Leo wrote:
> Environment: Web application adds users from multiple domains to a local
> group. The code that does this uses ADSI (WinNT provider) and runs in a
> COM+
> component using the identity of an account that is part of the local
> administrator group. Server is windows 2003.
>
> Issue:
> Set objAdsUser = GetObject("WinNT://" & sDomain & "/" & sUser)
> is returning -2147024843 (path not found).
>
> The code that searches for the users before attemption the add is
working
> properly and returning the list of users. It uses the LDAP provider.
>
> If I log in to the server using the same account as the one that the
code
> runs under, I am able to select and add the users from that domain to a
> local
> group using Computer Management. So it does not seem to be trust issues
or
> accessibility to the domain. Would anyone have an idea of what to look
> for?
> Or perhaps how to code this feature, so that I won't run into this issue
> and
> have it behave similar to Computer Management?
>
Is sDomain the NetBIOS name of the domain and sUser the NT name of the
user
(the pre-Windows 2000 logon name, the value of the sAMAccountName
attribute). Note that sUser is not the Common Name of the user (the value
of
the cn attribute).
If you are using the LDAP provider to find the user, then you can retrieve
the Distinguished Name (DN). I would use the NameTranslate object to
convert
this to the NT format of the name, which is <domain>\<user>, where
<domain>
is the NetBIOS name of the domain and <user> is the pre-Windows 2000 logon
name. See this link:
http://www.rlmueller.net/NameTranslateFAQ.htm
Number 11 gives VBScript code to convert a DN and then bind with the WinNT
provider.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
|
