LDAP in Win PE 2.0

Unattended CD/DVD Guide Homepage · MSFN Forum Rules

2 Pages
1
2
→

You cannot start a new topic
You cannot reply to this topic

LDAP in Win PE 2.0 Rate Topic:

#1 TofuBug

Newbie

Group: Members
Posts: 33
Joined: 26-December 06

Posted 03 January 2007 - 08:20 AM

Quick question does anyone know how to get LDAP queries in WIN PE 2.0 to work

or another way to validate an AD account from PE through VBScript

Cheers,

#2 mats

Member

Group: Members
Posts: 206
Joined: 10-May 05

Posted 05 January 2007 - 06:19 AM

Have you checked that you got the adsi dll files in your PE image and that they are registred?

#3 TofuBug

Newbie

Group: Members
Posts: 33
Joined: 26-December 06

Posted 05 January 2007 - 04:03 PM

mats, on Jan 5 2007, 07:19 AM, said:

Have you checked that you got the adsi dll files in your PE image and that they are registred?

where would i find a complete list of dll files needed, all i can find on microsoft's site is example scripts and some adsi tools

Cheers,

#4 Br4tt3

World famous sausage eater...

Group: Members
Posts: 566
Joined: 20-April 04

Posted 06 January 2007 - 05:50 AM

Hi!

I have never done it for WinPE 2.0 but I did it for WinPE 2005 (2003 SP1) and I used Johan Arwidmarks guide on MyITForum to acchieve it: I dunno if the same .dll files and so on are ported over to WinPE 2.0 (Vista) but why not go ahead and try it out, and report back if it works.....

The following files are needed within WinPE 2005:

1. activeds.tlb
2. adsldp.dll

And the guide link is:

http://www.myitforum...iew.asp?id=8810

Hope it solves it for u...

#5 TofuBug

Newbie

Group: Members
Posts: 33
Joined: 26-December 06

Posted 06 January 2007 - 11:40 PM

Br4tt3, on Jan 6 2007, 06:50 AM, said:

The following files are needed within WinPE 2005:

1. activeds.tlb
2. adsldp.dll

And the guide link is:

http://www.myitforum...iew.asp?id=8810

Hope it solves it for u...

Thanks a bunch that looks like something i can get to work.

I'll post again and let everyone know how it goes when i get in my office monday.

Cheers,

#6 TofuBug

Newbie

Group: Members
Posts: 33
Joined: 26-December 06

Posted 08 January 2007 - 03:35 PM

well i tried copying over those dll files and noticed that the PE 2.0 CD already contains the Type library left it along on one cd and replaced it with the old Type Library from XP.

I have scripting and everything installed and working, i even have msjetoledb40.dll registered for database calls but i always get the same error

Error: Invalid Syntax

Code: 800401E4

here's some of the variations i've tried all work normally under windows

Dim objRootDSE
Set objRootDSE = GetObject("LDAP://ACCT05.us.lmco.com/rootDSE")

Dim objRootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")

and a few other's i don't have the scripts handy for to copy them in.

it does not like the Set objRootDSE line at all no matter how i change things around.

all of them work in windows xp but refuse to work in pe 2.0

any thoughts?

Cheers,

#7 Br4tt3

World famous sausage eater...

Group: Members
Posts: 566
Joined: 20-April 04

Posted 12 January 2007 - 01:28 AM

You say they all work in WinXP! Is that WinPE based on WinXP or on a full blown domain joined XP box? Cause the only thing that I have seen is that, if you try to access the LDAP service (AD) from a workgrouped machine (which WinPE is) then u also need to supply a connection context (user and pass) for the adsi script. Another thing that I had some problems with earlier was that I could not request the RootDSE object (which is used for binds) until I had autenticated.... I connected to my LDAP using: LDAP://<domain.com> format to get it to work...

If u are having troubble connecting from ur WinPE to the AD, then maby u wanna add a little LDAP browser so that u can more easily see if also fails, or it works, then u know that the underlying LDAP support is in place. I recommend a tool called: adsvw.exe (MS - Active Directory Browser) which is a single .exe file.

