LDAP query not working when run from Stand Alone Workstation

[willir]

I am working in a mixed environment with several domains, and I need to build a script that takes a recently imaged workstation in the default "WORKGROUP" and joins it to a domain. I am VBS within an HTA form. The script runs fine when launched on a desktop that is already joined to a domain, but fails when launched from the stand alone workstation in the default workgroup.

Errors vary.
- Error -2147023541 (null description)
- Error 8007203A - Active Directory: The server is not operational (misleading error, I can ping the server, it is operational, and I can manually add the PC to the domain)

I copied over three snippettes of code - in each case the code works and displays information for three different domains provided the desktop belongs to one of the domains.

The first snippette gave me everything I wanted when run from domain desktop, and was nice because it was generic - no hard coding. (From here, the end user would select the domain from the list box, and authenticate with their credentials. From there, the script would get the OU information, etc.) But it only retrieved the name of the recently imaged PC when run from the workgroup.

'****************************************************************************************
Sub FindAllDomains1(oWMI)

	Dim oNameSpace, oDomain
	Dim intD, sName
	Dim lngErr, sErr
	
	' This works well when on domain - this is what I want, generic, simple
	' As standadlone, fails, no error bu rtrieves PC name only, not domain

	Set oNameSpace = oWMI.ExecQuery("Select * from Win32_NTDomain")
	
	intD = 0
	For Each oDomain in oNameSpace
		sName = oDomain.Caption
		If sName <> "" Then
			intD = intD + 1
			WScript.Echo sName & " - " & oDomain.Name & " - " & oDomain.DomainName & " - " & oDomain.DnsForestName
		End if
	Next

End Sub
'***************************************************************************************

So I resorted to hard coding. This snippete retrieves the name of each domain in the hardcoded list, and I can work with the object. But as soon as I move from GetObject("WinNT://...") to an LDAP query, it fails. Yes, I do know hot to authenticate using the domain name retrieved, but I am trying to get something more gneric using LDAP, and who knows how long Micr$oft wil support legacy WinNT approach.

'***************************************************************************************
Sub FindDomains4()

	Dim oDomain, oAuthenticate, oRoot
	Dim bLoop, intS, sLDAP, sDomain
	Dim sAcct, sPwd
	Dim lngErr, sErr

	Const ADS_SECURE_AUTHENTICATION = &h0001
	Const ADS_SERVER_BIND=&h0200
	Const ADS_CHASE_REFERRALS_ALWAYS = &h60

	bLoop = True
	intS = 0

	Do While bLoop

		intS = intS + 1	
		' As standadlone, Works, but is hardcoded
		' Works on Domain
		
		On Error Resume Next
		Select Case intS
			Case 1 
				Set oDomain = GetObject("WinNT://DOMAIN01")
				sAcct = "\Acct01"
			Case 2 
				Set oDomain = GetObject("WinNT://DOMAIN02")
				sAcct = "\Acct02"
			Case 3 
				Set oDomain = GetObject("WinNT://DOMAIN03")
				sAcct = "\Acct03"
			Case Else bLoop = False
		End Select
		
		lngErr = Err.Number
		sErr = Err.Description
		On Error Goto 0
		
		If bLoop and lngErr = 0 then
			sDomain = oDomain.Name
			WScript.Echo oDomain.Name			' Good this works
			sLDAP = oDomain.adsPath
			WScript.Echo oDomain.adsPath		' This works too
			
			On Error Resume Next
			Set oRoot = GetObject("LDAP:")
			Set oAuthenticate = oRoot.OpenDSObject("LDAP://" & sDomain, sDomain & sAcct, sPwd, ADS_SECURE_AUTHENTICATION and ADS_CHASE_REFERRALS_ALWAYS)
			lngErr = Err.Number
			sErr = Err.Description
			On Error Goto 0
			
			' Above works when on the domain, but fails when run from stand alone
			' Error 8007203A - Active Directory: The server is not operational		
			If lngError Then Wscript.Echo "Err: " & lngErr & " - " & sErr
			
		Else
			If bLoop Then Wscript.Echo "Err: " & lngErr & " - " & sErr
		End if
	Loop
End Sub

'*****************************************************************************************

The third attempt - grab the domain controllers - works when on the domain, but not when run from the workgroup.
Fails with an error -2147023541

'***************************************************************************************
Sub FindAllControllers()

	Dim oConnect, oCmd, oRS, oOU
	Dim bLoop, intS
	Dim lngErr, sErr

	Set oConnect = CreateObject("ADODB.Connection")
	Set oCmd = CreateObject("ADODB.Command")

	bLoop = True
	intS = 0

	Do While bLoop

		' As standadlone, Fails with error -2147023541, 3x
		' On domain, Works - gives list of domain controllers

		intS = intS + 1
		
		On Error Resume Next
		
		Select Case intS
			Case 1 Set oOU = GetObject("LDAP://ou=Domain Controllers,dc=dom01,dc=com")
			Case 2 Set oOU = GetObject("LDAP://ou=Domain Controllers,dc=dom02,dc=com")
			Case 3 Set oOU = GetObject("LDAP://ou=Domain Controllers,dc=dom03,dc=com")
			Case Else bLoop = False
		End Select
		
		lngErr = Err.Number
		sErr = Err.Description
                  ' *** Error -2147023541 generated here - description is null when run from workgroup, no error when on domain
				  ' *** This code does work when run from a PC already on a domain - info for all 3 domains is reported
		On Error Goto 0
		
		If lngErr Then
			Wscript.Echo "Err: " & lngErr & " - " & sErr
		End if

		If bLoop and lngErr = 0 Then
			If IsObject(oOU) Then
				oOU.Filter = Array("Computer")
				For Each oRS in oOU
					Wscript.Echo oRS.CN
				Next
			Else
				Wscript.Echo "Should not happen"
			End if
		End if
	Loop

End Sub
'***************************************************************************************

Any help would be appreciated.
Thanks
Richard

 

[strongm]

What DNS server are you using when machine is in Workgroup?

 

[willir]

It picks up the DNS from the VLAN from the switch it is connected to. This is on DOMAIN01 in my example.

 

[strongm]

And oDomain.Name is returning the fully qualified domain name?

 

[willir]

It was a DNS issue. The standalone workstation does not have sufficient info vs a workstation on the domain.