From: Jeffery Hicks [MVP] on
That's the first thing I thought to. But I tried using ADO with alternate
credentials and it from non-domain member as long as I specified a domain
controller in the LDAP string. I was a little surprised it worked.

--
Jeffery Hicks
Microsoft PowerShell MVP
http://www.scriptinganswers.com
http://www.powershellcommunity.org

Now Available: WSH and VBScript Core: TFM
Coming Soon: Windows PowerShell: TFM 2nd Ed.
"Richard Mueller [MVP]" <rlmueller-nospam(a)ameritech.nospam.net> wrote in
message news:%23p02V6HLIHA.4272(a)TK2MSFTNGP06.phx.gbl...
> Alternate credentials with ADO requires that the client be joined to the
> domain. You might have better luck using the OpenDSObject method. See this
> link:
>
> http://msdn2.microsoft.com/en-us/library/aa706065.aspx
>
> You will need to specify a Domain Controller in the binding string. I have
> not tried this, so I can't say if it will work.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Jeffery Hicks [MVP]" <jhicks(a)sapien.com> wrote in message
> news:%23deaidHLIHA.536(a)TK2MSFTNGP06.phx.gbl...
>> It might work if you can specify a domain controller in your query:
>>
>> "SELECT Name FROM 'LDAP://DC01/dc=testdomain,dc=local' WHERE
>> objectCategory='user'"
>>
>> --
>> Jeffery Hicks
>> Microsoft PowerShell MVP
>> http://www.scriptinganswers.com
>> http://www.powershellcommunity.org
>>
>> Now Available: WSH and VBScript Core: TFM
>> Coming Soon: Windows PowerShell: TFM 2nd Ed.
>> "Tom" <private(a)company.com> wrote in message
>> news:A52DC59E-F027-4CF4-B5C7-3D7186583CED(a)microsoft.com...
>>> Hi,
>>> I have a similar problem. I too wish to query active directory and am
>>> using
>>> similar code to Maverick to do so (the piece with the connection details
>>> is
>>> actually identical and the only real difference is I am running a
>>> different
>>> query).
>>> The machine I am using is a member of the domain being queried. If I log
>>> on
>>> as a user from that domain I can run the script and it works fine.
>>> However,
>>> if I log on to the same machine but as a user from a different domain
>>> and run
>>> the script I get the exact same error message as Maverick.
>>> Although I specifiy an account in the domain in my script it is as if
>>> Active
>>> Directory is still using the credentials with which I logged on to
>>> decide
>>> whether or not I should be granted access to.
>>> Has anyone got any ideas?
>>>
>>> Tom
>>>
>>> "Jeffery Hicks [MVP]" wrote:
>>>
>>>> I don't think you'll ever be able to get that to function in a
>>>> workgroup.
>>>> The AD provider is looking for a domain controller but your workgroup
>>>> machine isn't configured to use one. You might be able to use a direct
>>>> LDAP
>>>> connection to a specific domain controller, possibly passing alternate
>>>> credentials as well, but the script will look different than what you
>>>> have
>>>> here.
>>>>
>>>> --
>>>> Jeffery Hicks
>>>> Microsoft PowerShell MVP
>>>> http://www.scriptinganswers.com
>>>> http://www.powershellcommunity.org
>>>>
>>>> Now Available: WSH and VBScript Core: TFM
>>>> Coming Soon: Windows PowerShell: TFM 2nd Ed.
>>>> "maverick" <maverick(a)discussions.microsoft.com> wrote in message
>>>> news:04BA0383-16E8-43ED-987E-4B5295D1C49C(a)microsoft.com...
>>>> > Hi,
>>>> >
>>>> > I tried running the script appended below which runs fine on a
>>>> > machine
>>>> > joined to a domain.
>>>> > How can i get this script to run from a machine which is not joined
>>>> > to the
>>>> > domain(xyz.mc.uk)?
>>>> >
>>>> > I get the following error on the client which is not joined to the
>>>> > domain?
>>>> >
>>>> > Windows Script Host
>>>> > ---------------------------
>>>> > Script: C:\Documents and Settings\Administrator\Desktop\Search.vbs
>>>> > Line: 21
>>>> > Char: 1
>>>> > Error: Table does not exist.
>>>> > Code: 80040E37
>>>> > Source: Provider
>>>> >
>>>> >
>>>> > Is there a way out to run this script from a machine which is not in
>>>> > the
>>>> > domain?
>>>> >
>>>> >
>>>> >
>>>> > Script
>>>> >
>>>> > strUserName = "1234567"
>>>> > strLDAP = "<LDAP://dc=xyz,dc=mc,dc=ck>"
>>>> > dtStart = TimeValue(Now())
>>>> >
>>>> > Set objConnection = CreateObject("ADODB.Connection")
>>>> > Set objCommand = CreateObject("ADODB.Command")
>>>> > objConnection.Provider = "ADsDSOObject"
>>>> >
>>>> > objConnection.Properties("User ID") = "xyz.mc.ck\user"
>>>> > objConnection.Properties("Password") = "Pwd0334"
>>>> > objConnection.Properties("Encrypt Password") = TRUE
>>>> > objConnection.Properties("ADSI FLAG") = 1
>>>> >
>>>> > objConnection.Open "Active Directory Provider"
>>>> > set objCommand.ActiveConnection = objConnection
>>>> >
>>>> > objCommand.CommandText = _
>>>> > strLDAP & ";(&(objectCategory=User)" & _
>>>> > "(mobile=" & strUserName &
>>>> > "));distinguishedName,mobile,sAmAccountName,cn;subtree"
>>>> >
>>>> > Set objRecordSet = objCommand.Execute
>>>> >
>>>> > If objRecordset.RecordCount = 0 Then
>>>> > WScript.Echo "sAMAccountName: " & strUserName & " does not exist."
>>>> > Else
>>>> > WScript.Echo objRecordSet.fields("distinguishedName").value &"
>>>> > exists."
>>>> > DNAME = objRecordSet.fields("distinguishedName").value
>>>> > set objUser = GetObject("LDAP://" & DNAME )
>>>> > wscript.echo "itworked"
>>>> > objUser.Put "userPrincipalName", "mtself(a)xyz.mc.ck"
>>>> > objuser.setInfo
>>>> > End If
>>>> >
>>>> > objConnection.Close
>>>> >
>>>> >
>>>>
>>
>
>

