Cross Child-Domain Scripting

TheMSsForum.com: The Microsoft Software Forum

Hello,

I am attempting to write a .vbs or .hta or .asp to serve my purpose.
Simply enough, i need a user in sub1.dom.com to be able to write to a
group in sub1.dom.com and sub2.dom.com... my issue is that i'm getting
referrals from the secondary server. basically i'm simply passing in
the domain by user input, then connecting to the correct domain... I'm
using service accounts in each subdomain. I am having issues
launching the vbscript from sub1.dom.com domain using a user residing
in sub1... if i use a user in sub2.dom.com in the script running on
sub1.dom.com, it will add...

i'm at a loss as to the proper way to add users to universal groups...
OR to be able to span child domain LDAP look ups in the same script.

as simple as it is... here is an HTA snippet of my testing syntax.

If choices.value = "sub1" Then
strHTML = "<br> Adding User to Group "

Const ADS_SCOPE_SUBTREE = 2
'###################################################################
' By: Sonny McManigle | <company>
'###################################################################

'On Error Resume Next
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = "sub1\usr1"
objConnection.Properties("Password") = "djsLS7@9d2"
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://
dc=sub1,dc=dom,dc=com' WHERE objectCategory='user'AND
sAMAccountName='" & tmpusr & "'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
if err then wscript.echo err.number
objRecordSet.MoveFirst
If Err Then strHTML = strHTML & "<br> User not found in Domain"
Do Until objRecordSet.EOF
StrFullDN = objRecordSet.Fields("distinguishedName").Value
Set objGroup = GetObject ("LDAP://
CN=Users_SUB1,CN=Users,DC=sub1,DC=dom,DC=com")
Set objUser = GetObject ("LDAP://" & strFullDN)
objGroup.Add(objUser.ADsPath)
If Err = "0" Then
strHTML = strHTML & "<br> Successfully wrote to Group"
Else
strHTML = strHTML & "<br> Failed writing to Group"
End If
If Err.number = "-2147019886" Then
strHTML = strHTML & "<br> This user: " & tmpusr & " is already a
member of the Group"
End If
strfulldn = ""
tmpit = ""
objRecordSet.MoveNext
loop

End If

If choices.value = "sub2" Then
'###################################################################
' By: Sonny McManigle
|'###################################################################

'On Error Resume Next
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = "sub2\usr2"
objConnection.Properties("Password") = "7S&29ddo!"
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://
dc=sub2,dc=dom,dc=com' WHERE objectCategory='user'AND
sAMAccountName='" & tmpusr & "'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
if err then wscript.echo err.number
objRecordSet.MoveFirst
If Err Then strHTML = strHTML & "<br> User not found in Domain"
Do Until objRecordSet.EOF
StrFullDN = objRecordSet.Fields("distinguishedName").Value
Set objGroup = GetObject ("LDAP://
CN=Users_SUB2,CN=Users,DC=sub2,DC=ae,DC=com")
Set objUser = GetObject ("LDAP://" & strFullDN)
objGroup.Add(objUser.ADsPath)

Any Help would be GREAT!!!!!!!!!!!!!
Top

Re: Cross Child-Domain Scripting by scriptNooB

scriptNooB
Tue Mar 25 15:34:43 CDT 2008

Forum Lurkers!!!! HELP!!!!

:)

I know you guys are good... i'm sure someone has tried to do cross-
child domain scripting and has run across this issue!

any help?

