Running a move ou script as a different account

[Benksy]

Hello all... I hope you can help as this is starting to drive me insane.

I have been set a task of writing a script that moves a computer from one OU to a new "Vista" OU in AD. The script works fine when logged into an account which has access to move a computer between OUs but if you log into one which doesnt, it fails to work. It doesnt seem to be passing the username and password through correctly.

I have blanked out any username/password/domain info from the script below for obvious reasons.

Any advice from a pro would be awesome.

Thanks..

Here comes the science bit..

Option Explicit

'=*=*=*=*=*=* Constants =*=*=*=*=*=*
Const ADS_SCOPE_SUBTREE = 2
Const CONNECTION_USERNAME = "domain\username"
Const CONNECTION_PASSWORD = "password"
Const VISTA_OU = "LDAP://OU=xxxxx,OU=xxxx,OU=Machines,DC=xx,DC=Domain,DC=xx"

Dim objNetwork: Set objNetwork = CreateObject("WScript.Network")

'=*=*=*=*=*=* Set up database connection =*=*=*=*=*=*
Dim objConnection: Set objConnection = CreateObject("ADODB.Connection")
Dim objCommand: Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties ("user ID") = CONNECTION_USERNAME
objConnection.Properties ("Password") = CONNECTION_PASSWORD
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = "Select ADsPath FROM 'LDAP://dc=xx,dc=xxxxxx,dc=xxx' WHERE objectCategory='computer' AND name='" & objNetwork.ComputerName & "'"
'Execute command
Dim objRecordSet: Set objRecordSet = objCommand.Execute

'=*=*=*=*=*=* Move Machine =*=*=*=*=*=*
Dim strADsPath: strADsPath = objRecordSet.Fields("ADsPath").Value
Dim objOU: Set objOU = GetObject(VISTA_OU)
Call objOU.MoveHere(strADsPath, vbNullString)

 

[PScottC]

Considering Vista's security model, have you digitally signed your script with a certificate from a CA that all the Vista machines trust? I've had difficulty running anything unsigned on Vista due to UAC restrictions.


PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[Benksy]

Thanks for your reply...

Even though it says Vista , we are testing this on XP at the moment

I guess we will cross the Vista bridge when we get to it but just need it running on XP for now.

 

[PScottC]

Rereading your script, you specify credentials for the AD Query, but not the actual move itself.

When you create this object:
Set objOU = GetObject(VISTA_OU)
You are opening a connection to AD with the credentials of the user running the script.

Maybe you want something more on the back end that searches for Vista Machines on the domain and then moves them all at once? (Run it as a Scheduled task once a day on a DC, maybe)

Option Explicit

'=*=*=*=*=*=* Constants =*=*=*=*=*=*
Const ADS_SCOPE_SUBTREE = 2
' Const CONNECTION_USERNAME = "domain\username"
' Const CONNECTION_PASSWORD = "password"
Const VISTA_OU = "OU=xxxxx,OU=xxxx,OU=Machines,DC=xx,DC=Domain,DC=xx"

Dim objNetwork: Set objNetwork = CreateObject("WScript.Network")

'=*=*=*=*=*=* Set up database connection =*=*=*=*=*=*
Dim objConnection: Set objConnection = CreateObject("ADODB.Connection")
Dim objCommand: Set objCommand =   CreateObject("ADODB.Command")

' Bind to AD... Future 'gets' will not re-bind (efficient)
Dim objDSE : Set objDSE = GetObject("LDAP://rootDSE")
Dim strDNC : strDNC = oDSE.Get("defaultNamingContext")

objConnection.Provider = "ADsDSOObject"
' objConnection.Properties ("user ID") = CONNECTION_USERNAME
' objConnection.Properties ("Password") = CONNECTION_PASSWORD
objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
Dim strSearchRoot : strSearchRoot = "<LDAP://" & sDNC & ">"
Const sFilter = "(&(objectClass=computer)(operatingSystem=*Vista*))"
Const sAttribs = "distinguishedName"
Const sScope = "subtree"
objCommand.CommandText = sSearchRoot & ";" & sFilter & ";" & sAttribs & ";" & sScope
' objCommand.CommandText = "Select ADsPath FROM 'LDAP://dc=xx,dc=xxxxxx,dc=xxx' WHERE objectCategory='computer' AND name='" & objNetwork.ComputerName & "'" 

'Execute command
Dim objRecordSet: Set objRecordSet = objCommand.Execute

Dim objOU: Set objOU = GetObject("LDAP://" & VISTA_OU)

Dim strDistName
'=*=*=*=*=*=* Move Machine =*=*=*=*=*=*
Do Until objRecordSet.EOF
	strDistName = objRecordSet.Fields("distinguishedName")
	' Don't move system if already in correct OU.
	If InStr(1, strDistName, VISTA_OU, vbtextcompare) > 0 Then
		objOU.MoveHere strDistName, vbNullString
	End If
	objRecordSet.MoveNext
Loop
' Dim strADsPath: strADsPath = objRecordSet.Fields("ADsPath").Value
' Call objOU.MoveHere(strADsPath, vbNullString)

I haven't tested this code yet, but it should be pretty close.



PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers