jfattizzi
Posts: 88
Score: 0
Joined: 3/5/2004
Status: offline
|
Hello all. I have a script that runs during a new build and is launched under a local account on the domain. The local account has access to domain resources, but it is not authenticated to the domain.
My script simply moves a computer account into a global group using alternate credentials. The alt credentials has the access to do the actual move. The problem I am having is the script fails because the user it is running under isnt authenticated to the domain. If I run it as a domain user, then it works like a charm. How can I authenticate as a domain account inside the script so that during build time this works?
Here is my script:
Const ADS_SCOPE_SUBTREE = 2
Const ADS_PROPERTY_APPEND = 3
Set oShell = WScript.CreateObject("WScript.Shell")
Wscript.Echo (Date() & " " & Time() & ": Script to move workstation to Active Directory Group")
sComputer = oShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
sLocation = oShell.ExpandEnvironmentStrings("%PCLOCCODE%")
sGroup = "GPO_DevExclude"
' handle null values
If sComputer = "" Then sComputer = "UNDEFINED"
If IsNull(sComputer) Then sComputer = "UNDEFINED"
If IsEmpty(sComputer) Then sComputer = "UNDEFINED"
If sLocation = "" Then sLocation = "UNDEFINED"
If IsNull(sLocation) Then sLocation = "UNDEFINED"
If IsEmpty(sLocation) Then sLocation = "UNDEFINED"
Wscript.Echo (Date() & " " & Time() & ": Computer Name is defined as: " & sComputer)
Wscript.Echo (Date() & " " & Time() & ": PCLOCCODE is defined as: " & sLocation)
If sComputer = "UNDEFINED" Then
Wscript.Echo (Date() & " " & Time() & ": Computer Name is UNDEFINED, cannot continue")
End If
Select Case sLocation
Case "CTS"
sLDAP = "LDAP://DC=ac-eut,DC=lp-eut,DC=acml,DC=com"
sUsername = "cn=administrator,ou=Users,DC=ac-eut,DC=lp-eut,DC=acml,DC=com"
sPassword = ""
sGroupDN = "LDAP://ac-eut.lp-eut.acml.com/cn=" & sGroup & ",OU=Groups,OU=Workstations,DC=ac-eut,DC=lp-eut,DC=acml,DC=com"
Wscript.Echo (Date() & " " & Time() & ": CTS location code has been identified")
Case "QALAB"
sLDAP = "LDAP://DC=ac-qa,DC=lp-qa,DC=acml,DC=com"
sUsername = "cn=acbuilder,ou=Svcacct,OU=Enterprise,DC=ac-qa,DC=lp-qa,DC=acml,DC=com"
sPassword = ""
sGroupDN = "LDAP://ac.lp.acml.com/cn=" & sGroup & ",OU=Groups,OU=Workstations,DC=ac-qa,DC=lp-qa,DC=acml,DC=com"
Wscript.Echo (Date() & " " & Time() & ": QALAB location code has been identified")
Case Else ' Production
sLDAP = "LDAP://DC=ac,DC=lp,DC=acml,DC=com"
sUsername = "cn=acbuilder,ou=Svcacct,OU=Enterprise,DC=ac,DC=lp,DC=acml,DC=com"
sPassword = ""
sGroupDN = "LDAP://ac.lp.acml.com/cn=" & sGroup & ",OU=Groups,OU=Workstations,DC=ac,DC=lp,DC=acml,DC=com"
Wscript.Echo (Date() & " " & Time() & ": PROD location code has been identified")
End Select
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("ADSI Flag") = 3
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
' Query AD to see where comptuer account is located
objCommand.CommandText = "SELECT ADsPath FROM '" & sLDAP & "' WHERE objectCategory='computer' " & "AND name='" & sComputer & "';subtree"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
strADSPath = objRecordSet.Fields("ADsPath").Value
'Remove the leading LDAP://
strADSPath = Mid(strADSPath,8)
Set objNamespaceLDAP = GetObject("LDAP:")
Set objMyComp = objNamespaceLDAP.OpenDSObject(sGroupDN, sUsername,sPassword, 0)
objMyComp.putEx ADS_PROPERTY_APPEND, "member", Array(strADSPath)
objMycomp.setinfo
Wscript.Echo (Date() & " " & Time() & ": Finished running script, returning control to parent script")
|
Printable Version
LDAP Authentication - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread