Solved

Adding a User Principal Name

Posted on 2003-11-18
10
1,205 Views
Last Modified: 2011-10-03
Hello all
I am trying to update 3500 accounts to add the User Principal names for them with no luck. Below is the code that I am trying to use

Const ADS_PROPERTY_UPDATE = 2

Set User = GetObject("LDAP://CN=magnus,OU=Network,OU=IT,OU=Information Technology,OU=Users and Groups,DC=mycompany,DC=net")

User.Put "userPrincipalName", "magnus"
User.SetInfo

When I run the above I get the followong error
C:\Support\UPNs\upn.vbs(3, 1) (null): A referral was returned from the server

Please help

Thanks
magnus
0
Comment
Question by:magsdtev
  • 4
  • 4
  • 2
10 Comments
 
LVL 9

Expert Comment

by:TooKoolKris
Comment Utility
This is not a default property that is apart of the User container within AD. If you want to script out adding this then you will need to extend the Schema so that it will add your userPrincipalName as a property of the User.
0
 
LVL 9

Expert Comment

by:TooKoolKris
Comment Utility
I'm sorry just caught my mistake there already is a property for that. The only thing that I can suggest is to make sure your path is correct. You have an OU called "Users and Groups"?

Try creating a new user called "testuser" right in the default "Users" OU and then try this code:

Lets say the Domain Controller with AD is called PDC.mydomain.com

Set objUser = GetObject("LDAP://cn=testuser,ou=Users,dc=PDC DC,dc=mydomain,dc=com")
objUser.Put "userPrincipalName", "magnus"
objUser.SetInfo

I think your code is ok just the Qualified Path is incorrect.
0
 

Author Comment

by:magsdtev
Comment Utility
TooKoolKris
I can create a brand new user with the UserPrincipleName attribute with no problem it is trying to add it after the user has already been created that I cant do for one reason or another

Magnus
0
 
LVL 9

Expert Comment

by:TooKoolKris
Comment Utility
Sorry that should be:

Set objUser = GetObject("LDAP://cn=testuser,ou=Users,dc=PDC,dc=mydomain,dc=com")
objUser.Put "userPrincipalName", "magnus"
objUser.SetInfo
0
 
LVL 9

Expert Comment

by:TooKoolKris
Comment Utility
Maybe you should try using the PutEx method instead of the Put method:
Try using this command instead

objUser.PutEx ADS_PROPERTY_UPDATE, "userPrincipalName", "magnus"
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:magsdtev
Comment Utility
TooKoolKris
Thanks for the response

I tried
objUser.PutEx ADS_PROPERTY_UPDATE, "userPrincipalName", "magnus"

and
Set objUser = GetObject("LDAP://cn=testuser,ou=Users,dc=PDC,dc=mydomain,dc=com")
objUser.Put "userPrincipalName", "magnus"
objUser.SetInfo

with the same result
C:\Support\UPNs\upn.vbs(5, 1) (null): There is no such object on the server

I also verified the LDAP path as well and it is correct

Any other Ideas?

Magnus
0
 
LVL 5

Accepted Solution

by:
RainUK earned 200 total points
Comment Utility
Quote [ When I run the above I get the followong error
C:\Support\UPNs\upn.vbs(3, 1) (null): A referral was returned from the server ]

This could be because the UPN you are trying to assign already exists. You need to check that the UPN does not already exist for another account before trying to update an account with the new UPN.

Quote [ with the same result
C:\Support\UPNs\upn.vbs(5, 1) (null): There is no such object on the server ]

This would definitely be an incorrect LDAP path name. Check your path using ADSI Edit (Use mmc)? Silly question to ask, but you know that an object CN (Container Name) is not equivalent to a users ADs 'FirstName' or 'DisplayName' properties.

Do you have a mixed mode Setup for NT4 Server backward compatibility on your domain?
Also when you run your script, under what user/security context (Administrator)?
0
 

Author Comment

by:magsdtev
Comment Utility
RainUK
Thanks for the response

I did verify that they user did not have a UPN as well as that UPN was unique
I double checked the LDAP path as well and ran it as an administrator both with no luck

Right now I am in Mixed mode as well

Any other Ideas?
0
 
LVL 5

Expert Comment

by:RainUK
Comment Utility
Hmmmm, well thats pretty strange. Do you have multiple UPN Suffixes on your doman e.g.
Domain1.Com, Domain2.net. You could try updating the UPN by specifying the full UPN. e.g

objUser.Put "userPrincipalName", "magnus@yourDomain.yourSuffix"

Have never encountered the problem you are getting. If the above doesn't work, any chance of you dumping the exact code e.g. the real domain etc etc?
0
 

Author Comment

by:magsdtev
Comment Utility
RainUK
I did the above with no success.  We are only running one suffix  (mycompany.com)  I did dig a bit deeper with ADSI edit and the path was correct but the CN=magnus was wrong.  It looks like someone in my company changed the schema a bit (mainly for a groupwise connector and address list sycnh) and the cn was actually CN=Smith\, Magnus  Once I changed it in the script it work fine

Thanks for the help

Magnus
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

There are many ways to remove duplicate entries in an SQL or Access database. Most make you temporarily insert an ID field, make a temp table and copy data back and forth, and/or are slow. Here is an easy way in VB6 using ADO to remove duplicate row…
Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now