#8 contra

Group: Members
Posts: 3
Joined: 18-December 06

Posted 29 January 2007 - 03:37 PM

TofuBug, on Jan 3 2007, 08:20 AM, said:

Quick question does anyone know how to get LDAP queries in WIN PE 2.0 to work

or another way to validate an AD account from PE through VBScript

Cheers,

I called MS support and MS told me that WIN PE 2.0 doesn't support ADSI.

I'm trying to find a way to query AD in Win PE.

#9 Br4tt3

World famous sausage eater...

Group: Members
Posts: 566
Joined: 20-April 04

Posted 01 February 2007 - 10:13 AM

Dont buy into what they say....

I dont think they supported ADSI below WinPE based on XP or 2003 either (if I am not mistaken), that does not mean it does not work..... like I said, I have not tried it but I can for example see that they are using some kind of provide within WinPE 2.0 that comes with BDD 2007. For example, they try to use the WinNT provide which is not ADSI but anyway....

#10 mattffrost

Newbie

Group: Members
Posts: 34
Joined: 18-July 06

Posted 22 February 2007 - 10:54 AM

I have got LDAP to work in WINPE.

From the Vista install.wim I added the follwoing files to the WINPE 2.0 boot.wim

adsldp.dll
adsnt.dll
mscoree.dll
mscorier.dll
mscories.dll

I then added to the sofware hive of WINPE 2.0 boot.wim the follwowing entries. Note you can load the hive and call int PE_software. You could cut and paste this into a .reg file and execute it.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADs]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADs\Clsid]
@="{4753da60-5b71-11cf-b035-00aa006e0975}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsDSOObject]
@="OLE DB Provider for Microsoft Directory Services"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsDSOObject\Clsid]
@="{549365d0-ec26-11cf-8310-00aa00b505db}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsNamespaces]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsNamespaces\Clsid]
@="{233664b0-0367-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsSecurityUtility]
@="ADs Security Utility Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsSecurityUtility\Clsid]
@="{f270c64a-ffb8-4ae4-85fe-3a75e5347966}"
[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADSystemInfo]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADSystemInfo\Clsid]
@="{50B6327F-AFD1-11d2-9CB9-0000F87A369E}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}]
@="ADs Provider Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}\InprocServer32]
@="activeds.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}\ProgID]
@="ADs"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{549365d0-ec26-11cf-8310-00aa00b505db}]
@="ADsDSOObject"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{549365d0-ec26-11cf-8310-00aa00b505db}\InprocServer32]
@="activeds.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{549365d0-ec26-11cf-8310-00aa00b505db}\OLE DB Provider]
@="OLE DB Provider for Microsoft Directory Services"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{549365d0-ec26-11cf-8310-00aa00b505db}\ProgID]
@="ADsDSOObject"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}]
@="ADs Namespaces Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}\InprocServer32]
@="activeds.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}\ProgID]
@="ADsNamespaces"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}]
@="ADs Security Utility Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\InprocServer32]
@="activeds.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\ProgID]
@="ADsSecurityUtility"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}]
@="AD System Info Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\InprocServer32]
@="adsldp.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\ProgID]
@="ADSystemInfo"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]
@="Microsoft User Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}\InprocServer32]
@="adsmsext.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}\ProgID]
@="MSExtUser"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}]
@="Microsoft Group Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}\InprocServer32]
@="adsmsext.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}\ProgID]
@="MSExtGroup"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}]
@="Microsoft Locality Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}\InprocServer32]
@="adsmsext.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}\ProgID]
@="MSExtLocality"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}]
@="Microsoft Organization Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}\InprocServer32]
@="adsmsext.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}\ProgID]
@="MSExtOrganization"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}]
@="Microsoft OrganizationUnit Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\InprocServer32]
@="adsmsext.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\ProgID]
@="MSExtOrganizationUnit"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}]
@="Microsoft PrintQueue Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}\InprocServer32]
@="adsmsext.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}\ProgID]
@="MSExtPrintQueue"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}]

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0]
@="Active DS Type Library"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0]

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0\win32]
@=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,73,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,63,00,74,00,69,00,\
76,00,65,00,64,00,73,00,2e,00,74,00,6c,00,62,00,00,00

