LDAP in Win PE 2.0

[shawn_wall]

I'm having an issue getting ADO to work correctly under Windows PE 2.0, I've added the files above modified the software hive and still can't get this to work. What I'm trying to do is run a query against a AD server to determine if a computer account exists in the directory. And even after following the steps above I'm still getting a "ActiveX component can't create object: 'ADOBD.Connection'". I've also noticed that if I try to regsvr32 the added DLL's I get a "The module <dllname>.dll was loaded but the entry-point DllRegisterServer was not found". I'm including the script I'm working on assuming that it's something I messed up as other people have gotten this working.

Many thanks in advance

Shawn

Set args = WScript.Arguments
If Wscript.Arguments.Count = 0 Then
Wscript.echo "No server name supplied"
Wscript.Quit 2
End If

strCompName = args.Item(0)

Set conn = CreateObject("ADODB.Connection") 
Set cmd = CreateObject("ADODB.Command") 
conn.provider = "adsdsoobject" 
Conn.Properties("User ID") = "<Serviceacct>" 
Conn.Properties("Password") = "<Password>" 
Conn.Properties("Encrypt Password") = TRUE
Conn.Properties("ADSI Flag") = 3
conn.open "Active Directory Provider"

Set cmd.activeconnection = conn 
cmd.commandtext = "<LDAP://hqdc01.nvidia.com/DC=nvidia,DC=com>;(&(objectcategory=computer)(objectclass=computer)(cn=" & strCompName & "));cn;subtree" 
Set rs = cmd.Execute 
If rs.recordcount <> 0 Then 
Wscript.echo "Server already exists in the domain"
Wscript.Quit 1
End If 

[gadget]

I take it you like typing TofuBug. It's nice when a plan comes together.

[TofuBug]

I take it you like typing TofuBug. It's nice when a plan comes together.

It's not so much that I like typing just my fingers tend to ramble on and on (usually because they're trying to play catch-up to my thought process)

I just need fingers that have the same reaction time as oh say a synapse firing.

And Yes Yes it is.

[justinp]

No luck for me

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://MyDomainController/DC=MyDomain,DC=Com",MyDomain\UserName,Password,1 + 512)

...gets me an "Invalid Syntax" message.

Any suggestions?

Thanks

Justin

[TofuBug]

No luck for me

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://MyDomainController/DC=MyDomain,DC=Com",MyDomain\UserName,Password,1 + 512)

...gets me an "Invalid Syntax" message.

Any suggestions?

Thanks

Justin

Justin

Can't really tell you what specifically is causing this since i'm not going to ask you what DC's you are using and what User Name and password you are using but I'm assuming you know what one of your domain controllers are and the domain you are on and have a user name and password with at the lest read access to the LDAP protocol

Let me put out an example semi stolen from MS's technet examples

say your domain is RVB.US.COM

Say your domain controllers are RVB_DC1, RVB_DC2 and RVB_DC3

Now say you have a logon of SARGE

with a password of D1rtb@g

your code from above would look like this

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://RVB_DC2/DC=RVB,DC=US,DC=Com","RVB\SARGE","D1rtb@g",1 + 512)

or this

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://RVB_DC1/DC=RVB,DC=US,DC=Com","RVB\SARGE","D1rtb@g",1 + 512)

or this

Set Domain = GetObject("LDAP:").OpenDSObject("LDAP://RVB_DC3/DC=RVB,DC=US,DC=Com","RVB\SARGE","D1rtb@g",1 + 512)

The one thing I've found people i work with for this stuff forget is that every section of text seperated by a . or the beginning or end of the domain has to have its own DC=

Other than that it might be the account does not have permissions on the server or the plugin did not work

i would try the same code on a windows system that you know you can get to AD manually with the ADSI Administrative tools or some third party software I use Softerra's LDAP Browser 2.6 because unlike MS's admin tool kit it lists everything as a details list view which if you know what you are looking for makes it faster to get to things than the tabbed approach does.

Anyway hope that helps a little

Cheers

[JamesOFarrell]

We have been using this to enable ADSI in WinPE for a few months now. This has been working flawlessly for creating computer objects in AD and setting some attributes (like guid/description).

I tried to update my code to allow the new computer object to be added to groups after it has been created. This works fine under Vista/XP but fails under WinPE.

I get the error "Object does not support this property or method."

set objLDAP = GetObject("LDAP:")

PreStageUsername = "DOMAIN\username"
PreStagePassword = "password"

GroupPath = "LDAP://Domain.Com/CN=GroupName,OU=Groups,DC=Domain,DC=com"
Set objGroup = objLDAP.OpenDSObject(GroupPath, PreStageUsername, PreStagePassword, 0)

ComputerPath = "LDAP://Domain.Com/CN=ComputerName,OU=Computers,DC=Domain,DC=com"
Set objComp = objLDAP.OpenDSObject(ComputerPath, PreStageUsername, PreStagePassword, 0)

msgbox objGroup.Get("sAMAccountName")
objGroup.Add(objComp.ADsPath)
msgbox objGroup.IsMember(objComp.ADsPath)

In Vista/XP this displays the "sAMAccountName" of the Group Object, adds the Computer Object as a member of the Group Object then displays "True"

In WinPE this displays the "sAMAccountName" of the Group Object, then crashes out with the above error. If you remove the objGroup.Add(objComp.ADsPath) line then the scripts will error out on the msgbox objGroup.IsMember(objComp.ADsPath) line with the same error.

If I replace objComp.ADsPath with the ADs Path "LDAP://Domain.Com/CN=ComputerName,OU=Computers,DC=Domain,DC=com" it still bombs out.

Does anyone know what is going on here?

[JamesOFarrell]

I fixed this issue by including the file adsmsext.dll on the WinPE disk.

EDIT: Typo

Edited January 23, 2009 by JamesOFarrell

[smallbyt]

Hi All

Hoping someone can help me out, I am trying to get LDAP working within WinPE and am so happy I found this forum because I was totally lost at the beginning.

I have added the dll's and the registry key into my WinPE 2.0 boot image so thats all fine.

I have a HTA that runs as part of our imaging process that promtps for various details about the machine, one thing I am trying to do is get a few of the drop down menus populated directly from AD. My HTA works fine when I run it on a normal Windows XP or Windows Server 2003 machine but when I run it from within WinPE I get the following error:

"The specified domain either does not exist or could not be contacted"

My code that executes the AD authentication and binding is below:

Const ADS_SCOPE_SUBTREE = 2
Const ADS_SECURE_AUTHENTICATION = 1 
Const ADS_SERVER_BIND = 200 

Set objShell = CreateObject("Wscript.Shell")

objShell.regWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406", 0, "REG_DWORD" 
objShell.regWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406", 0, "REG_DWORD" 

Set objDomain = GetObject("LDAP:").OpenDSObject("LDAP://ptcdcco1." & strDomainName & ".wa.gov.au/DC=" & strDomainName & ",DC=WA,DC=GOV,DC=AU" , strDomainMaster , strDomainMasterPwd ,1 + 512)

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = strDomainMaster
objConnection.Properties("Password") = strDomainMasterPwd
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Can anyone help me out with that error?