Jump to content

LDAP in Win PE 2.0


TofuBug

Recommended Posts


Have you checked that you got the adsi dll files in your PE image and that they are registred?

where would i find a complete list of dll files needed, all i can find on microsoft's site is example scripts and some adsi tools

Cheers,

Link to comment
Share on other sites

Hi!

I have never done it for WinPE 2.0 but I did it for WinPE 2005 (2003 SP1) and I used Johan Arwidmarks guide on MyITForum to acchieve it: I dunno if the same .dll files and so on are ported over to WinPE 2.0 (Vista) but why not go ahead and try it out, and report back if it works..... :)

The following files are needed within WinPE 2005:

1. activeds.tlb

2. adsldp.dll

And the guide link is:

http://www.myitforum.com/articles/14/view.asp?id=8810

Hope it solves it for u...

Link to comment
Share on other sites

Hi!

I have never done it for WinPE 2.0 but I did it for WinPE 2005 (2003 SP1) and I used Johan Arwidmarks guide on MyITForum to acchieve it: I dunno if the same .dll files and so on are ported over to WinPE 2.0 (Vista) but why not go ahead and try it out, and report back if it works..... :)

The following files are needed within WinPE 2005:

1. activeds.tlb

2. adsldp.dll

And the guide link is:

http://www.myitforum.com/articles/14/view.asp?id=8810

Hope it solves it for u...

Thanks a bunch that looks like something i can get to work.

I'll post again and let everyone know how it goes when i get in my office monday.

Cheers,

Link to comment
Share on other sites

well i tried copying over those dll files and noticed that the PE 2.0 CD already contains the Type library left it along on one cd and replaced it with the old Type Library from XP.

I have scripting and everything installed and working, i even have msjetoledb40.dll registered for database calls but i always get the same error

Error: Invalid Syntax

Code: 800401E4

here's some of the variations i've tried all work normally under windows

Dim objRootDSE

Set objRootDSE = GetObject("LDAP://ACCT05.us.lmco.com/rootDSE")

Dim objRootDSE

Set objRootDSE = GetObject("LDAP://rootDSE")

and a few other's i don't have the scripts handy for to copy them in.

it does not like the Set objRootDSE line at all no matter how i change things around.

all of them work in windows xp but refuse to work in pe 2.0

any thoughts?

Cheers,

Link to comment
Share on other sites

You say they all work in WinXP! Is that WinPE based on WinXP or on a full blown domain joined XP box? Cause the only thing that I have seen is that, if you try to access the LDAP service (AD) from a workgrouped machine (which WinPE is) then u also need to supply a connection context (user and pass) for the adsi script. Another thing that I had some problems with earlier was that I could not request the RootDSE object (which is used for binds) until I had autenticated.... I connected to my LDAP using: LDAP://<domain.com> format to get it to work...

If u are having troubble connecting from ur WinPE to the AD, then maby u wanna add a little LDAP browser so that u can more easily see if also fails, or it works, then u know that the underlying LDAP support is in place. I recommend a tool called: adsvw.exe (MS - Active Directory Browser) which is a single .exe file.

Link to comment
Share on other sites

  • 3 weeks later...
Quick question does anyone know how to get LDAP queries in WIN PE 2.0 to work

or another way to validate an AD account from PE through VBScript

Cheers,

I called MS support and MS told me that WIN PE 2.0 doesn't support ADSI. :( I'm trying to find a way to query AD in Win PE.

Link to comment
Share on other sites

Dont buy into what they say.... ;)

I dont think they supported ADSI below WinPE based on XP or 2003 either (if I am not mistaken), that does not mean it does not work..... like I said, I have not tried it but I can for example see that they are using some kind of provide within WinPE 2.0 that comes with BDD 2007. For example, they try to use the WinNT provide which is not ADSI but anyway....

Link to comment
Share on other sites

  • 3 weeks later...

I have got LDAP to work in WINPE.

