Directory Programming .NET

Active Directory and ADAM programming support for .NET developers
Welcome to Directory Programming .NET Sign in | Join | Help
in Search
Home Forums Files Roller
Directory Programming .NET » General Discussions » Active Directory/ADAM LDAP Dis... » Script says user does not exist, but it does.. please help.

Script says user does not exist, but it does.. please help.

Last post 02-10-2010, 11:14 AM by joe. 1 replies.
Sort Posts: Previous Next

  •  02-08-2010, 4:26 PM 7806

    Script says user does not exist, but it does.. please help.

    Earlier today I wrote a vbs script that gave me a list of the users in my domain that do not have the correct login script set.

    The field my script returned was the sAMAccountName.

    I am now trying to write a script to set the login script correctly.  This is where my problem is.

    I keep getting "there is no such object on the server" - however, I verified this - and .. thinking back to how I got this list - it was from the sAMAccountName's of the accounts that did not have the login script. 

    After a lot of frustration, I modified my script to just show me the account name. Here is my script:

    set objUser = GetObject("LDAP://cn=bobb,cn=users,dc=stewarts,dc=stewartsshops,dc=com")
    wscript.echo objUser.sAMAccountName

    I put myself in the ldap, and everything works.  Others too.  It seems like anyone that is in my output list from my first script - i get the same error - no such object.

    After more toying with it - I realized that in my Active Directory Users and Computers, the "name" column is "First Name" "Last Name" for all of these users, yet for me, it is "steveb" - my account name.  So I then changed my script to have an LDAP string of:

    set objUser = GetObject("LDAP://cn=Bob Bush,cn=users,dc=stewarts,dc=stewartsshops,dc=com")
    wscript.echo objUser.sAMAccountName

    This worked correctly!  Why is this?  All of the users in my AD have the first name, last name, display name properties set - but the "name" column on the list - some show display name and others show login name.

    Hope this makes sense

    Thanks in advance.
    sb

  •  02-10-2010, 11:14 AM 7815 in reply to 7806

    Re: Script says user does not exist, but it does.. please help.

    It sounds like you have a mish mash of different values in the user's common name (CN) attribute. The CN is what is used in naming to build the user's DN (distinguishedName) which is what you use in GetObject.

    The displayName and sAMAccountName attributes are different values and don't have to have any relation to the CN, so you can't assume that if you have one of those you can build the DN.

    The bottom line is that you need to ensure that your script provides you the data you need to find the objects again later. As such, it is likely the best idea to deal in the distinguishedName attribute since you'll want that as input to GetObject later to make the modifications you want.

    Having a provisioning system like ILM/FIM is also very helpful for ensuring that your user accounts are all provisioned consistently according to rules that you define rather than via manual input from the GUI.

View as RSS news feed in XML
© Dunn & Kaplan, 2008