|
|
|||||||
How can one pull the "Office" value from a User in Active Directory using KIX? I have look around here but not finding anything that can help or works. |
||||||||
|
|
|||||||
More info... I am trying to determine which server to attach the user to. The user would be attaching via VPN. All users are part of one domain. All users have the Office field fill-in. Site1 is the default location in the current script. For example, Joe Blow (JBlow) belongs to the Site2 location. When he connects via VPN, it doesn't know that he belongs to Site2 and maps his network drives to Site1. Since he is using a non-domain account, I can't use the INGROUP feature. I would just like some code that could return the Office value for a given user. |
||||||||
|
|
|||||||
Use the ADSI LDAP:// provider via COM. $obj = GetObject(LDAP://domain/DN) $Office = $obj.Get("Office") Something close to this should work. |
||||||||
|
|
|||||||
Start with this code: code:You haven't stated what your client OS is. That could be very important if the client is not AD aware.$sysinfo = CreateObject("adsysteminfo") [ 16. November 2002, 23:26: Message edited by: Howard Bullock ] |
||||||||
|
|
|||||||
Now I am really confused. You stated that the user is NOT using a domain account. How do think you will get the "Office" from the account property if the user is not using the account? |
||||||||
|
|
|||||||
Clients are running Windows 2000 with SP3 and Windows XP Pro with SP1. I am getting "An invalid Active Directory pathname was passed" Is there some values I need to fill in? Any functions I need to add or define? |
||||||||
|
|
|||||||
Howard, They are not using a domain account because they are connecting via VPN. Their computer is configured as a WORKGROUP. For example, Joe Blow is NTCMI\JBlow on the domain. At home he logs into his computer as \\HOMEPC\JBlow. He connects to the VPN and run the Login Script I have written. The login script looks at his IP Address and knows that he is using a VPN Login. It checks his username and creates a variable $NTCMIUSER that equals NTCMI\JBlow. Then it passes this to the USE command to map his network drives. In reference to my previous post, Site1 users have always been the VPN users. Joe Blow is the first Site2. The Server value is hardcoded to Site1. I don't want to have to hardcoded Joe Blow into using Site2. I wanted to see if there is a way to pull any information from AD. |
||||||||
|
|
|||||||
That being the case you need to to use my TranslateName() UDF. You can feed it the NT4 style "Domain\Account" and get back the distinguished name of the user account. With that, you can get the account properties using the first code I posted. |
||||||||
|
|
|||||||
Howard, I have use the TranslateName UDF and it is returning the correct values. However, the two line code you gave me is not returning anything. I think the first line is fine. It is this line that I am wondering about... $Office = $obj.Get("Office") Any ideas? |
||||||||
|
|
|||||||
Add: ? "@error @serror" after each of the two lines. What is the error messages are returned? [ 17. November 2002, 06:06: Message edited by: Howard Bullock ] |
||||||||
|
|
|||||||
First line - no error - successful Second line -2147352567 COM exception error "GET" (Active Directory - The Active Directory property cannot be found in the cache. ) [-2147352567/80020009] |
||||||||
|
|
|||||||
Checking the ADSI help file yield a property name "OfficeLocations" not "Office". |
||||||||
|
|
|||||||
Still no luck... Here is my code code:The line: $USEROFFICE=$USERDETAILS.GET("OfficeLocations") is still returning the error:$DOMAINUSER="NTCMI\"+$USER CN=MGorretta,CN=Users,DC=conmet,DC=dom 0 The operation completed successfully. -2147352567 COM exception error "GET" (Active Directory - The Active Directory property cannot be found in the cache. ) [-2147352567/80020009] |
||||||||
|
|
|||||||
Try: using GetEx $USEROFFICE=$USERDETAILS.GetEx("OfficeLocations") ? "@error @serror" ? VarTypeName ($USEROFFICE) |
||||||||
|
|
|||||||
Same error...but now Empty is returned... CN=MGorretta,CN=Users,DC=conmet,DC=dom 0 The operation completed successfully. -2147352567 COM exception error "GetEx" (Active Directory - The Active Directory property cannot be found in the cache. ) [-2147352567/80020009] Empty Office |
||||||||
|
|
|||||||
At this point I do not know why you are having this problem. Are you sure that the data you want is located in the OfficeLocations property? As a secondary thought, have you considered creating an OU for each site and moving the account into a "Site" OU? Since you can now get the DN, you can parse it to obtain the Site. I am ckecking my AD now to see why this is being such a pain. |
||||||||
|
|
|||||||
Not sure what is happen... If I use: $USEROFFICE=$USERDETAILS.GetInfo I get no error, but no data either! I do know that other fields are filled out like First Name and Last Name, E-Mail Address, etc...maybe we should try one of them? |
||||||||
|
|
|||||||