From the Vista install.wim I added the follwoing files to the WINPE 2.0 boot.wim

adsldp.dll

adsnt.dll

mscoree.dll

mscorier.dll

mscories.dll

I then added to the sofware hive of WINPE 2.0 boot.wim the follwowing entries. Note you can load the hive and call int PE_software. You could cut and paste this into a .reg file and execute it.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADs]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADs\Clsid]

@="{4753da60-5b71-11cf-b035-00aa006e0975}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsDSOObject]

@="OLE DB Provider for Microsoft Directory Services"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsDSOObject\Clsid]

@="{549365d0-ec26-11cf-8310-00aa00b505db}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsNamespaces]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsNamespaces\Clsid]

@="{233664b0-0367-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsSecurityUtility]

@="ADs Security Utility Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADsSecurityUtility\Clsid]

@="{f270c64a-ffb8-4ae4-85fe-3a75e5347966}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADSystemInfo]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\ADSystemInfo\Clsid]

@="{50B6327F-AFD1-11d2-9CB9-0000F87A369E}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}]

@="ADs Provider Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}\InprocServer32]

@="activeds.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}\ProgID]

@="ADs"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{4753da60-5b71-11cf-b035-00aa006e0975}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{549365d0-ec26-11cf-8310-00aa00b505db}]

@="ADsDSOObject"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{549365d0-ec26-11cf-8310-00aa00b505db}\InprocServer32]

@="activeds.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{549365d0-ec26-11cf-8310-00aa00b505db}\OLE DB Provider]

@="OLE DB Provider for Microsoft Directory Services"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{549365d0-ec26-11cf-8310-00aa00b505db}\ProgID]

@="ADsDSOObject"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}]

@="ADs Namespaces Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}\InprocServer32]

@="activeds.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}\ProgID]

@="ADsNamespaces"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{233664b0-0367-11cf-abc4-02608c9e7553}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}]

@="ADs Security Utility Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\InprocServer32]

@="activeds.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\ProgID]

@="ADsSecurityUtility"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}]

@="AD System Info Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\InprocServer32]

@="adsldp.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\ProgID]

@="ADSystemInfo"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]

@="Microsoft User Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}\InprocServer32]

@="adsmsext.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}\ProgID]

@="MSExtUser"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}]

@="Microsoft Group Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}\InprocServer32]

@="adsmsext.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}\ProgID]

@="MSExtGroup"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{94a909a5-6f52-11d1-8c18-00c04fd8d503}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}]

@="Microsoft Locality Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}\InprocServer32]

@="adsmsext.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}\ProgID]

@="MSExtLocality"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}]

@="Microsoft Organization Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}\InprocServer32]

@="adsmsext.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}\ProgID]

@="MSExtOrganization"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{dccc0bed-6066-11d1-8c13-00c04fd8d503}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}]

@="Microsoft OrganizationUnit Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\InprocServer32]

@="adsmsext.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\ProgID]

@="MSExtOrganizationUnit"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}]

@="Microsoft PrintQueue Extension"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}\InprocServer32]

@="adsmsext.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}\ProgID]

@="MSExtPrintQueue"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\CLSID\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}]

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0]

@="Active DS Type Library"

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0]

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0\win32]

@=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,73,\

00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,63,00,74,00,69,00,\

76,00,65,00,64,00,73,00,2e,00,74,00,6c,00,62,00,00,00

[HKEY_LOCAL_MACHINE\pe_SOFTWARE\Classes\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0\FLAGS]

@="0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}]

@="LDAP Provider Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}\InprocServer32]

@="adsldp.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}\ProgID]

@="LDAP"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A81-C302-11cf-9AA4-00AA004A5691}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}]

@="LDAP Namespace Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}\InprocServer32]

@="adsldp.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}\ProgID]

@="LDAPNamespace"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{228D9A82-C302-11cf-9AA4-00AA004A5691}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}]

@="ADs LDAP NameTranslate Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}\InprocServer32]

@="adsldp.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}\ProgID]

@="NameTranslate"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{274fae1f-3626-11d1-a3a4-00c04fb950dc}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}]

@="AD System Info Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\InprocServer32]

@="adsldp.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\ProgID]

@="ADSystemInfo"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{50B6327F-AFD1-11d2-9CB9-0000F87A369E}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP]

