myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


How to query AD from WinPE 2.0

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> Windows PE >> How to query AD from WinPE 2.0 Page: [1]
Login
Message << Older Topic   Newer Topic >>
How to query AD from WinPE 2.0 - 2/6/2007 8:34:40 AM   
juw2

 

Posts: 6
Score: 0
Joined: 12/11/2006
Status: offline 		Have anyone been able to query Active Directory from WinPE 2.0?
I can't get it to work. Not even in WinPE 2005
The error I get is: Provider: Table does not exist.
When I try the same script in XP it works but I get the same error if I type a diffrent AD.
Here is the sample script I'm trying:  

Set conn = CreateObject("ADODB.Connection")
Set cmd = CreateObject("ADODB.Command")
conn.provider = "adsdsoobject"
conn.properties("user id")="ta\Admin"
conn.Properties("password")="AdminPassword!"
conn.open "active directory provider"
cmd.activeconnection = conn
cmd.commandtext = "<LDAP://DC=ta,DC=lab,DC=local>;(&(objectcategory=computer)" &_
"(objectclass=computer)(cn=aotw0005));cn;subtree"
Set rs = cmd.Execute
If rs.recordcount = 0 Then
wscript.Echo "Computer does not exist"
Else
WScript.Echo "Computer exist"
End If
Post #: 1
RE: How to query AD from WinPE 2.0 - 5/14/2008 9:41:27 AM   
sounddoc

 

Posts: 41
Score: 0
Joined: 11/15/2007
Status: offline 		Did you ever get this to work? Seems there's an obvious reason why it wouldn't but I still haven't found it!

_____________________________

-P

(in reply to juw2)
Post #: 2
RE: How to query AD from WinPE 2.0 - 5/26/2008 10:32:29 PM   
rbennett806


Posts: 786
Score: 13
Joined: 6/14/2006
Status: offline 		While I haven't fully tested this, you probably need to bind directly to a domain controller since the WinPE isn't bound to the domain. So something like...

    Set objNS = GetObject("LDAP:")
   Set objRootDSE = objNS.OpenDSObject("LDAP://" & strDomainControllerFQDN & "/RootDSE", strUserName, strPassword, ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION)
   strDNSDomain = objRootDSE.Get("defaultNamingContext")
   Set adoCommand = CreateObject("ADODB.Command")
   Set adoConnection = CreateObject("ADODB.Connection")
   adoConnection.Provider = "ADsDSOObject"
   adoConnection.Properties("User ID") = strUserName
   adoConnection.Properties("Password") = strPassword
   adoConnection.Properties("Encrypt Password") = True
   adoConnection.Properties("ADSI Flag") = ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION
   adoConnection.Open "Active Directory Provider"
   adoCommand.ActiveConnection = adoConnection
   adoCommand.CommandText = "Select Name from 'LDAP://" & strDomainControllerFQDN & "/" & strDNSDomain & "' " & "Where objectCategory='Computer'"
   adoCommand.Properties("Page Size") = 100
   adoCommand.Properties("Timeout") = 30
   adoCommand.Properties("Cache Results") = False
   Set adoRecordset = adoCommand.Execute

I left out what a lot of the variables are, but I'm sure you can probbaly figure them out from your own example...

(in reply to sounddoc)
Post #: 3
RE: How to query AD from WinPE 2.0 - 5/27/2008 10:22:38 AM   
sounddoc

 

Posts: 41
Score: 0
Joined: 11/15/2007
Status: offline 		Thanks for the reply. I've gotten it to bind, I believe, but now I'm getting the error, "Safety settings on this computer prohibit accessing a data source on another domain".

I've tried changing the security settings (1406 if I remember) for all 4 types in the registry in PE, but to no avail.

below is my code (obvious domain specific stuff left out). I know it's hitting and connecting OK becuase I no longer get the table does not exist error. The failure is getting the info from the table locally. Obviously while logged into the domain the hta works great.

