How to query AD from WinPE 2.0 (Full Version)

All Forums >> [Management Products] >> Windows PE



Message

juw2 -> How to query AD from WinPE 2.0 (2/6/2007 8:34:40 AM)

Have anyone been able to query Active Directory from WinPE 2.0?
I can't get it to work. Not even in WinPE 2005
The error I get is: Provider: Table does not exist.
When I try the same script in XP it works but I get the same error if I type a diffrent AD.
Here is the sample script I'm trying:  

Set conn = CreateObject("ADODB.Connection")
Set cmd = CreateObject("ADODB.Command")
conn.provider = "adsdsoobject"
conn.properties("user id")="ta\Admin"
conn.Properties("password")="AdminPassword!"
conn.open "active directory provider"
cmd.activeconnection = conn
cmd.commandtext = "<LDAP://DC=ta,DC=lab,DC=local>;(&(objectcategory=computer)" &_
"(objectclass=computer)(cn=aotw0005));cn;subtree"
Set rs = cmd.Execute
If rs.recordcount = 0 Then
wscript.Echo "Computer does not exist"
Else
WScript.Echo "Computer exist"
End If



sounddoc -> RE: How to query AD from WinPE 2.0 (5/14/2008 9:41:27 AM)

Did you ever get this to work? Seems there's an obvious reason why it wouldn't but I still haven't found it!



rbennett806 -> RE: How to query AD from WinPE 2.0 (5/26/2008 10:32:29 PM)

While I haven't fully tested this, you probably need to bind directly to a domain controller since the WinPE isn't bound to the domain. So something like...

    Set objNS = GetObject("LDAP:")
   Set objRootDSE = objNS.OpenDSObject("LDAP://" & strDomainControllerFQDN & "/RootDSE", strUserName, strPassword, ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION)
   strDNSDomain = objRootDSE.Get("defaultNamingContext")
   Set adoCommand = CreateObject("ADODB.Command")
   Set adoConnection = CreateObject("ADODB.Connection")
   adoConnection.Provider = "ADsDSOObject"
   adoConnection.Properties("User ID") = strUserName
   adoConnection.Properties("Password") = strPassword
   adoConnection.Properties("Encrypt Password") = True
   adoConnection.Properties("ADSI Flag") = ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION
   adoConnection.Open "Active Directory Provider"
   adoCommand.ActiveConnection = adoConnection
   adoCommand.CommandText = "Select Name from 'LDAP://" & strDomainControllerFQDN & "/" & strDNSDomain & "' " & "Where objectCategory='Computer'"
   adoCommand.Properties("Page Size") = 100
   adoCommand.Properties("Timeout") = 30
   adoCommand.Properties("Cache Results") = False
   Set adoRecordset = adoCommand.Execute

I left out what a lot of the variables are, but I'm sure you can probbaly figure them out from your own example...



sounddoc -> RE: How to query AD from WinPE 2.0 (5/27/2008 10:22:38 AM)

Thanks for the reply. I've gotten it to bind, I believe, but now I'm getting the error, "Safety settings on this computer prohibit accessing a data source on another domain".

I've tried changing the security settings (1406 if I remember) for all 4 types in the registry in PE, but to no avail.

below is my code (obvious domain specific stuff left out). I know it's hitting and connecting OK becuase I no longer get the table does not exist error. The failure is getting the info from the table locally. Obviously while logged into the domain the hta works great.

       Const ADS_SCOPE_SUBTREE = 2
       Const ADS_SECURE_AUTHENTICATION = 1
       Const ADS_SERVER_BIND = 200

       set oConnection = CreateObject("ADODB.Connection")
       set oCommand = CreateObject("ADODB.Command")
       oConnection.Provider = "ADsDSOObject"
       oConnection.Properties("User ID") = oEnvironment.Item("UserID")'
       oConnection.Properties("Password") = oEnvironment.Item("UserPassword")'
       oConnection.Properties("Encrypt Password") = True
       oConnection.Properties("ADSI Flag") = ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION
       oConnection.Open "Active Directory Provider"
       set oCommand.ActiveConnection = oConnection

       oCommand.Properties("Page Size") = 100
       oCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
       oCommand.Properties("Cache Results") = False
      
       oCommand.CommandText = "SELECT Name,samaccountname FROM 'LDAP://...etc...



rbennett806 -> RE: How to query AD from WinPE 2.0 (5/27/2008 10:52:24 PM)

Hmm... Try this line before your "oConnection.Open "Active Directory Provider"" line:
objWshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406", 0, "REG_DWORD"

I back up that registry value first, make the registry change, open my connection, and then replace the key with the original value. So something like...
strRegistryKey = objWshShell.RegRead ("HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406")
'Editing the 1406 registry key to avoid any ADO Security Warning message windows
objWshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406", 0, "REG_DWORD"
'executes some more code and does "stuff" here...
adoConnection.Open "Active Directory Provider"
'Replacing the original HKCU 1406 registry key information
objWshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406", strRegistryKey, "REG_DWORD"
adoCommand.ActiveConnection = adoConnection

And that's assuming that that's the issue you're running into...



sounddoc -> RE: How to query AD from WinPE 2.0 (5/28/2008 5:05:25 PM)

banging my head against the wall here!!