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0\FLAGS]
@="0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}]
@="LDAP Provider Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}\InprocServer32]
@="adsldp.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}\ProgID]
@="LDAP"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}]
@="LDAP Namespace Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}\InprocServer32]
@="adsldp.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}\ProgID]
@="LDAPNamespace"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}]
@="ADs LDAP NameTranslate Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}\InprocServer32]
@="adsldp.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}\ProgID]
@="NameTranslate"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}]
@="AD System Info Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\InprocServer32]
@="adsldp.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\ProgID]
@="ADSystemInfo"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP]
@="LDAPNamespace"
"Aliases"="GC"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Computer]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Computer\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\
00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\
63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\
00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Group]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Group\{94a909a5-6f52-11d1-8c18-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,32,00,37,00,36,00,33,00,36,00,62,00,30,00,30,00,2d,\
00,34,00,31,00,30,00,66,00,2d,00,31,00,31,00,63,00,66,00,2d,00,62,00,31,00,\
66,00,66,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\
00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\groupOfNames]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\groupOfNames\{94a909a5-6f52-11d1-8c18-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,32,00,37,00,36,00,33,00,36,00,62,00,30,00,30,00,2d,\
00,34,00,31,00,30,00,66,00,2d,00,31,00,31,00,63,00,66,00,2d,00,62,00,31,00,\
66,00,66,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\
00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\groupOfUniqueNames]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\groupOfUniqueNames\{94a909a5-6f52-11d1-8c18-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,32,00,37,00,36,00,33,00,36,00,62,00,30,00,30,00,2d,\
00,34,00,31,00,30,00,66,00,2d,00,31,00,31,00,63,00,66,00,2d,00,62,00,31,00,\
66,00,66,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\
00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Locality]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Locality\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,61,00,30,00,35,00,65,00,30,00,33,00,61,00,32,00,2d,\
00,65,00,66,00,66,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,38,00,61,00,\
62,00,63,00,2d,00,30,00,30,00,63,00,30,00,34,00,66,00,64,00,38,00,64,00,35,\
00,30,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Organization]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Organization\{dccc0bed-6066-11d1-8c13-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,61,00,31,00,63,00,64,00,32,00,64,00,63,00,36,00,2d,\
00,65,00,66,00,66,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,38,00,61,00,\
62,00,63,00,2d,00,30,00,30,00,63,00,30,00,34,00,66,00,64,00,38,00,64,00,35,\
00,30,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Organizational Unit]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Organizational Unit\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,61,00,32,00,66,00,37,00,33,00,33,00,62,00,38,00,2d,\
00,65,00,66,00,66,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,38,00,61,00,\
62,00,63,00,2d,00,30,00,30,00,63,00,30,00,34,00,66,00,64,00,38,00,64,00,35,\
00,30,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\organizationalPerson]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\organizationalPerson\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\
00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\
63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\
00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\OrganizationalUnit]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\OrganizationalUnit\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,61,00,32,00,66,00,37,00,33,00,33,00,62,00,38,00,2d,\
00,65,00,66,00,66,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,38,00,61,00,\
62,00,63,00,2d,00,30,00,30,00,63,00,30,00,34,00,66,00,64,00,38,00,64,00,35,\
00,30,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\person]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\person\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\
00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\
63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\
00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\PrintQueue]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\PrintQueue\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,62,00,31,00,35,00,31,00,36,00,30,00,64,00,30,00,2d,\
00,31,00,32,00,32,00,36,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,39,00,\
38,00,35,00,2d,00,30,00,30,00,61,00,61,00,30,00,30,00,36,00,62,00,63,00,31,\
00,34,00,39,00,7d,00,00,00,7b,00,31,00,32,00,34,00,62,00,65,00,35,00,63,00,\
30,00,2d,00,31,00,35,00,36,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,\
00,39,00,38,00,36,00,2d,00,30,00,30,00,61,00,61,00,30,00,30,00,36,00,62,00,\
63,00,31,00,34,00,39,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\residentialPerson]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\residentialPerson\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\
00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\
63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\
00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\User]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\User\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]
"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\
00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\
63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\
00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\WinNT]
@="WinNTNamespace"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\WinNT\Extensions]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\WinNT\Extensions\User]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP]
@="URL:LDAP Protocol"
"EditFlags"=hex:02,00,00,00
"URL Protocol"=""

