> I'm trying to write a script that will get me info on a user account.
> But I'm having a problem with GetObject. Below is my entire script (2
> lines), yes I know it doesn't do much. I'm just trying to figure out
> what the problem is.
> Set objUser = GetObject ("LDAP://
> Wscript.Echo "Password last changed: " & objUser.passwordLastChanged
> I get a Windows Script Host error
> Line: 1
> Char: 1
> Error: There is no such object on the server
> Code: 80072030
> Source: (null)
> The username is spelled correctly. I have an OU for each city with an
> office, and in each one there is another OU called "users". I tried
> it both ways, ou=city,ou=users and ou=users,ou=city. Everything is
> spelled correctly. What is the problem? Is it case sensitive, am I
> missing a field, am I missing a space, what?
The ADsPath is not case sensitive. The domain components in the
Distinguished Name should be listed from left to right from the lowest level
(child) to the highest level in the AD hierarchy. In your example the object
with common name "username" resides in the ou "city", which in turn resides
in the ou "users", which is in the root of the domain "corp.acme.local".
The error indicates the object was not found. A possibility is that you
specified the "pre-Windows 2000 logon name" (also called the NT name)
instead of the Common Name. The Common Name is shown in ADUC in a field
labeled "Name". The "pre-Windows 2000 logon name" is on the "Account" tab in
ADUC. Sometimes the common name matches the NT name, but it often does not.
You can figure out the Distinguished Name in ADUC by viewing the field
labeled "Fully qualified domain name of object" on the "Object" tab, but the
components are listed in reverse order, without the "ou=", "dc=", and "cn="
monikers, and with slashes instead of commas separating the components.
Sometimes the "pre-Windows 2000 logon name" is called the username or logon
name or userid. If this is all you know, you can use the NameTranslate
object to convert to the Distinguished Name. See this link for details: http://www.rlmueller.net/NameTranslateFAQ.htm
Otherwise in ADUC use the value in the "Name" field. You can use ADSI Edit
to view the distinguishedName attribute of the user object, which is the
value required when you bind with the LDAP provider. If the user is the
current user, you can retrieve the value of the distinguishedName attribute
from the ADSystemInfo object. For example:
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net