Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SetPassword Invalid DN Syntax Code 80072032

Status
Not open for further replies.
Phylum

Phylum

IS-IT--Management
Aug 16, 2004
36
US
Good evening all.

I hate to bother everyone but I'm running into some problems with a VB script I've created to add a user to AD. I'm fairly new to VBScripting and am open to criticism, constructive of otherwise.

Higher up in the script, strLName, strFName, strLoginID, strEndDate & strPasswd are defined based on user input or generated & stored in a variable.

Code: 
Dim objRootD, strContainer, objOU, oUser
Set objRootD = GetObject("LDAP://bleh.blah.net/OU=Whatever,OU=This Goes On,DC=domain,DC=tld")
Set oUser = objRootD.Create("User", "CN=" & strLName & "\, " & strFName) ' Escape the comma
	oUser.Put "sAMAccountName", strLoginID
	[!]oUser.SetPassword strPasswd[/!] ' <---First Error Here: Invalid DN syntax Code 80072032
	' Tried SetPassword(strPasswd), SetPassword = strPasswd; I even typed in a known/good password, one that would be accepted with no luck
	' Regardless of whether or not double quotes are present it still fails.
	' I hit up this site of course, [url=http://tinyurl.com/q62zc4][URL unfurl="true"]http://tinyurl.com/q62zc4[/URL][/url], and found lots of info
	' However, I couldn't find anything that helped me figure out where I went wrong
	' Moving on; I comment out the above line since it doesn't seem to work and I get my... 
	[!]oUser.SetInfo[/!] ' <--- Second Error Here: General Access Denied Error.
	' Adding a user manually via AD Users & Computers works fine so its not an account limitation.
	' So this suggest I'm going to need the password line above to work before I can commit my changes.
	oUser.Put "givenName", strFName
	oUser.Put "AccountExpirationDate", strEndDate ' I assume format is MM/DD/YYYY
	oUser.Put "objectClass","top; person; organizationalPerson; user;"
	oUser.Put "sn", strLName
	oUser.Put "distinguishedName", "CN=" & strLName & "\, " & strFName & ",OU=Whatever,OU=This Goes On,DC=domain,DC=tld"
	oUser.Put "displayName", strLName & ", " & strFName
	oUser.Put "name", strLName & ", " & strFName 
	oUser.Put "primaryGroupID", "999"
	oUser.Put "sAMAccountType", "805306368"
	oUser.Put "userPrincipalName", strLoginID & "@domain.tld"
	oUser.Put "objectCategory", "CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=tld"
	oUser.SetInfo

Any assistance is greatly apprecaited. Links on what I need to doublecheck are more than welcome as I'm not looking to be spoonfed.
'
Cheers
 
Sort by date Sort by votes
Commit the creation of an user account before setting password---that's how it works with active directory.
[tt]
'...etc
oUser.Put "sAMAccountName", strLoginID
[red]'[/red]oUser.SetPassword strPasswd
oUser.SetInfo
[blue]oUser.SetPassword strPasswd[/blue]
'etc...
[/tt]
 
Upvote 0 Downvote
Hi tsuji - I've read a few of the responses you've provided in several other posts; Thank you for taking the time to review our questions & sharing your knowledge (or just being that extra pair of eyes we need!).

I've committed the changes but receive the "General access denied Error Code: 80070005" on line 86, which is now oUser.SetInfo.

Again, I'm running the script as myself & when I launch AD Users & Computers I can create accounts in the specified OU.
 
Upvote 0 Downvote
There isn't any doubt of the correct order be the setInfo must be made before any attempt to setPassword. I would get that part behind: if you are not convinced, I can't do anything else. Then, if only setting samaccountname and get error, you must verify that the samaccountname be _unique_ across the forest.
 
Upvote 0 Downvote
Tsuji is 100% correct. Try binding to the user object first before creating it.

Code: 
Dim objRootD, strContainer, objOU, oUser
Set objRootD = GetObject("LDAP://bleh.blah.net/OU=Whatever,OU=This Goes On,DC=domain,DC=tld")

'Check if user already exists
On Error Resume Next
oUser = GetObject("CN=" & strLName & "\, " & strFName & "OU=Whatever,OU=This Goes On,DC=domain,DC=tld")
If Err.Number = 0 Then
	'User already exists
	WScript.Echo "Username already in use"
	WScript.Quit
Else
	Set oUser = objRootD.Create("User", "CN=" & strLName & "\, " & strFName) ' Escape the comma
    oUser.Put "sAMAccountName", strLoginID
    oUser.SetInfo
    oUser.SetPassword strPasswd 
    oUser.SetInfo
End If
On Error GoTo 0

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Tsuji: Thanks again for replying. I wasn't trying to be argumentative or combative in my previous post. If it came off that way, I apologize.
Markdmac: Thank you taking the time to respond. PS - I've seen your site in my many Googling 'VBS' Adventures; Thanks for sharing the wealth.

I'm pretty green when it comes to VBScript/WMI/WSH/ADSI so I welcome and appreciate all comments. Who am I to question when I myself am having trouble!

The accounts I'm trying to create are unique as I'm using names like LeBron James & Kobe Bryant :). Also it helps that this domain has very few users to begin with.

As previously mentioned, I took your suggestions to bind the user object first before creating it, but it still doesn't seem to take. I'm checking with a few others on the team who have some VB experience, but so far they've not been able to identify the problem. Odd. And this is being done using a domain admin account on the DC itself.

I'm sure its some mundane detail I missed in the syntax so I'll keep plugging away. If there's anything else I can provide that may prove to be helpful, let me know.

Thanks again!
 
Upvote 0 Downvote
Phylum, you don't have to worry about how the feeling comes out. I know well how talking straight can make the recipient feels, guilty as charged. I am just concerned that the point does not get passed and get talked away. If there are m critical spots to error and each has n possibilities to error, there are effective n^m cases to debug. If m is reduced by 1, the cases is reduced to n^(m-1) which can make a huge difference with n^m. I just worry people don't understand that and talk the critical correction as if just another net-wide valueless idle talk and show-off, even though that does not resolve the whole problem. In any case, you should then work closely with your colleauges to get more pertinent interactive and good luck. (Try do a create user with simple plain non-common a-z names, avoid fancy "&" "," space etc at the start.)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Peterdo
  • Locked
  • Question
Read code
Replies
1
Views
268
strongm
strongm
bdwilcox
  • Locked
  • Question
HTA fails with Syntax Error when working VBScript inserted
Replies
2
Views
394
bdwilcox
bdwilcox
jtm2020hyo
  • Locked
  • Question
What is wrong with this code?
Replies
3
Views
284
strongm
strongm
bdwilcox
  • Locked
  • Question
Script seeing input variable value as blank but sees hard-coded value 4
Replies
6
Views
716
bdwilcox
bdwilcox
NYCROB
  • Locked
  • Question
Error Permission Denied - Code 800A0046 - Copiend the Documents Folder
Replies
2
Views
198
NYCROB
NYCROB

Part and Inventory Search

Sponsor

Back
Top