       Const ADS_SCOPE_SUBTREE = 2
       Const ADS_SECURE_AUTHENTICATION = 1
       Const ADS_SERVER_BIND = 200

       set oConnection = CreateObject("ADODB.Connection")
       set oCommand = CreateObject("ADODB.Command")
       oConnection.Provider = "ADsDSOObject"
       oConnection.Properties("User ID") = oEnvironment.Item("UserID")'
       oConnection.Properties("Password") = oEnvironment.Item("UserPassword")'
       oConnection.Properties("Encrypt Password") = True
       oConnection.Properties("ADSI Flag") = ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION
       oConnection.Open "Active Directory Provider"
       set oCommand.ActiveConnection = oConnection

       oCommand.Properties("Page Size") = 100
       oCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
       oCommand.Properties("Cache Results") = False
      
       oCommand.CommandText = "SELECT Name,samaccountname FROM 'LDAP://...etc...


_____________________________

-P

(in reply to rbennett806)
Post #: 4
RE: How to query AD from WinPE 2.0 - 5/27/2008 10:52:24 PM   
rbennett806


Posts: 786
Score: 13
Joined: 6/14/2006
Status: offline 		Hmm... Try this line before your "oConnection.Open "Active Directory Provider"" line:
objWshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406", 0, "REG_DWORD"

I back up that registry value first, make the registry change, open my connection, and then replace the key with the original value. So something like...
strRegistryKey = objWshShell.RegRead ("HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406")
'Editing the 1406 registry key to avoid any ADO Security Warning message windows
objWshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406", 0, "REG_DWORD"
'executes some more code and does "stuff" here...
adoConnection.Open "Active Directory Provider"
'Replacing the original HKCU 1406 registry key information
objWshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406", strRegistryKey, "REG_DWORD"
adoCommand.ActiveConnection = adoConnection

And that's assuming that that's the issue you're running into...

(in reply to sounddoc)
Post #: 5
RE: How to query AD from WinPE 2.0 - 5/28/2008 5:05:25 PM   
sounddoc

 

Posts: 41
Score: 0
Joined: 11/15/2007
Status: offline 		banging my head against the wall here!!

I set those registry settings, and I no longer get the data source across domains error, but i'm back to the friggin 'table does not exist' error! no matter how I change my query I'm getting nowhere...the problem is that I don't know how I can test in PE, and within LTI where the script is failing. Now keep in mind the whole thing is in an HTA, within the on_load sub. If I deliberatrly muck with the query, like putting "foo" in the middle of it, I do get a syntax error, which I'm assuming at least means it's hitting the domain controller. For security purposes, let's assume I work at contoso, and my DC is called dc2. The script should take the first part of the hostname and match it to a samid in AD:

sub window_OnLoad
window.resizeTo 500,250

'set IE security
oShell.regWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406", 0, "REG_DWORD"
oShell.regWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406", 0, "REG_DWORD"

'get the username portion of the hostname
strComputer = oEnvironment.Item("COMPUTERNAME")
fPartName = left(strComputer, instr(strComputer, "-") -1 )

'search AD for matches
Const ADS_SCOPE_SUBTREE = 2
Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_SERVER_BIND = 200

set oConnection = CreateObject("ADODB.Connection")
set oCommand = CreateObject("ADODB.Command")

oConnection.Provider = "ADsDSOObject"
oConnection.Properties("User ID") = oEnvironment.Item("DomainAdmin") & "@contoso.com"
oConnection.Properties("Password") = oEnvironment.Item("DomainAdminPassword")
oConnection.Properties("Encrypt Password") = True
oConnection.Properties("ADSI Flag") = ADS_SERVER_BIND + ADS_SECURE_AUTHENTICATION
oConnection.Open "Active Directory Provider"
set oCommand.ActiveConnection = oConnection
oCommand.CommandText = "SELECT * FROM 'LDAP://dc2.contoso.com/dc=contoso,dc=com'" & _
                                             " WHERE objectCategory='User'"' AND samaccountname='" & fPartName & "*'"  
oCommand.Properties("Page Size") = 100
oCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
oCommand.Properties("Cache Results") = False