From: Richard Mueller [MVP] on
Good to know.

Richard

"Jeffery Hicks [MVP]" <jhicks(a)sapien.com> wrote in message
news:C8C25400-83C3-4047-90B3-5E4FCC11592E(a)microsoft.com...
> That's the first thing I thought to. But I tried using ADO with alternate
> credentials and it from non-domain member as long as I specified a domain
> controller in the LDAP string. I was a little surprised it worked.
>
> --
> Jeffery Hicks
> Microsoft PowerShell MVP
> http://www.scriptinganswers.com
> http://www.powershellcommunity.org
>
> Now Available: WSH and VBScript Core: TFM
> Coming Soon: Windows PowerShell: TFM 2nd Ed.
> "Richard Mueller [MVP]" <rlmueller-nospam(a)ameritech.nospam.net> wrote in
> message news:%23p02V6HLIHA.4272(a)TK2MSFTNGP06.phx.gbl...
>> Alternate credentials with ADO requires that the client be joined to the
>> domain. You might have better luck using the OpenDSObject method. See
>> this link:
>>
>> http://msdn2.microsoft.com/en-us/library/aa706065.aspx
>>
>> You will need to specify a Domain Controller in the binding string. I
>> have not tried this, so I can't say if it will work.
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>> "Jeffery Hicks [MVP]" <jhicks(a)sapien.com> wrote in message
>> news:%23deaidHLIHA.536(a)TK2MSFTNGP06.phx.gbl...
>>> It might work if you can specify a domain controller in your query:
>>>
>>> "SELECT Name FROM 'LDAP://DC01/dc=testdomain,dc=local' WHERE
>>> objectCategory='user'"
>>>
>>> --
>>> Jeffery Hicks
>>> Microsoft PowerShell MVP
>>> http://www.scriptinganswers.com
>>> http://www.powershellcommunity.org
>>>
>>> Now Available: WSH and VBScript Core: TFM
>>> Coming Soon: Windows PowerShell: TFM 2nd Ed.
>>> "Tom" <private(a)company.com> wrote in message
>>> news:A52DC59E-F027-4CF4-B5C7-3D7186583CED(a)microsoft.com...
>>>> Hi,
>>>> I have a similar problem. I too wish to query active directory and am
>>>> using
>>>> similar code to Maverick to do so (the piece with the connection
>>>> details is
>>>> actually identical and the only real difference is I am running a
>>>> different
>>>> query).
>>>> The machine I am using is a member of the domain being queried. If I
>>>> log on
>>>> as a user from that domain I can run the script and it works fine.
>>>> However,
>>>> if I log on to the same machine but as a user from a different domain
>>>> and run
>>>> the script I get the exact same error message as Maverick.
>>>> Although I specifiy an account in the domain in my script it is as if
>>>> Active
>>>> Directory is still using the credentials with which I logged on to
>>>> decide
>>>> whether or not I should be granted access to.
>>>> Has anyone got any ideas?
>>>>
>>>> Tom
>>>>
>>>> "Jeffery Hicks [MVP]" wrote:
>>>>
>>>>> I don't think you'll ever be able to get that to function in a
>>>>> workgroup.
>>>>> The AD provider is looking for a domain controller but your workgroup
>>>>> machine isn't configured to use one. You might be able to use a
>>>>> direct LDAP