My EnumObjProps.kix script shows the following properties: Class: user GUID: {228D9A87-C302-11CF-9AA4-00AA004A5691} Implemented by: {228D9A84-C302-11CF-9AA4-00AA004A5691} Container Object Class Contains: nTFRSSubscriptions classStore Mandatory Properties in this Class: cn instanceType nTSecurityDescriptor objectCategory objectClass objectSid sAMAccountName Optional Properties in this Class: accountExpires accountNameHistory aCSPolicyName adminCount adminDescription adminDisplayName allowedAttributes allowedAttributesEffective allowedChildClasses allowedChildClassesEffective altSecurityIdentities assistant badPasswordTime badPwdCount bridgeheadServerListBL c canonicalName co codePage comment company controlAccessRights countryCode createTimeStamp dBCSPwd defaultClassStore department description desktopProfile destinationIndicator directReports displayName displayNamePrintable distinguishedName division dSASignature dSCorePropagationData dynamicLDAPServer employeeID extensionName facsimileTelephoneNumber flags fromEntry frsComputerReferenceBL fRSMemberReferenceBL fSMORoleOwner garbageCollPeriod generationQualifier givenName groupMembershipSAM groupPriority groupsToIgnore homeDirectory homeDrive homePhone homePostalAddress info initials internationalISDNNumber ipPhone isCriticalSystemObject isDeleted isPrivilegeHolder l lastKnownParent lastLogoff lastLogon legacyExchangeDN lmPwdHistory localeID lockoutTime logonCount logonHours logonWorkstation managedObjects manager masteredBy maxStorage memberOf mhsORAddress middleName mobile modifyTimeStamp mS-DS-ConsistencyChildCount mS-DS-ConsistencyGuid mS-DS-CreatorSID mSMQDigests mSMQDigestsMig mSMQSignCertificates mSMQSignCertificatesMig msNPAllowDialin msNPCallingStationID msNPSavedCallingStationID msRADIUSCallbackNumber msRADIUSFramedIPAddress msRADIUSFramedRoute msRADIUSServiceType msRASSavedCallbackNumber msRASSavedFramedIPAddress msRASSavedFramedRoute name netbootSCPBL networkAddress nonSecurityMemberBL ntPwdHistory o objectGUID objectVersion operatorCount otherFacsimileTelephoneNumber otherHomePhone otherIpPhone otherLoginWorkstations otherMailbox otherMobile otherPager otherTelephone otherWellKnownObjects ou pager partialAttributeDeletionList partialAttributeSet personalTitle physicalDeliveryOfficeName possibleInferiors postalAddress postalCode postOfficeBox preferredDeliveryMethod preferredOU primaryGroupID primaryInternationalISDNNumber primaryTelexNumber profilePath proxiedObjectName proxyAddresses pwdLastSet queryPolicyBL registeredAddress replPropertyMetaData replUpToDateVector repsFrom repsTo revision rid sAMAccountType scriptPath sDRightsEffective securityIdentifier seeAlso serverReferenceBL servicePrincipalName showInAddressBook showInAdvancedViewOnly sIDHistory siteObjectBL sn st street streetAddress subRefs subSchemaSubEntry supplementalCredentials systemFlags telephoneNumber teletexTerminalIdentifier telexNumber terminalServer textEncodedORAddress thumbnailLogo thumbnailPhoto title tokenGroups tokenGroupsGlobalAndUniversal tokenGroupsNoGCAcceptable unicodePwd url userAccountControl userCert userCertificate userParameters userPassword userPrincipalName userSharedFolder userSharedFolderOther userSMIMECertificate userWorkstations uSNChanged uSNCreated uSNDSALastObjRemoved USNIntersite uSNLastObjRem uSNSource wbemPath wellKnownObjects whenChanged whenCreated wWWHomePage x121Address I do not see any Office* properties. Can you verify the data and property name? Use LDP.exe from the W2K support tools to browse the user object properties. |
||||||||
|
|
|||||||
Howard, I got it... code:Found it in a related post awhile back...$USEROFFICE=$USERDETAILS.PhysicalDeliveryOfficeName Thanks for all your help...It would not have possible without it... KIXKicks |
||||||||
|
|
|||||||
Just found that Officelocations maps to physicalDeliveryOfficeName. Use this property and let me know. |
||||||||
|
|
|||||||
Well look at that. A simultaneous solution. [ 17. November 2002, 07:05: Message edited by: Howard Bullock ] |
||||||||
|
|
|||||||
What would ne the User logon name (first field beside the @domain combo) from the account tab of AD U&C |
||||||||
|
|
|||||||
Rad: Can you please explain? |
||||||||
|
|
|||||||
the fiels is currently blank (account tab of user properties in AD Users&computers, beside @domain) I would like to populate that field, and I can't figure out the field's name |
||||||||
|
|
|||||||
You have to set "userPrincipalName" which includes the "@domainname". It appears that the dialog box parses the userPrincipalName into the first part and acceptable domain names from the infrastructure. Changing either part updates the userPrincipalName. [ 28. July 2003, 20:50: Message edited by: Howard Bullock ] |
||||||||
|
|
|||||||
Personally I would set the userPrincipalName to the SamAccountName@domainname, but that is up to you. Some people like to use the email alias as the userPrincipalName. |
||||||||
|
|
|||||||
This one will do it $sysinfo = CreateObject("ADSystemInfo") $oUser = GetObject("LDAP://" + $sysinfo.UserName) $dep = ($oUser.Officelocations) |
||||||||
|
|
|||||||
Quote: |
||||||||
|
|
|||||||
If you read a few posts above you will see physicalDeliveryOfficeName |