-Sonny


On Mar 21, 1:47=A0pm, scriptNooB <sonny.mcmani...@gmail.com> wrote:
> Hello,
>
> I am attempting to write a .vbs or .hta or .asp to serve my purpose.
> Simply enough, i need a user in sub1.dom.com to be able to write to a
> group in sub1.dom.com and sub2.dom.com... my issue is that i'm getting
> referrals from the secondary server. =A0basically i'm simply passing in
> the domain by user input, then connecting to the correct domain... I'm
> using service accounts in each subdomain. =A0I am having issues
> launching the vbscript from sub1.dom.com domain using a user residing
> in sub1... if i use a user in sub2.dom.com in the script running on
> sub1.dom.com, it will add...
>
> i'm at a loss as to the proper way to add users to universal groups...
> OR to be able to span child domain LDAP look ups in the same script.
>
> as simple as it is... here is an HTA snippet of my testing syntax.
>
> If choices.value =3D "sub1" Then
> strHTML =3D "<br> Adding User to Group "
>
> Const ADS_SCOPE_SUBTREE =3D 2
> '###################################################################
> ' By: Sonny McManigle | <company>
> '###################################################################
>
> 'On Error Resume Next
> Set objConnection =3D CreateObject("ADODB.Connection")
> Set objCommand =3D =A0 CreateObject("ADODB.Command")
> objConnection.Provider =3D "ADsDSOObject"
> objConnection.Properties("User ID") =3D "sub1\usr1"
> objConnection.Properties("Password") =3D "djsLS7@9d2"
> objConnection.Properties("Encrypt Password") =3D TRUE
> objConnection.Properties("ADSI Flag") =3D 3
> objConnection.Open "Active Directory Provider"
> Set objCOmmand.ActiveConnection =3D objConnection
> objCommand.CommandText =3D "SELECT distinguishedName FROM 'LDAP://
> dc=3Dsub1,dc=3Ddom,dc=3Dcom' WHERE objectCategory=3D'user'AND
> sAMAccountName=3D'" & tmpusr & "'"
> objCommand.Properties("Page Size") =3D 1000
> objCommand.Properties("Searchscope") =3D ADS_SCOPE_SUBTREE
> Set objRecordSet =3D objCommand.Execute
> if err then wscript.echo err.number
> objRecordSet.MoveFirst
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 If Err Then strHTML =3D strHTML & "<br> Us=
er not found in Domain"
> Do Until objRecordSet.EOF
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 StrFullDN =3D objRecordSet.Fields("disting=
uishedName").Value
> Set objGroup =3D GetObject ("LDAP://
> CN=3DUsers_SUB1,CN=3DUsers,DC=3Dsub1,DC=3Ddom,DC=3Dcom")
> Set objUser =3D GetObject ("LDAP://" & strFullDN)
> objGroup.Add(objUser.ADsPath)
> If Err =3D "0" Then
> strHTML =3D strHTML & "<br> Successfully wrote to Group"
> =A0 =A0 =A0 =A0 Else
> strHTML =3D strHTML & "<br> Failed writing to Group"
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 End If
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 If Err.number =3D "-2147019886" Then
> strHTML =3D strHTML & "<br> This user: " & tmpusr & " is already a
> member of the Group"
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 End If
> =A0 =A0 strfulldn =3D ""
> =A0 =A0 tmpit =3D ""
> =A0 =A0 objRecordSet.MoveNext
> loop
>
> End If
>
> If choices.value =3D "sub2" Then
> '###################################################################
> ' By: Sonny McManigle
> |'###################################################################
>
> 'On Error Resume Next
> Set objConnection =3D CreateObject("ADODB.Connection")
> Set objCommand =3D =A0 CreateObject("ADODB.Command")
> objConnection.Provider =3D "ADsDSOObject"
> objConnection.Properties("User ID") =3D "sub2\usr2"
> objConnection.Properties("Password") =3D "7S&29ddo!"
> objConnection.Properties("Encrypt Password") =3D TRUE
> objConnection.Properties("ADSI Flag") =3D 3
> objConnection.Open "Active Directory Provider"
> Set objCOmmand.ActiveConnection =3D objConnection
> objCommand.CommandText =3D "SELECT distinguishedName FROM 'LDAP://
> dc=3Dsub2,dc=3Ddom,dc=3Dcom' WHERE objectCategory=3D'user'AND
> sAMAccountName=3D'" & tmpusr & "'"
> objCommand.Properties("Page Size") =3D 1000
> objCommand.Properties("Searchscope") =3D ADS_SCOPE_SUBTREE
> Set objRecordSet =3D objCommand.Execute
> if err then wscript.echo err.number
> objRecordSet.MoveFirst
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 If Err Then strHTML =3D strHTML & "<br> Us=
er not found in Domain"
> Do Until objRecordSet.EOF
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 StrFullDN =3D objRecordSet.Fields("disting=
uishedName").Value
> Set objGroup =3D GetObject ("LDAP://
> CN=3DUsers_SUB2,CN=3DUsers,DC=3Dsub2,DC=3Dae,DC=3Dcom")
> Set objUser =3D GetObject ("LDAP://" & strFullDN)
> objGroup.Add(objUser.ADsPath)
>
> Any Help would be GREAT!!!!!!!!!!!!!

Top