>>>>> connection to a specific domain controller, possibly passing alternate
>>>>> credentials as well, but the script will look different than what you
>>>>> have
>>>>> here.
>>>>>
>>>>> --
>>>>> Jeffery Hicks
>>>>> Microsoft PowerShell MVP
>>>>> http://www.scriptinganswers.com
>>>>> http://www.powershellcommunity.org
>>>>>
>>>>> Now Available: WSH and VBScript Core: TFM
>>>>> Coming Soon: Windows PowerShell: TFM 2nd Ed.
>>>>> "maverick" <maverick(a)discussions.microsoft.com> wrote in message
>>>>> news:04BA0383-16E8-43ED-987E-4B5295D1C49C(a)microsoft.com...
>>>>> > Hi,
>>>>> >
>>>>> > I tried running the script appended below which runs fine on a
>>>>> > machine
>>>>> > joined to a domain.
>>>>> > How can i get this script to run from a machine which is not joined
>>>>> > to the
>>>>> > domain(xyz.mc.uk)?
>>>>> >
>>>>> > I get the following error on the client which is not joined to the
>>>>> > domain?
>>>>> >
>>>>> > Windows Script Host
>>>>> > ---------------------------
>>>>> > Script: C:\Documents and Settings\Administrator\Desktop\Search.vbs
>>>>> > Line: 21
>>>>> > Char: 1
>>>>> > Error: Table does not exist.
>>>>> > Code: 80040E37
>>>>> > Source: Provider
>>>>> >
>>>>> >
>>>>> > Is there a way out to run this script from a machine which is not in
>>>>> > the
>>>>> > domain?
>>>>> >
>>>>> >
>>>>> >
>>>>> > Script
>>>>> >
>>>>> > strUserName = "1234567"
>>>>> > strLDAP = "<LDAP://dc=xyz,dc=mc,dc=ck>"
>>>>> > dtStart = TimeValue(Now())
>>>>> >
>>>>> > Set objConnection = CreateObject("ADODB.Connection")
>>>>> > Set objCommand = CreateObject("ADODB.Command")
>>>>> > objConnection.Provider = "ADsDSOObject"
>>>>> >
>>>>> > objConnection.Properties("User ID") = "xyz.mc.ck\user"
>>>>> > objConnection.Properties("Password") = "Pwd0334"
>>>>> > objConnection.Properties("Encrypt Password") = TRUE
>>>>> > objConnection.Properties("ADSI FLAG") = 1
>>>>> >
>>>>> > objConnection.Open "Active Directory Provider"
>>>>> > set objCommand.ActiveConnection = objConnection
>>>>> >
>>>>> > objCommand.CommandText = _
>>>>> > strLDAP & ";(&(objectCategory=User)" & _
>>>>> > "(mobile=" & strUserName &
>>>>> > "));distinguishedName,mobile,sAmAccountName,cn;subtree"
>>>>> >
>>>>> > Set objRecordSet = objCommand.Execute
>>>>> >
>>>>> > If objRecordset.RecordCount = 0 Then
>>>>> > WScript.Echo "sAMAccountName: " & strUserName & " does not
>>>>> > exist."
>>>>> > Else
>>>>> > WScript.Echo objRecordSet.fields("distinguishedName").value &"
>>>>> > exists."
>>>>> > DNAME = objRecordSet.fields("distinguishedName").value
>>>>> > set objUser = GetObject("LDAP://" & DNAME )
>>>>> > wscript.echo "itworked"
>>>>> > objUser.Put "userPrincipalName", "mtself(a)xyz.mc.ck"
>>>>> > objuser.setInfo
>>>>> > End If
>>>>> >
>>>>> > objConnection.Close
>>>>> >
>>>>> >
>>>>>
>>>
>>
>>
>


From: maverick on
Hello All,

Thanks for the response, yes it does work if the dc = dc.domainname.
I can get it to work ,but only the first part of searching the user but not
able to update the user info...