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP\Clsid]
@="{228D9A81-C302-11cf-9AA4-00AA004A5691}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP\shell]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP\shell\open]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP\shell\open\command]
@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\
4d,00,61,00,69,00,6c,00,5c,00,77,00,61,00,62,00,2e,00,65,00,78,00,65,00,22,\
00,20,00,22,00,2f,00,6c,00,64,00,61,00,70,00,3a,00,25,00,31,00,22,00,00,00,\
00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAPNamespace]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAPNamespace\Clsid]
@="{228D9A82-C302-11cf-9AA4-00AA004A5691}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\WinNT]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\WinNT\Clsid]
@="{8b20cd60-0f29-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\WinNTNamespace]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\WinNTNamespace\Clsid]
@="{250e91a0-0367-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}]
@="WinNT Namespace Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}\InprocServer32]
@="adsnt.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}\ProgID]
@="WinNTNamespace"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}\TypeLib]
@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}\Version]
@="1.0"

I also install the wmi, scritping, xml, hta and mdac packates to Winpe 2.0 boot.wim.

When you boot into winpe with the new boot.wim the network must be running along with DNS to bind.

Matt

#11 Br4tt3

World famous sausage eater...

Group: Members
Posts: 566
Joined: 20-April 04

Posted 25 February 2007 - 12:52 PM

n1....

#12 Typewriter

Group: Members
Posts: 6
Joined: 15-March 07

Posted 15 March 2007 - 07:11 AM

EDIT: After turning on my brain, I got it to work by using your example matt.

However, you have to edit the SOFTWARE hive in offline mode, because the WinPE regestry is locked when the OS is running, thus you can't just run a .reg file and hope that it would work.

And, its not even needed to register the added dlls, it just works.

This post has been edited by Typewriter: 16 March 2007 - 04:46 AM

#13 mattffrost

Newbie

Group: Members
Posts: 34
Joined: 18-July 06

Posted 16 March 2007 - 03:47 PM

TofuBug,

Yes that is correct edit the software hive in offline mode. Sorry I did not specify this better, glad you got it to work and that is good to know you do not need those dll's for some reason in my testing I thought you did but I will take your work for it.

Matt

#14 dem3tre

Group: Members
Posts: 2
Joined: 08-April 05

Posted 26 April 2007 - 01:25 PM

Matt could you quickly describe the process you followed to identify the registry settings that needed to be added to the software hive? This is the one part I continually struggle with....identifying files needed pretty easy, catching registry settings from all the chaff seems a bit like voodoo magic.

Thanks!

#15 TofuBug

Newbie

Group: Members
Posts: 33
Joined: 26-December 06

Posted 21 December 2007 - 08:33 PM

To All,

I'm kind of excited but kind it's sort of surreal that this is my first Post of a fix to my own problem

First off I would like to thank everyone who took the time to comment and help out with this especially Br4tt3

Turns out ADSI was functioning just fine in PE (after adding the required files and registry updates to the WIM)

The problem as Br4tt3 alluded to was in the script itself. Unfortunately I do not know EVERYTHING about ADSI... :blushing:

...Yet...

So I completely missed the relevance

Also apparently looking at the date of this first post it's been almost a year of leaving this on the back burner while I cooked up other tools and utilities for the corporation. So cue the Elton John Lion King theme song (just trust me it will make sense later)

I would like to share with anyone who is interested briefly how I came to the stunningly obvious "WOW I'm an ID10T!!!!" epiphany

I had been tasked middle of the year to develop a tool to allow our Computer Imaging Administrators to be able to quickly and efficiently create computer accounts in AD with specific security groups assigned to its ACE's for stuff like Joining the domain, rename etc.

In the end I came up with a centralized HTA which allowed for traversing the active OU structure in either direction. The tool also defaulted to use cached credentials for ADSI operations but had the option to enter a domain User Name and Password to validate using the OpenDSObject() method so the tool can be run on an account that may not have the same level of permissions needed to create a computer in AD

Long story short works like a charm and even after 6 months of minor OU restructuring I haven't had to modify the code once (if you can't tell I strive to develop tools that can adapt within reason to environmental changes)

The biggest thing I took out of that project was how to consistently validate a domain user name and password in a script using LDAP

Function ValidLogin(UserName,Password)
	On Error Resume Next
	Set ValidLogin= GetObject("LDAP:").OpenDSObject("LDAP://" & GetObject("LDAP://rootDSE").Get("defaultNamingContext"), UserName, Password, 1)
	ValidLogin = (Err.Number = 0)
End Function

Anything I develop now that requires a user name and password I use that function or a variation on it (really makes it nicer on the technicians who have to use my tools so they don't have to remember other passwords and logins)

Fast Forward to about a week ago....