I set those registry settings, and I no longer get the data source across domains error, but i'm back to the friggin 'table does not exist' error! no matter how I change my query I'm getting nowhere...the problem is that I don't know how I can test in PE, and within LTI where the script is failing. Now keep in mind the whole thing is in an HTA, within the on_load sub. If I deliberatrly muck with the query, like putting "foo" in the middle of it, I do get a syntax error, which I'm assuming at least means it's hitting the domain controller. For security purposes, let's assume I work at contoso, and my DC is called dc2. The script should take the first part of the hostname and match it to a samid in AD:

sub window_OnLoad
window.resizeTo 500,250

'set IE security
oShell.regWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406", 0, "REG_DWORD"
oShell.regWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406", 0, "REG_DWORD"

'get the username portion of the hostname
strComputer = oEnvironment.Item("COMPUTERNAME")
fPartName = left(strComputer, instr(strComputer, "-") -1 )

'search AD for matches
Const ADS_SCOPE_SUBTREE = 2
Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_SERVER_BIND = 200

set oConnection = CreateObject("ADODB.Connection")
set oCommand = CreateObject("ADODB.Command")

oConnection.Provider = "ADsDSOObject"
oConnection.Properties("User ID") = oEnvironment.Item("DomainAdmin") & "@contoso.com"
oConnection.Properties("Password") = oEnvironment.Item("DomainAdminPassword")
oConnection.Properties("Encrypt Password") = True
oConnection.Properties("ADSI Flag") = ADS_SERVER_BIND + ADS_SECURE_AUTHENTICATION
oConnection.Open "Active Directory Provider"
set oCommand.ActiveConnection = oConnection
oCommand.CommandText = "SELECT * FROM 'LDAP://dc2.contoso.com/dc=contoso,dc=com'" & _
                                             " WHERE objectCategory='User'"' AND samaccountname='" & fPartName & "*'"  
oCommand.Properties("Page Size") = 100
oCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
oCommand.Properties("Cache Results") = False

set oRecordSet = oCommand.Execute

oRecordSet.MoveFirst
Do until oRecordSet.EOF
 set oOption = Document.CreateElement("OPTION")
 oOption.Text = oRecordSet.Fields("Name").Value
 oOption.Value = "CONTOSO\" & oRecordSet.Fields("samaccountname")
 usernameList.Add(oOption)
 oRecordSet.MoveNext
loop
oConnection.close()
end sub

At the very least I'm hoping for some sort of overflow error, or type mismatch which would at least mean that I'm getting data back. Anything besides 'Table does not exist" would be fantastic at this point. The script always fails at the line "set oRecordSet = oCommand.Execute". This is an LTI Deployment with ADO enabled in the boot image. adsldpc.dll is in X:\Windows\System32, so I know that AD support is enabled.

Thanks again for the reply!




jarwidmark -> RE: How to query AD from WinPE 2.0 (5/28/2008 5:50:22 PM)

Don't bother try to get ADO to work within the HTA... call out for a vbscript and collect the resultback to the HTA...(or vice versa)

WinPE ADO implementation internally checks if it’s running in script inside a hosting container. When you run the VBS in Windows PE this
condition check is always false. So the rest of the ADO connection opening code can run and succeed without further IE trusting/scripting
security checks.

When you run the HTA, this internal checking is done which necessitates the rest of the IE trusting/scripting security checks.
But WinPE doesn’t have any of the IE trusting/scripting security implementation. So the internal security checks fails. As a result,
the code bails and the ADO Connection open() fails.



sounddoc -> RE: How to query AD from WinPE 2.0 (5/28/2008 5:56:42 PM)

ah! That makes sense. Thanks very much - I'll give it a shot in a separate vbs. sometimes the query will return two or more results, so the learning curve will be passing those to the HTA. I'm going to go the route of a temporary text file, and just have the dropdown read from that.

Thanks again, Johan!



jarwidmark -> RE: How to query AD from WinPE 2.0 (5/28/2008 6:16:15 PM)

Download the frontend I created for OSD FP (SMS 2003), you will find code there for passing parameters to/from an HTA in WinPE.

Go http://www.deployvista.com click my name and search for Frontend



Justinp -> RE: How to query AD from WinPE 2.0 (7/17/2008 1:58:22 PM)

I am also hitting the brick wall of "Table does not exist" even though my code is pretty much identical to this and I am not running from inside an HTA.

Has anybody had any success querying the AD from a VBS in PE?

Thanks

Justin



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.21875