Hello,



I'm trying to write a script that will get me info on a user account.
But I'm having a problem with GetObject. Below is my entire script (2
lines), yes I know it doesn't do much. I'm just trying to figure out
what the problem is.
------
Set objUser = GetObject ("LDAP://
cn=username,ou=city,ou=users,dc=corp,dc=acme,dc=local")
Wscript.Echo "Password last changed: " & objUser.passwordLastChanged
------

I get a Windows Script Host error
Line: 1
Char: 1
Error: There is no such object on the server
Code: 80072030
Source: (null)

The username is spelled correctly. I have an OU for each city with an
office, and in each one there is another OU called "users". I tried
it both ways, ou=city,ou=users and ou=users,ou=city. Everything is
spelled correctly. What is the problem? Is it case sensitive, am I
missing a field, am I missing a space, what?

Please help.

Thanks,
Joe

Joe wrote:

> I'm trying to write a script that will get me info on a user account.
> But I'm having a problem with GetObject. Below is my entire script (2
> lines), yes I know it doesn't do much. I'm just trying to figure out
> what the problem is.
> ------
> Set objUser = GetObject ("LDAP://
> cn=username,ou=city,ou=users,dc=corp,dc=acme,dc=local")
> Wscript.Echo "Password last changed: " & objUser.passwordLastChanged
> ------
>
> I get a Windows Script Host error
> Line: 1
> Char: 1
> Error: There is no such object on the server
> Code: 80072030
> Source: (null)
>
> The username is spelled correctly. I have an OU for each city with an
> office, and in each one there is another OU called "users". I tried
> it both ways, ou=city,ou=users and ou=users,ou=city. Everything is
> spelled correctly. What is the problem? Is it case sensitive, am I
> missing a field, am I missing a space, what?
>

The ADsPath is not case sensitive. The domain components in the
Distinguished Name should be listed from left to right from the lowest level
(child) to the highest level in the AD hierarchy. In your example the object
with common name "username" resides in the ou "city", which in turn resides
in the ou "users", which is in the root of the domain "corp.acme.local".

The error indicates the object was not found. A possibility is that you
specified the "pre-Windows 2000 logon name" (also called the NT name)
instead of the Common Name. The Common Name is shown in ADUC in a field
labeled "Name". The "pre-Windows 2000 logon name" is on the "Account" tab in
ADUC. Sometimes the common name matches the NT name, but it often does not.
You can figure out the Distinguished Name in ADUC by viewing the field
labeled "Fully qualified domain name of object" on the "Object" tab, but the
components are listed in reverse order, without the "ou=", "dc=", and "cn="
monikers, and with slashes instead of commas separating the components.

Sometimes the "pre-Windows 2000 logon name" is called the username or logon
name or userid. If this is all you know, you can use the NameTranslate
object to convert to the Distinguished Name. See this link for details:

http://www.rlmueller.net/NameTranslateFAQ.htm

Otherwise in ADUC use the value in the "Name" field. You can use ADSI Edit
to view the distinguishedName attribute of the user object, which is the
value required when you bind with the LDAP provider. If the user is the
current user, you can retrieve the value of the distinguishedName attribute
from the ADSystemInfo object. For example:
============
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

AH, I was using the pre-windows 2000 logon name. That was stupid.

Thanks,
Joe

> The error indicates the object was not found. A possibility is that you
> specified the "pre-Windows 2000 logon name" (also called the NT name)
> instead of the Common Name. The Common Name is shown in ADUC in a field
> labeled "Name". The "pre-Windows 2000 logon name" is on the "Account" tab in
> ADUC. Sometimes the common name matches the NT name, but it often does not.
> You can figure out the Distinguished Name in ADUC by viewing the field
> labeled "Fully qualified domain name of object" on the "Object" tab, but the
> components are listed in reverse order, without the "ou=", "dc=", and "cn="
> monikers, and with slashes instead of commas separating the components.

> Richard Mueller
> MVP Directory Services
> Hilltop Lab -http://www.rlmueller.net
> --- Hide quoted text -
>
> - Show quoted text -