---------------------------
Windows Script Host
---------------------------
Script: C:\Documents and Settings\Administrator\Desktop\Search.vbs
Line: 34
Char: 6
Error: An operations error occurred.
Code: 80072020
Source: (null)

---------------------------
OK
---------------------------

The above error comes up at the get object......and it takes longer time as
oppossed to a machine which is in the domain?

any help will be appreciated.

cheers




















"Richard Mueller [MVP]" wrote:

> Good to know.
>
> Richard
>
> "Jeffery Hicks [MVP]" <jhicks(a)sapien.com> wrote in message
> news:C8C25400-83C3-4047-90B3-5E4FCC11592E(a)microsoft.com...
> > That's the first thing I thought to. But I tried using ADO with alternate
> > credentials and it from non-domain member as long as I specified a domain
> > controller in the LDAP string. I was a little surprised it worked.
> >
> > --
> > Jeffery Hicks
> > Microsoft PowerShell MVP
> > http://www.scriptinganswers.com
> > http://www.powershellcommunity.org
> >
> > Now Available: WSH and VBScript Core: TFM
> > Coming Soon: Windows PowerShell: TFM 2nd Ed.
> > "Richard Mueller [MVP]" <rlmueller-nospam(a)ameritech.nospam.net> wrote in
> > message news:%23p02V6HLIHA.4272(a)TK2MSFTNGP06.phx.gbl...
> >> Alternate credentials with ADO requires that the client be joined to the
> >> domain. You might have better luck using the OpenDSObject method. See
> >> this link:
> >>
> >> http://msdn2.microsoft.com/en-us/library/aa706065.aspx
> >>
> >> You will need to specify a Domain Controller in the binding string. I
> >> have not tried this, so I can't say if it will work.
> >>
> >> --
> >> Richard Mueller
> >> Microsoft MVP Scripting and ADSI
> >> Hilltop Lab - http://www.rlmueller.net
> >> --
> >>
> >> "Jeffery Hicks [MVP]" <jhicks(a)sapien.com> wrote in message
> >> news:%23deaidHLIHA.536(a)TK2MSFTNGP06.phx.gbl...
> >>> It might work if you can specify a domain controller in your query:
> >>>
> >>> "SELECT Name FROM 'LDAP://DC01/dc=testdomain,dc=local' WHERE
> >>> objectCategory='user'"
> >>>
> >>> --
> >>> Jeffery Hicks
> >>> Microsoft PowerShell MVP
> >>> http://www.scriptinganswers.com
> >>> http://www.powershellcommunity.org
> >>>
> >>> Now Available: WSH and VBScript Core: TFM
> >>> Coming Soon: Windows PowerShell: TFM 2nd Ed.
> >>> "Tom" <private(a)company.com> wrote in message
> >>> news:A52DC59E-F027-4CF4-B5C7-3D7186583CED(a)microsoft.com...
> >>>> Hi,
> >>>> I have a similar problem. I too wish to query active directory and am
> >>>> using
> >>>> similar code to Maverick to do so (the piece with the connection
> >>>> details is
> >>>> actually identical and the only real difference is I am running a
> >>>> different
> >>>> query).
> >>>> The machine I am using is a member of the domain being queried. If I
> >>>> log on
> >>>> as a user from that domain I can run the script and it works fine.
> >>>> However,
> >>>> if I log on to the same machine but as a user from a different domain
> >>>> and run
> >>>> the script I get the exact same error message as Maverick.
> >>>> Although I specifiy an account in the domain in my script it is as if
> >>>> Active
> >>>> Directory is still using the credentials with which I logged on to
> >>>> decide
> >>>> whether or not I should be granted access to.
> >>>> Has anyone got any ideas?