I was again tasked with creating a similar tool this time to allow a computer in a workgroup to both create its own account in AD and join itself to its domain.

So... being the lazy developer I am :whistle:

I ripped out the core code for creating the computer accounts in AD from my other tool, wrapped it in a simple HTA with a login prompt using the same LDAP based validation (to allow for entering a user's credentials with enough privileges to actually create the account in AD) and an Add Computer button.

I tossed it all on a test machine I had deliberately deleted from AD

Ran it and...........

"Invalid user name or password?"........... :angry:

Retried password ........

"Invalid user name or password??"...........

Tried another login.......

"Enough already with the Invalid user name or password!!!!!".......... :realmad:

Finally had the clarity to load up Visual Studio 2005, attach to the HTA's process and debug the sucker.

That's when I realized I wasn't even getting an object back from the GetObject("LDAP://RootDSE") method....... :blushing:

might explain why nothing is working right.

Shortly thereafter I had the "You dumb a** the computer isn't even part of the domain so AD is OBLIVIOUS to its LDAPesque attempts to talk to the domain" moment

A few Google searches later and I had my answer, server binding directly to a domain controller

In a nutshell

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://DC=MyDomain,DC=com",UserName,Password,1)

becomes...

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://MyDomainController/DC=MyDomain,DC=Com",MyDomain\UserName,Password,1 + 512)

where the three important changes are

LDAP:// -> LDAP://MyDomainController/
UserName -> MyDomain\UserName
1 -> 1 + 512 (1 is ADSI Secure Authentication, and 512 is ADSI Server Bind)

Once I had updated the code to bind to the domain controller viola suddenly my tool liked my user name and passwords again and it was able to create the computer account in AD without a hitch.

Fast forward again to a few hours ago.

Booted up PE 2.0 to reimage my laptop (I had fried the OS testing piloted software for the corporation) symbolically beginning the end of the obligatory circle of life for me this year. (told you it would make sense later... the background music in your head should now be raising to that nice crescendo during the bridge, you know the part where you're supposed to get all emotional and "identify" with the main character as he stuggles to overcome....yeah......never mind.)

As I was waiting for Ghost to backup my exiting data I finally put 2 and 2 together,

Thank you high school logic chapter in math...

If computer is in a WORKGROUP then it must use a server bind to a domain controller to access AD

PE 2.0 loads in a WORKGROUP

So...... drum roll please,

If a computer is running PE 2.0 then it must use a server bind to a domain controller to access AD

Seemed simple enough logic in my head, so while I waited for ghost to backup my data from the laptop I tossed open VBSEdit in PE's command prompt and mashed together a quick and dirty script to return a computer with a distinguished name I already knew of the top of my head using the domain controller server binding. A few lines of code later and a quick running of the script and all I can really say is.

:w00t:

Yay......It works!!!!!

So that's my long drawn out story.

In the end I have learned 3 infallible truths out of this experience

Even plastic soft touch keyboards will make your forehead bleed if you beat it against it enough
If you lose enough blood it’s hard to focus on your computer screen or remember things like your name.
Keyboard keys tend to stick when blood dries under them

I'm hoping it will at least help someone avoid having to clean and disinfect their keyboard... or at the very least give someone a cheap laugh at my expense

Cheers,

TofuBug, on Jan 3 2007, 09:20 AM, said:

Quick question does anyone know how to get LDAP queries in WIN PE 2.0 to work

or another way to validate an AD account from PE through VBScript

Cheers,

#16 shawn_wall

Group: Members
Posts: 1
Joined: 20-July 06

Posted 01 February 2008 - 06:27 PM

I'm having an issue getting ADO to work correctly under Windows PE 2.0, I've added the files above modified the software hive and still can't get this to work. What I'm trying to do is run a query against a AD server to determine if a computer account exists in the directory. And even after following the steps above I'm still getting a "ActiveX component can't create object: 'ADOBD.Connection'". I've also noticed that if I try to regsvr32 the added DLL's I get a "The module <dllname>.dll was loaded but the entry-point DllRegisterServer was not found". I'm including the script I'm working on assuming that it's something I messed up as other people have gotten this working.

