do these require exceptions? > > "Richard Mueller [MVP]" wrote: > >> Micah wrote: >> >> >I am trying to run the following script to force a password change at >> >next >> > logon. I am running this on a Domain Member workstation while logged >> > on >> > as a >> > Domain Admin: >> > >> > Set objUser = GetObject _ >> > ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") >> > >> > objUser.Put "pwdLastSet", 0 >> > objUser.SetInfo >> > >> > The only line I changed is to account for my user and OU hierarchy: >> > >> > ("LDAP://CN=username,OU=Users and Workstations,OU=Devel and >> > QA,OU=Users,DC=COMPANYNAME,DC=local") >> > >> > I recieve the following error: >> > >> > Error: 0x80005000 >> > Code: 80005000 >> >> If the error was raised on the "Set objUser" statement, then the AdsPath >> is >> wrong (the object with that Distinguished Name could not be found in AD). >> If >> the error was raised on the "objUser.SetInfo" statement, then perhaps you >> lack permission to assign a value to pwdLastSet. >> >> Your example AdsPath describes an object with Common Name "Username" in >> an >> OU called "OU=Users and Workstations". This OU is in the OU called >> "OU=Devel >> and QA", which is in an OU called "OU=Users", which is in the domain with >> DNS name "COMPANYNAME.Local". If "OU=Users" is really the standard >> "cn=Users" container, that could be the cause of the error. >> >> Another possibility is that the Relative Distinguished Name of one of the >> components (the Common name of the user or the name of one of the OU's) >> contains a character that must be escaped, such as a comma. For example, >> if >> the Common Name of the user is "Smith, William", then the comma must be >> escaped with the backslash, "\", escape character. For example: >> >> "CN=Smith\, William,OU=users and Workstations,OU=Devel and >> QA,OU=Users,DC=COMPANYNAME,DC=local" >> >> Other characters that need to be escaped are "#", "\", and "/". >> >> -- >> Richard Mueller >> Microsoft MVP Scripting and ADSI >> Hilltop Lab - http://www.rlmueller.net>> -- >> >> >>
|
|
I went into ADSI and copied the DN and that solved the issue. I had to use
the Full Name.
Is there a code I can add to the script that when run, will launch a pop-up
window that will ask for the username and/or OU and/or Domain info instead of
editing the script each time?
"Richard Mueller [MVP]" wrote:
[Quoted Text] > No, spaces are fine. No special treatment required. The error message > indicates the Distinguished Name (DN) is the problem. You might try making > sure you can bind to the domain, then the first level OU, etc. For example: > > Set objDomain = GetObject("LDAP://DC=COMPANYNAME,DC=local") > Set objOU1 = GetObject("LDAP://ou=Users,DC=COMPANYNAME,DC=local") > Set objOU2 = GetObject(LDAP://OU=Users and Workstations,OU=Devel and > QA,OU=Users,DC=COMPANYNAME,DC=local) > > You should be able to figure out the DN from where the object resides in > ADUC, once you get used to how the hierarchy works. The Common Name of the > user is the value in the field labeled "Name" in ADUC. You can also use ADSI > Edit to browse objects and their properties, such as distinguishedName. > Unfortunately, ADUC does not display distinguishedName. > > -- > Richard Mueller > Microsoft MVP Scripting and ADSI > Hilltop Lab - http://www.rlmueller.net> -- > > "Micah" <Micah[ at ]discussions.microsoft.com> wrote in message > news:BFA36B0E-7F61-4B18-A20D-342A3382F45B[ at ]microsoft.com... > >I see a couple of things I did wrong, I hade the OU liniage reversed. Once > >I > > corrected this I recieved this error: THERE IS NO SUCH OBJECT ON THE > > SERVER > > > > Also, my OU names have spaces, do these require exceptions? > > > > "Richard Mueller [MVP]" wrote: > > > >> Micah wrote: > >> > >> >I am trying to run the following script to force a password change at > >> >next > >> > logon. I am running this on a Domain Member workstation while logged > >> > on > >> > as a > >> > Domain Admin: > >> > > >> > Set objUser = GetObject _ > >> > ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") > >> > > >> > objUser.Put "pwdLastSet", 0 > >> > objUser.SetInfo > >> > > >> > The only line I changed is to account for my user and OU hierarchy: > >> > > >> > ("LDAP://CN=username,OU=Users and Workstations,OU=Devel and > >> > QA,OU=Users,DC=COMPANYNAME,DC=local") > >> > > >> > I recieve the following error: > >> > > >> > Error: 0x80005000 > >> > Code: 80005000 > >> > >> If the error was raised on the "Set objUser" statement, then the AdsPath > >> is > >> wrong (the object with that Distinguished Name could not be found in AD). > >> If > >> the error was raised on the "objUser.SetInfo" statement, then perhaps you > >> lack permission to assign a value to pwdLastSet. > >> > >> Your example AdsPath describes an object with Common Name "Username" in > >> an > >> OU called "OU=Users and Workstations". This OU is in the OU called > >> "OU=Devel > >> and QA", which is in an OU called "OU=Users", which is in the domain with > >> DNS name "COMPANYNAME.Local". If "OU=Users" is really the standard > >> "cn=Users" container, that could be the cause of the error. > >> > >> Another possibility is that the Relative Distinguished Name of one of the > >> components (the Common name of the user or the name of one of the OU's) > >> contains a character that must be escaped, such as a comma. For example, > >> if > >> the Common Name of the user is "Smith, William", then the comma must be > >> escaped with the backslash, "\", escape character. For example: > >> > >> "CN=Smith\, William,OU=users and Workstations,OU=Devel and > >> QA,OU=Users,DC=COMPANYNAME,DC=local" > >> > >> Other characters that need to be escaped are "#", "\", and "/". > >> > >> -- > >> Richard Mueller > >> Microsoft MVP Scripting and ADSI > >> Hilltop Lab - http://www.rlmueller.net> >> -- > >> > >> > >> > > > |
|
You can use the InputBox function to request information from the user of
the script. For example:
strUserName = InputBox("Enter the user name")
You would need to prompt for enough information to construct the full
Distinguished Name. It would be easier to prompt for the NT name of the
user, also called the "pre-Windows 2000 logon name". Many users refer to
this as their userID. It is the value of the sAMAccountName attribute.
