Cannot perform request on RDN attribute of object

[keybrdcowboy]

Anyone seen this error message before? When I try and run a script that changes an Active Directory user's name or cn field, I get the following error message:

"The directory server cannot perform the requested operation on the RDN attribute of an object"

This happens with my regular user account and my domain admin account. Anyone have any experience with this one? Thanks a lot for any help...

 

[EBGreen]

Google provided two potential answers in a matter of seconds.

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[keybrdcowboy]

Okay.... Thanks for the help. I have already looked at Google... been reading that stuff since yesterday. I couldn't find anythign to help me though. The only thing I cna find are things saying you can't modify an RDN attribute of an object. Well, what's an RDN? And is it not possible to change those fields in AD? Are there any work arounds to this?

 

[EBGreen]

Here is one suggested solution:

http://www.dotnet247.com/247reference/msgs/51/255961.aspx

and another is here:

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21067786.html

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[EBGreen]

Well, what's an RDN?

Also via Google:

relative distinguished name (RDN) -- the part of the name of an object that is an attribute of the object itself. The attribute that provides the RDN for an object is referred to as the naming attribute.

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[keybrdcowboy]

Alright.... I understand the concept they are talking about, but not sure exactly how to implement it. here's my current code:

Option Explicit

Dim strUserName, strConnect, UserObj, oRootDSE, oConnection, oCommand, oRecordSet

strUserName = "usrname"

strConnect = fncConnectAD(strUserName)

Set UserObj = GetObject("LDAP://" & strConnect)

UserObj.Put ("cn"), ("big.dawg")
UserObj.SetInfo

wscript.echo "Done"


' This funtion will take a username and return the complete Distinguished Name
Public Function fncConnectAD(strUsername)
  Set oRootDSE = GetObject("LDAP://rootDSE")
  Set oConnection = CreateObject("ADODB.Connection")
  oConnection.Open "Provider=ADsDSOObject;"
  Set oCommand = CreateObject("ADODB.Command")
  oCommand.ActiveConnection = oConnection
  oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;(&(objectCategory=User)(samAccountName=" & _
                         strUserName & "));distinguishedName;subtree"
  Set oRecordSet = oCommand.Execute
  fncConnectAD = oRecordSet("distinguishedName")
End Function

So, do I need to modify this line "Set UserObj = GetObject("LDAP://" & strConnect)
" to incorporate authentication? Can you provide any examples.... I briefly searched google on the native ADsObject yesterday; I am going to go take a harder look now. Any help would be appreciated.... Thanks.

 

[tsuji]

>[tt](&(objectCategory=User)(samAccountName=" & _
> strUserName & "))[/tt]
[tt](&(objectCategory=person)(objectClass=user)(samAccountName=" & strUserName & "))[/tt]