set oRecordSet = oCommand.Execute

oRecordSet.MoveFirst
Do until oRecordSet.EOF
 set oOption = Document.CreateElement("OPTION")
 oOption.Text = oRecordSet.Fields("Name").Value
 oOption.Value = "CONTOSO\" & oRecordSet.Fields("samaccountname")
 usernameList.Add(oOption)
 oRecordSet.MoveNext
loop
oConnection.close()
end sub

At the very least I'm hoping for some sort of overflow error, or type mismatch which would at least mean that I'm getting data back. Anything besides 'Table does not exist" would be fantastic at this point. The script always fails at the line "set oRecordSet = oCommand.Execute". This is an LTI Deployment with ADO enabled in the boot image. adsldpc.dll is in X:\Windows\System32, so I know that AD support is enabled.

Thanks again for the reply!



< Message edited by sounddoc -- 5/28/2008 5:14:11 PM >

_____________________________

-P

(in reply to rbennett806)
Post #: 6
RE: How to query AD from WinPE 2.0 - 5/28/2008 5:50:22 PM   
jarwidmark

 

Posts: 614
Score: 36
Joined: 12/12/2004
From: Halmstad, Sweden
Status: offline 		Don't bother try to get ADO to work within the HTA... call out for a vbscript and collect the resultback to the HTA...(or vice versa)

WinPE ADO implementation internally checks if it’s running in script inside a hosting container. When you run the VBS in Windows PE this
condition check is always false. So the rest of the ADO connection opening code can run and succeed without further IE trusting/scripting
security checks.

When you run the HTA, this internal checking is done which necessitates the rest of the IE trusting/scripting security checks.
But WinPE doesn’t have any of the IE trusting/scripting security implementation. So the internal security checks fails. As a result,
the code bails and the ADO Connection open() fails.

_____________________________

Regards
Johan Arwidmark
Microsoft MVP - Setup/Deployment

(in reply to sounddoc)
Post #: 7
RE: How to query AD from WinPE 2.0 - 5/28/2008 5:56:42 PM   
sounddoc

 

Posts: 41
Score: 0
Joined: 11/15/2007
Status: offline 		ah! That makes sense. Thanks very much - I'll give it a shot in a separate vbs. sometimes the query will return two or more results, so the learning curve will be passing those to the HTA. I'm going to go the route of a temporary text file, and just have the dropdown read from that.

Thanks again, Johan!

_____________________________

-P

(in reply to jarwidmark)
Post #: 8
RE: How to query AD from WinPE 2.0 - 5/28/2008 6:16:15 PM   
jarwidmark

 

Posts: 614
Score: 36
Joined: 12/12/2004
From: Halmstad, Sweden
Status: offline 		Download the frontend I created for OSD FP (SMS 2003), you will find code there for passing parameters to/from an HTA in WinPE.

Go http://www.deployvista.com click my name and search for Frontend

_____________________________

Regards
Johan Arwidmark
Microsoft MVP - Setup/Deployment

(in reply to sounddoc)
Post #: 9
RE: How to query AD from WinPE 2.0 - 7/17/2008 1:58:22 PM   
Justinp

 

Posts: 9
Score: 0
Joined: 5/9/2008
Status: offline 		I am also hitting the brick wall of "Table does not exist" even though my code is pretty much identical to this and I am not running from inside an HTA.

Has anybody had any success querying the AD from a VBS in PE?

Thanks

Justin

(in reply to jarwidmark)
Post #: 10
Page:   [1]
All Forums >> [Management Products] >> Windows PE >> How to query AD from WinPE 2.0 Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.500