> >>>>
> >>>> Tom
> >>>>
> >>>> "Jeffery Hicks [MVP]" wrote:
> >>>>
> >>>>> I don't think you'll ever be able to get that to function in a
> >>>>> workgroup.
> >>>>> The AD provider is looking for a domain controller but your workgroup
> >>>>> machine isn't configured to use one. You might be able to use a
> >>>>> direct LDAP
> >>>>> connection to a specific domain controller, possibly passing alternate
> >>>>> credentials as well, but the script will look different than what you
> >>>>> have
> >>>>> here.
> >>>>>
> >>>>> --
> >>>>> Jeffery Hicks
> >>>>> Microsoft PowerShell MVP
> >>>>> http://www.scriptinganswers.com
> >>>>> http://www.powershellcommunity.org
> >>>>>
> >>>>> Now Available: WSH and VBScript Core: TFM
> >>>>> Coming Soon: Windows PowerShell: TFM 2nd Ed.
> >>>>> "maverick" <maverick(a)discussions.microsoft.com> wrote in message
> >>>>> news:04BA0383-16E8-43ED-987E-4B5295D1C49C(a)microsoft.com...
> >>>>> > Hi,
> >>>>> >
> >>>>> > I tried running the script appended below which runs fine on a
> >>>>> > machine
> >>>>> > joined to a domain.
> >>>>> > How can i get this script to run from a machine which is not joined
> >>>>> > to the
> >>>>> > domain(xyz.mc.uk)?
> >>>>> >
> >>>>> > I get the following error on the client which is not joined to the
> >>>>> > domain?
> >>>>> >
> >>>>> > Windows Script Host
> >>>>> > ---------------------------
> >>>>> > Script: C:\Documents and Settings\Administrator\Desktop\Search.vbs
> >>>>> > Line: 21
> >>>>> > Char: 1
> >>>>> > Error: Table does not exist.
> >>>>> > Code: 80040E37
> >>>>> > Source: Provider
> >>>>> >
> >>>>> >
> >>>>> > Is there a way out to run this script from a machine which is not in
> >>>>> > the
> >>>>> > domain?
> >>>>> >
> >>>>> >
> >>>>> >
> >>>>> > Script
> >>>>> >
> >>>>> > strUserName = "1234567"
> >>>>> > strLDAP = "<LDAP://dc=xyz,dc=mc,dc=ck>"
> >>>>> > dtStart = TimeValue(Now())
> >>>>> >
> >>>>> > Set objConnection = CreateObject("ADODB.Connection")
> >>>>> > Set objCommand = CreateObject("ADODB.Command")
> >>>>> > objConnection.Provider = "ADsDSOObject"
> >>>>> >
> >>>>> > objConnection.Properties("User ID") = "xyz.mc.ck\user"
> >>>>> > objConnection.Properties("Password") = "Pwd0334"
> >>>>> > objConnection.Properties("Encrypt Password") = TRUE
> >>>>> > objConnection.Properties("ADSI FLAG") = 1
> >>>>> >
> >>>>> > objConnection.Open "Active Directory Provider"
> >>>>> > set objCommand.ActiveConnection = objConnection
> >>>>> >
> >>>>> > objCommand.CommandText = _
> >>>>> > strLDAP & ";(&(objectCategory=User)" & _
> >>>>> > "(mobile=" & strUserName &
> >>>>> > "));distinguishedName,mobile,sAmAccountName,cn;subtree"
> >>>>> >
> >>>>> > Set objRecordSet = objCommand.Execute
> >>>>> >
> >>>>> > If objRecordset.RecordCount = 0 Then
> >>>>> > WScript.Echo "sAMAccountName: " & strUserName & " does not
> >>>>> > exist."
> >>>>> > Else
> >>>>> > WScript.Echo objRecordSet.fields("distinguishedName").value &"
> >>>>> > exists."
> >>>>> > DNAME = objRecordSet.fields("distinguishedName").value
> >>>>> > set objUser = GetObject("LDAP://" & DNAME )
> >>>>> > wscript.echo "itworked"
> >>>>> > objUser.Put "userPrincipalName", "mtself(a)xyz.mc.ck"
> >>>>> > objuser.setInfo
> >>>>> > End If
> >>>>> >
> >>>>> > objConnection.Close
> >>>>> >
> >>>>> >
> >>>>>
> >>>
> >>
> >>
> >
>
>
>