Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Create LDAP account using local user

Status
Not open for further replies.

fredclown

Programmer
Aug 15, 2005
7
US
My code is below. I am trying to create an LDAP account using a local user (specifically so it can be used by my web server's IUSR account). We have two domain controllers with "A" records (ldap.mydomain.dom) for both. That way we have failover if one server is not accessable. I put the dns record to my domain server into my ldap string. My thought is that this should work fine, since it will just go look up the dns record get the server and then use the server's IP address. However I keep getting an error on the password line. It creates the accoutn just fine, but the password line fails. So, I have an account without a password. If I just put one of the domain controller names or IP addresses in it works fine, but with the dns record I get this error ...

Error: One or more input parameters are invalid
Code: 80070034
Source: Active Directory

I think my syntax is fine, because it works perfectly with the domain controller's name or IP. I guess I'm just wondering if anyone has any ideas why putting the dns record in is causing it to fail. I'd rather not put the machine name in because then we have no failover, and if we ever change the name of the domain controller I'd have to go adjust all my scripts again. Thanks for any help.

Also one bit of info ... the code is being deployed into a DMZ on a different domain than the one being accessed hence the need for being pointed to a specific server.

Code:
strUsername	= "mydomain\myuser"
strPassword	= "password"

Set objLDAP = GetObject("LDAP:")
Set objContainer = objLDAP.OpenDSObject("LDAP://ldap.mydomain.dom/ou=test,dc=mydomain,dc=dom", strUsername, strPassword, 0)

Set objUser = objContainer.Create("user", "cn=Fred Clown")
objUser.sAMAccountName = "fredclown"
objUser.SetInfo
objUser.SetPassword "Freddy1234" '<---- This is the error line
objUser.AccountDisabled = False
objUser.employeeID = "P000000000"
objUser.displayName = "Fred Clown"
objUser.givenName = "Fred"
objUser.initials = "T"
objUser.sn = "Clown"
objUser.userAccountControl = "66048"
objUser.SetInfo

Set objUser = Nothing
Set objContainer = Nothing
Set objLDAP = Nothing
 
I would first check if the password so entered complies with password complexity policy setting if any.
 
I would have to agree, your script looks fine to me. Though your script looks like it should meet complexity requirements you may be prohibbitted from using part of the user name. Try setting "Abcd1234" as the password instead.

You should add code to mark the account as not disabled.

objUser.SetPassword "Abcd1234"
objUser.SetInfo
objUser.AccountDisabled = False
objUser.SetInfo

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
you might consider getting rid of the

objUser.SetInfo and wait to use this after the SetPassword part

objUser.sAMAccountName = "fredclown"
'objUser.SetInfo
 
We figured it out. We created server records in our second domain pointing to our first domain, so now all's I have to do is reference mydomain.dom. It was a dns/open port issue.

objLDAP.OpenDSObject("LDAP://mydomain.dom/ou=test,dc=mydomain,dc=dom",strUsername,strPassword, 0)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top