Many thanks in advance
Shawn

 
Set args = WScript.Arguments
If Wscript.Arguments.Count = 0 Then
Wscript.echo "No server name supplied"
Wscript.Quit 2
End If

strCompName = args.Item(0)

Set conn = CreateObject("ADODB.Connection") 
Set cmd = CreateObject("ADODB.Command") 
conn.provider = "adsdsoobject" 
Conn.Properties("User ID") = "<Serviceacct>" 
Conn.Properties("Password") = "<Password>" 
Conn.Properties("Encrypt Password") = TRUE
Conn.Properties("ADSI Flag") = 3
conn.open "Active Directory Provider"
 
Set cmd.activeconnection = conn 
cmd.commandtext = "<LDAP://hqdc01.nvidia.com/DC=nvidia,DC=com>;(&(objectcategory=computer)(objectclass=computer)(cn=" & strCompName & "));cn;subtree" 
Set rs = cmd.Execute 
If rs.recordcount <> 0 Then 
Wscript.echo "Server already exists in the domain"
Wscript.Quit 1
End If

#17 gadget

Member

Group: Members
Posts: 197
Joined: 02-January 04

Posted 05 February 2008 - 04:07 AM

I take it you like typing TofuBug. It's nice when a plan comes together.

#18 TofuBug

Newbie

Group: Members
Posts: 33
Joined: 26-December 06

Posted 05 February 2008 - 06:42 AM

gadget, on Feb 5 2008, 05:07 AM, said:

I take it you like typing TofuBug. It's nice when a plan comes together.

It's not so much that I like typing just my fingers tend to ramble on and on (usually because they're trying to play catch-up to my thought process)

I just need fingers that have the same reaction time as oh say a synapse firing.

And Yes Yes it is.

#19 justinp

Group: Members
Posts: 1
Joined: 17-July 08

Posted 17 July 2008 - 04:13 PM

No luck for me

 
Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://MyDomainController/DC=MyDomain,DC=Com",MyDomain\UserName,Password,1 + 512)

...gets me an "Invalid Syntax" message.

Any suggestions?

Thanks

Justin

#20 TofuBug

Newbie

Group: Members
Posts: 33
Joined: 26-December 06

Posted 18 July 2008 - 08:20 AM

justinp, on Jul 17 2008, 06:13 PM, said:

No luck for me

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://MyDomainController/DC=MyDomain,DC=Com",MyDomain\UserName,Password,1 + 512)

...gets me an "Invalid Syntax" message.

Any suggestions?

Thanks

Justin

Justin

Can't really tell you what specifically is causing this since i'm not going to ask you what DC's you are using and what User Name and password you are using but I'm assuming you know what one of your domain controllers are and the domain you are on and have a user name and password with at the lest read access to the LDAP protocol

Let me put out an example semi stolen from MS's technet examples

say your domain is RVB.US.COM

Say your domain controllers are RVB_DC1, RVB_DC2 and RVB_DC3

Now say you have a logon of SARGE

with a password of D1rtb@g

your code from above would look like this

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://RVB_DC2/DC=RVB,DC=US,DC=Com","RVB\SARGE","D1rtb@g",1 + 512)

or this

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://RVB_DC1/DC=RVB,DC=US,DC=Com","RVB\SARGE","D1rtb@g",1 + 512)

or this

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://RVB_DC3/DC=RVB,DC=US,DC=Com","RVB\SARGE","D1rtb@g",1 + 512)

The one thing I've found people i work with for this stuff forget is that every section of text seperated by a . or the beginning or end of the domain has to have its own DC=

Other than that it might be the account does not have permissions on the server or the plugin did not work

i would try the same code on a windows system that you know you can get to AD manually with the ADSI Administrative tools or some third party software I use Softerra's LDAP Browser 2.6 because unlike MS's admin tool kit it lists everything as a details list view which if you know what you are looking for makes it faster to get to things than the tabbed approach does.

Anyway hope that helps a little

Cheers