Richard
Wed Oct 17 11:11:04 PDT 2007
David Trimboli wrote:
> I'm writing a script that will allow a Help Desk user delete an Active
> Directory computer object prior to its re-imaging. My script binds to the
> containing OU then calls the Delete method of that OU, naming the computer
> object to be deleted. The script works fine.
>
> My question regards error-handling in the case that the computer object
> has already been deleted from Active Directory (say, the user already ran
> the script). The default error message is verbose, but probably a little
> scary to a non-scripter. I've been trying to find a way to verify the
> existence of a computer object BEFORE attempting to delete it so that I
> can include my own error message. (The Err object seems to have a blank
> description when a deletion fails because the object doesn't exist.)
>
> What would be the easiest way of doing this?
You can trap the error, using "On Error Resume Next". Just restore normal
error handling after the statement that might raise an error with "On Error
GoTo 0". The Err object is used to retrieve error information. This object
has properties Number, Description, and Source. It might make sense to bind
to the user object, instead of the parent OU. If this bind fails, the user
object does not exist. If it succeeds, invoke the DeleteObject method of the
object. For example:
=======
On Error Resume Next
Set objUser = GetObject("LDAP://cn=TestUser,ou=Sales,dc=MyDomain,dc=com")
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "User not found."
Else
On Error GoTo 0
objUser.DeleteObject (0)
Wscript.Echo "User object deleted."
End If
=======
Or, you can trap the error when
objOU.Delete "user", "cn=TestUser"
fails. However, how do you query for the user name and parent container? Or
are all of your users in the same OU so you can hard code the DN of the OU.
You might want to query for the NT name (pre-Windows 2000 logon name) of the
user, then use the NameTranslate object to convert this to the Distinguished
Name. For more information see this link:
http://www.rlmueller.net/NameTranslateFAQ.htm
Then you can bind to the user object and invoke DeleteObject. If the user
does not exist, an error is raised on the Set method of the NameTranslate
object, so you would trap that error. For example:
==========
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
' Prompt for user name.
strNTName = InputBox("Enter User NT Name", "Delete User")
' Determine DNS name of domain from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
' Use the Set method to specify the NT format of the user name.
' Trap error if user does not exist.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strNTName
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "User does not exist."
Wscript.Quit
End If
On Error GoTo 0
' Use the Get method to retrieve the RPC 1779 Distinguished Name.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Escape any "/" characters with backslash escape character.
' All other characters that need to be escaped will be escaped.
strUserDN = Replace(strUserDN, "/", "\/")
' Bind to the user object in Active Directory with the LDAP provider.
Set objUser = GetObject("LDAP://" & strUserDN)
' Delete the user object.
objUser.DeleteObject (0)
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -
http://www.rlmueller.net
--