@="LDAPNamespace"

"Aliases"="GC"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Computer]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Computer\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\

00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\

63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\

00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Group]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Group\{94a909a5-6f52-11d1-8c18-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,32,00,37,00,36,00,33,00,36,00,62,00,30,00,30,00,2d,\

00,34,00,31,00,30,00,66,00,2d,00,31,00,31,00,63,00,66,00,2d,00,62,00,31,00,\

66,00,66,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\

00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\groupOfNames]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\groupOfNames\{94a909a5-6f52-11d1-8c18-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,32,00,37,00,36,00,33,00,36,00,62,00,30,00,30,00,2d,\

00,34,00,31,00,30,00,66,00,2d,00,31,00,31,00,63,00,66,00,2d,00,62,00,31,00,\

66,00,66,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\

00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\groupOfUniqueNames]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\groupOfUniqueNames\{94a909a5-6f52-11d1-8c18-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,32,00,37,00,36,00,33,00,36,00,62,00,30,00,30,00,2d,\

00,34,00,31,00,30,00,66,00,2d,00,31,00,31,00,63,00,66,00,2d,00,62,00,31,00,\

66,00,66,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\

00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Locality]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Locality\{2dfb3a35-6071-11d1-8c13-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,61,00,30,00,35,00,65,00,30,00,33,00,61,00,32,00,2d,\

00,65,00,66,00,66,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,38,00,61,00,\

62,00,63,00,2d,00,30,00,30,00,63,00,30,00,34,00,66,00,64,00,38,00,64,00,35,\

00,30,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Organization]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Organization\{dccc0bed-6066-11d1-8c13-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,61,00,31,00,63,00,64,00,32,00,64,00,63,00,36,00,2d,\

00,65,00,66,00,66,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,38,00,61,00,\

62,00,63,00,2d,00,30,00,30,00,63,00,30,00,34,00,66,00,64,00,38,00,64,00,35,\

00,30,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Organizational Unit]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\Organizational Unit\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,61,00,32,00,66,00,37,00,33,00,33,00,62,00,38,00,2d,\

00,65,00,66,00,66,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,38,00,61,00,\

62,00,63,00,2d,00,30,00,30,00,63,00,30,00,34,00,66,00,64,00,38,00,64,00,35,\

00,30,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\organizationalPerson]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\organizationalPerson\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\

00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\

63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\

00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\OrganizationalUnit]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\OrganizationalUnit\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,61,00,32,00,66,00,37,00,33,00,33,00,62,00,38,00,2d,\

00,65,00,66,00,66,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,38,00,61,00,\

62,00,63,00,2d,00,30,00,30,00,63,00,30,00,34,00,66,00,64,00,38,00,64,00,35,\

00,30,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\person]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\person\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\

00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\

63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\

00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\PrintQueue]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\PrintQueue\{9f37f39c-6f49-11d1-8c18-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,62,00,31,00,35,00,31,00,36,00,30,00,64,00,30,00,2d,\

00,31,00,32,00,32,00,36,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,39,00,\

38,00,35,00,2d,00,30,00,30,00,61,00,61,00,30,00,30,00,36,00,62,00,63,00,31,\

00,34,00,39,00,7d,00,00,00,7b,00,31,00,32,00,34,00,62,00,65,00,35,00,63,00,\

30,00,2d,00,31,00,35,00,36,00,65,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,\

00,39,00,38,00,36,00,2d,00,30,00,30,00,61,00,61,00,30,00,30,00,36,00,62,00,\

63,00,31,00,34,00,39,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\residentialPerson]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\residentialPerson\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\

00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\

63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\

00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\User]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions\User\{4de7016c-5ef9-11d1-8c13-00c04fd8d503}]

"Interfaces"=hex(7):7b,00,33,00,65,00,33,00,37,00,65,00,33,00,32,00,30,00,2d,\

00,31,00,37,00,65,00,32,00,2d,00,31,00,31,00,63,00,66,00,2d,00,61,00,62,00,\

63,00,34,00,2d,00,30,00,32,00,36,00,30,00,38,00,63,00,39,00,65,00,37,00,35,\

00,35,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\WinNT]

