How to get SamAccountName in LDAP

[lucyc]

I want to get the user login name from LDAP, so I use SamAccountName, but keep getting the following error message.. I can get the value of the user's surname, givenname, name but not samAccountName. Can someone help?

Microsoft VBScript runtime error '800a01b6'

Object doesn't support this property or method: 'samaccountName'



varmember=objGroup.IsMember("LDAP://cn=" & struser & "," & struserou)
For Each objmember In objgroup.MEMBERS
Response.Write "uid = " & objmember.samaccountName & "<br>"
Response.Write "sn = " & objmember.sn & "<br>"
Response.Write "givenname = " & objmember.givenname & "<br>"
Next

 

[tsuji]

>I can get the value of the user's surname, givenname, name but not samAccountName
Can you first proof-read again the script shown and confirm that you really do get surname and givenname out of it as claimed? (You might have to comment out the samaccountname first response.write line to avoid error. It is so different from what I would think work that I cannot be sure I get the question right!)

 

[lucyc]

tsuji,

Yes. I need to commend out the first response in order to get the second and third response.write line. Otherwise I get

Microsoft VBScript runtime error '800a01b6'

Object doesn't support this property or method: 'samaccountName'
.

 

[tsuji]

If you do get the sn and givenname out of it, I am not so sure. But, in any case, I would think the script should be more like this.
[tt]
For Each [blue]strmember[/blue] In objgroup.MEMBE[highlight]R[/highlight]
[blue]set objmember=getobject("LDAP://" & strmember)[/blue]
[blue]if objmember.class="user" then[/blue]
Response.Write "uid = " & objmember.samaccountName & "<br>"
Response.Write "sn = " & objmember.sn & "<br>"
Response.Write "givenname = " & objmember.givenname & "<br>"
[blue]end if[/blue]
set objmember=nothing
Next
[/tt]
But you see there are some essential difference that I am not convinced...

 

[lucyc]

I can get sn and givenname by using either your code or mine but not the samaccount name (I have to comment out the samaccountname). Even I had the 's' on the objgroup.memeber(s) it seems work. After replacing mine with your code, I am getting the same error message

Microsoft VBScript runtime error '800a01b6'

Object doesn't support this property or method: 'samaccountName'

/adsiquerytool/ADSIListUsersLDAP.asp, line 72

 

[tsuji]

Try this see if it works.
[tt]
if objmember.class="user" then
[blue]objmember.getInfo()[/blue]
Response.Write "uid = " & objmember.[blue]get("samaccountName")[/blue] & "<br>"
Response.Write "sn = " & objmember.sn & "<br>"
Response.Write "givenname = " & objmember.givenname & "<br>"
end if
[/tt]

 

[lucyc]

tsuji,

Now I am getting a different error

Active Directory error '8000500c'

The Active Directory datatype cannot be converted to/from a native DS datatype

/adsiquerytool/ADSIListUsersLDAP.asp, line 87

I changed the code so it looks like this...

For Each strmember In objgroup.MEMBER
set objmember=getobject("LDAP://" & strmember)
if objmember.class="user" then
objmember.getInfo()
Response.Write "uid = " & objmember.get("samaccountName") & "<br>" <=== line 87
Response.Write "sn = " & objmember.sn & "<br>"
Response.Write "givenname = " & objmember.givenname & "<br>"
end if
set objmember=nothing
Next

 

[tsuji]

In order to determine the cause of the problem, how about doing these as independent/combined tests.
[1] Move .sAMAccountName response.write line below the .sn and .givenname lines, just make sure you really get those!
[2] Use a detour to nametranslate object. Outside of the for each loop, initiate a nametranslate instance. Then response write its result. I wouldn't think it necessary, but just to make an independent set of testing.
[tt]
set otrans=server.createobject("nametranslate")
otrans.init 3,""
For Each strmember In objgroup.MEMBER
set objmember=getobject("LDAP://" & strmember)
if objmember.class="user" then
otrans.set 1,strmember
sntname=otrans.get(3)
response.write "uid = " & mid(sntname,instr(sntname,"\")+1) & "<br>"
'etc etc
end if
Next
set otrans=nothing
'etc etc
[/tt]
[3] Make sure you have not encountered any security setting problem interfacing iis and ad in the first place. That is an assumption taken for granted all along.

 

[zcolton]

are you trying to get the list of users in a specific group?

zc

 

[zcolton]

If you want a list of usernames:
replace the groupldap variable with what you are using.

<%@ Language=VBScript %>
<html>
<head>
<script language=JScript runat=server>
    function SortVBArray(arrVBArray) {
        return arrVBArray.toArray().sort().join('\b');
    }
</script>
</head>
<body>
<%
groupldap="cn=CST,cn=users,dc=burlington,dc=org"
Set objGroup = GetObject ("LDAP://"&groupldap&"")
tempstr=""
For each objMember in objGroup.Members
 if tempstr<>"" then
  tempstr=tempstr&"#"
 end if
 tempstr=tempstr&objMember.samaccountname
next
Set objGroup=nothing
temparray=split(tempstr,"#")
SortArray = Split(SortVBArray(temparray), Chr(8))
For iLoop = LBound(SortArray) to UBound(SortArray)
response.write SortArray(iLoop)%><br>
<%next%>
</body>
</html>

 

[lucyc]

Hi Zcolton,

Thanks for your reply. I found the problem yesterday, it is on the IIS version. I can get the value of the samaccountname on a server with IIS Version 6, but no on IIS version 5.