The Common Name of any object does not uniquely identify the object. The
value of the cn attribute need only be unique in the OU or container. The
sAMAccountName attribute must be unique in the domain. In some cases, the
value of the cn and sAMAccountName attributes will be the same, but this is
not required.
You can use the NameTranslate object to convert the sAMAccountName (in
conjuction with the NetBIOS name of the domain), to the Distinguished Name.
For more information, see this link:
http://www.rlmueller.net/NameTranslateFAQ.htm
You can either hard code the NetBIOS name of the domain, or retrieve it
programmatically. You can use the RootDSE object to retrieve the DNS name of
the domain, then use the NameTranslate object to convert this to the NetBIOS
name. This is also documented in the link above.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"Micah" <Micah[ at ]discussions.microsoft.com> wrote in message
news:D41CCDB6-F8EB-437C-9AE7-2B0660075620[ at ]microsoft.com...
[Quoted Text] >I went into ADSI and copied the DN and that solved the issue. I had to use > the Full Name. > > Is there a code I can add to the script that when run, will launch a > pop-up > window that will ask for the username and/or OU and/or Domain info instead > of > editing the script each time? > > "Richard Mueller [MVP]" wrote: > >> No, spaces are fine. No special treatment required. The error message >> indicates the Distinguished Name (DN) is the problem. You might try >> making >> sure you can bind to the domain, then the first level OU, etc. For >> example: >> >> Set objDomain = GetObject("LDAP://DC=COMPANYNAME,DC=local") >> Set objOU1 = GetObject("LDAP://ou=Users,DC=COMPANYNAME,DC=local") >> Set objOU2 = GetObject(LDAP://OU=Users and Workstations,OU=Devel and >> QA,OU=Users,DC=COMPANYNAME,DC=local) >> >> You should be able to figure out the DN from where the object resides in >> ADUC, once you get used to how the hierarchy works. The Common Name of >> the >> user is the value in the field labeled "Name" in ADUC. You can also use >> ADSI >> Edit to browse objects and their properties, such as distinguishedName. >> Unfortunately, ADUC does not display distinguishedName. >> >> -- >> Richard Mueller >> Microsoft MVP Scripting and ADSI >> Hilltop Lab - http://www.rlmueller.net>> -- >> >> "Micah" <Micah[ at ]discussions.microsoft.com> wrote in message >> news:BFA36B0E-7F61-4B18-A20D-342A3382F45B[ at ]microsoft.com... >> >I see a couple of things I did wrong, I hade the OU liniage reversed. >> >Once >> >I >> > corrected this I recieved this error: THERE IS NO SUCH OBJECT ON THE >> > SERVER >> > >> > Also, my OU names have spaces, do these require exceptions? >> > >> > "Richard Mueller [MVP]" wrote: >> > >> >> Micah wrote: >> >> >> >> >I am trying to run the following script to force a password change at >> >> >next >> >> > logon. I am running this on a Domain Member workstation while >> >> > logged >> >> > on >> >> > as a >> >> > Domain Admin: >> >> > >> >> > Set objUser = GetObject _ >> >> > ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") >> >> > >> >> > objUser.Put "pwdLastSet", 0 >> >> > objUser.SetInfo >> >> > >> >> > The only line I changed is to account for my user and OU hierarchy: >> >> > >> >> > ("LDAP://CN=username,OU=Users and Workstations,OU=Devel and >> >> > QA,OU=Users,DC=COMPANYNAME,DC=local") >> >> > >> >> > I recieve the following error: >> >> > >> >> > Error: 0x80005000 >> >> > Code: 80005000 >> >> >> >> If the error was raised on the "Set objUser" statement, then the >> >> AdsPath >> >> is >> >> wrong (the object with that Distinguished Name could not be found in >> >> AD). >> >> If >> >> the error was raised on the "objUser.SetInfo" statement, then perhaps >> >> you >> >> lack permission to assign a value to pwdLastSet. >> >> >> >> Your example AdsPath describes an object with Common Name "Username" >> >> in >> >> an >> >> OU called "OU=Users and Workstations". This OU is in the OU called >> >> "OU=Devel >> >> and QA", which is in an OU called "OU=Users", which is in the domain >> >> with >> >> DNS name "COMPANYNAME.Local". If "OU=Users" is really the standard >> >> "cn=Users" container, that could be the cause of the error. >> >> >> >> Another possibility is that the Relative Distinguished Name of one of >> >> the >> >> components (the Common name of the user or the name of one of the >> >> OU's) >> >> contains a character that must be escaped, such as a comma. For >> >> example, >> >> if >> >> the Common Name of the user is "Smith, William", then the comma must >> >> be >> >> escaped with the backslash, "\", escape character. For example: >> >> >> >> "CN=Smith\, William,OU=users and Workstations,OU=Devel and >> >> QA,OU=Users,DC=COMPANYNAME,DC=local" >> >> >> >> Other characters that need to be escaped are "#", "\", and "/". >> >> >> >> -- >> >> Richard Mueller >> >> Microsoft MVP Scripting and ADSI >> >> Hilltop Lab - http://www.rlmueller.net>> >> -- >> >> >> >> >> >> >> >> >>
|
|
|