@="WinNTNamespace"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\WinNT\Extensions]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Microsoft\ADs\Providers\WinNT\Extensions\User]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP]

@="URL:LDAP Protocol"

"EditFlags"=hex:02,00,00,00

"URL Protocol"=""

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP\Clsid]

@="{228D9A81-C302-11cf-9AA4-00AA004A5691}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP\shell]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP\shell\open]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAP\shell\open\command]

@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\

00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\

4d,00,61,00,69,00,6c,00,5c,00,77,00,61,00,62,00,2e,00,65,00,78,00,65,00,22,\

00,20,00,22,00,2f,00,6c,00,64,00,61,00,70,00,3a,00,25,00,31,00,22,00,00,00,\

00,00

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAPNamespace]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\LDAPNamespace\Clsid]

@="{228D9A82-C302-11cf-9AA4-00AA004A5691}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\WinNT]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\WinNT\Clsid]

@="{8b20cd60-0f29-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\WinNTNamespace]

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\WinNTNamespace\Clsid]

@="{250e91a0-0367-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}]

@="WinNT Namespace Object"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}\InprocServer32]

@="adsnt.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}\ProgID]

@="WinNTNamespace"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}\TypeLib]

@="{97d25db0-0363-11cf-abc4-02608c9e7553}"

[HKEY_LOCAL_MACHINE\PE_SOFTWARE\Classes\CLSID\{250e91a0-0367-11cf-abc4-02608c9e7553}\Version]

@="1.0"

I also install the wmi, scritping, xml, hta and mdac packates to Winpe 2.0 boot.wim.

When you boot into winpe with the new boot.wim the network must be running along with DNS to bind.

Matt

Link to comment
Share on other sites

  • 3 weeks later...

EDIT: After turning on my brain, I got it to work by using your example matt.

However, you have to edit the SOFTWARE hive in offline mode, because the WinPE regestry is locked when the OS is running, thus you can't just run a .reg file and hope that it would work.

And, its not even needed to register the added dlls, it just works.

Edited by Typewriter
Link to comment
Share on other sites

TofuBug,

Yes that is correct edit the software hive in offline mode. Sorry I did not specify this better, glad you got it to work and that is good to know you do not need those dll's for some reason in my testing I thought you did but I will take your work for it.

Matt

Link to comment
Share on other sites

  • 1 month later...

Matt could you quickly describe the process you followed to identify the registry settings that needed to be added to the software hive? This is the one part I continually struggle with....identifying files needed pretty easy, catching registry settings from all the chaff seems a bit like voodoo magic.

Thanks!

Link to comment
Share on other sites

  • 7 months later...

To All,

I'm kind of excited but kind it's sort of surreal that this is my first Post of a fix to my own problem

First off I would like to thank everyone who took the time to comment and help out with this especially Br4tt3

Turns out ADSI was functioning just fine in PE (after adding the required files and registry updates to the WIM)

The problem as Br4tt3 alluded to was in the script itself. Unfortunately I do not know EVERYTHING about ADSI... :blushing: ...Yet... :sneaky: So I completely missed the relevance

Also apparently looking at the date of this first post it's been almost a year of leaving this on the back burner while I cooked up other tools and utilities for the corporation. So cue the Elton John Lion King theme song (just trust me it will make sense later)

I would like to share with anyone who is interested briefly how I came to the stunningly obvious "WOW I'm an ID10T!!!!" epiphany

I had been tasked middle of the year to develop a tool to allow our Computer Imaging Administrators to be able to quickly and efficiently create computer accounts in AD with specific security groups assigned to its ACE's for stuff like Joining the domain, rename etc.

In the end I came up with a centralized HTA which allowed for traversing the active OU structure in either direction. The tool also defaulted to use cached credentials for ADSI operations but had the option to enter a domain User Name and Password to validate using the OpenDSObject() method so the tool can be run on an account that may not have the same level of permissions needed to create a computer in AD

Long story short works like a charm and even after 6 months of minor OU restructuring I haven't had to modify the code once (if you can't tell I strive to develop tools that can adapt within reason to environmental changes)

The biggest thing I took out of that project was how to consistently validate a domain user name and password in a script using LDAP

Function ValidLogin(UserName,Password)
On Error Resume Next
Set ValidLogin= GetObject("LDAP:").OpenDSObject("LDAP://" & GetObject("LDAP://rootDSE").Get("defaultNamingContext"), UserName, Password, 1)
ValidLogin = (Err.Number = 0)
End Function

Anything I develop now that requires a user name and password I use that function or a variation on it (really makes it nicer on the technicians who have to use my tools so they don't have to remember other passwords and logins)

Fast Forward to about a week ago....

I was again tasked with creating a similar tool this time to allow a computer in a workgroup to both create its own account in AD and join itself to its domain.

So... being the lazy developer I am :whistle:

I ripped out the core code for creating the computer accounts in AD from my other tool, wrapped it in a simple HTA with a login prompt using the same LDAP based validation (to allow for entering a user's credentials with enough privileges to actually create the account in AD) and an Add Computer button.

I tossed it all on a test machine I had deliberately deleted from AD

Ran it and...........

"Invalid user name or password?"........... :angry:

Retried password ........

"Invalid user name or password??"...........

Tried another login.......

"Enough already with the Invalid user name or password!!!!!".......... :realmad:

Finally had the clarity to load up Visual Studio 2005, attach to the HTA's process and debug the sucker.

That's when I realized I wasn't even getting an object back from the GetObject("LDAP://RootDSE") method....... :blushing: might explain why nothing is working right.

Shortly thereafter I had the "You dumb a** the computer isn't even part of the domain so AD is OBLIVIOUS to its LDAPesque attempts to talk to the domain" moment

A few Google searches later and I had my answer, server binding directly to a domain controller

In a nutshell

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://DC=MyDomain,DC=com",UserName,Password,1)

becomes...

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://MyDomainController/DC=MyDomain,DC=Com",MyDomain\UserName,Password,1 + 512)

where the three important changes are

  • LDAP:// -> LDAP://MyDomainController/
  • UserName -> MyDomain\UserName
  • 1 -> 1 + 512 (1 is ADSI Secure Authentication, and 512 is ADSI Server Bind)

Once I had updated the code to bind to the domain controller viola suddenly my tool liked my user name and passwords again and it was able to create the computer account in AD without a hitch.

Fast forward again to a few hours ago.

Booted up PE 2.0 to reimage my laptop (I had fried the OS testing piloted software for the corporation) symbolically beginning the end of the obligatory circle of life for me this year. (told you it would make sense later... the background music in your head should now be raising to that nice crescendo during the bridge, you know the part where you're supposed to get all emotional and "identify" with the main character as he stuggles to overcome....yeah......never mind.)

As I was waiting for Ghost to backup my exiting data I finally put 2 and 2 together,

Thank you high school logic chapter in math...

If computer is in a WORKGROUP then it must use a server bind to a domain controller to access AD

PE 2.0 loads in a WORKGROUP

So...... drum roll please,

If a computer is running PE 2.0 then it must use a server bind to a domain controller to access AD

Seemed simple enough logic in my head, so while I waited for ghost to backup my data from the laptop I tossed open VBSEdit in PE's command prompt and mashed together a quick and dirty script to return a computer with a distinguished name I already knew of the top of my head using the domain controller server binding. A few lines of code later and a quick running of the script and all I can really say is.

:w00t: Yay......It works!!!!!

So that's my long drawn out story.

In the end I have learned 3 infallible truths out of this experience

  1. Even plastic soft touch keyboards will make your forehead bleed if you beat it against it enough
  2. If you lose enough blood it’s hard to focus on your computer screen or remember things like your name.
  3. Keyboard keys tend to stick when blood dries under them

I'm hoping it will at least help someone avoid having to clean and disinfect their keyboard... or at the very least give someone a cheap laugh at my expense

Cheers,

Quick question does anyone know how to get LDAP queries in WIN PE 2.0 to work

or another way to validate an AD account from PE through VBScript

Cheers,

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...