Solved

Adding a User Principal Name

Posted on 2003-11-18
10
1,208 Views
Last Modified: 2011-10-03
Hello all
I am trying to update 3500 accounts to add the User Principal names for them with no luck. Below is the code that I am trying to use

Const ADS_PROPERTY_UPDATE = 2

Set User = GetObject("LDAP://CN=magnus,OU=Network,OU=IT,OU=Information Technology,OU=Users and Groups,DC=mycompany,DC=net")

User.Put "userPrincipalName", "magnus"
User.SetInfo

When I run the above I get the followong error
C:\Support\UPNs\upn.vbs(3, 1) (null): A referral was returned from the server

Please help

Thanks
magnus
0
Comment
Question by:magsdtev
  • 4
  • 4
  • 2
10 Comments
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9773281
This is not a default property that is apart of the User container within AD. If you want to script out adding this then you will need to extend the Schema so that it will add your userPrincipalName as a property of the User.
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9773394
I'm sorry just caught my mistake there already is a property for that. The only thing that I can suggest is to make sure your path is correct. You have an OU called "Users and Groups"?

Try creating a new user called "testuser" right in the default "Users" OU and then try this code:

Lets say the Domain Controller with AD is called PDC.mydomain.com

Set objUser = GetObject("LDAP://cn=testuser,ou=Users,dc=PDC DC,dc=mydomain,dc=com")
objUser.Put "userPrincipalName", "magnus"
objUser.SetInfo

I think your code is ok just the Qualified Path is incorrect.
0
 

Author Comment

by:magsdtev
ID: 9773405
TooKoolKris
I can create a brand new user with the UserPrincipleName attribute with no problem it is trying to add it after the user has already been created that I cant do for one reason or another

Magnus
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9773406
Sorry that should be:

Set objUser = GetObject("LDAP://cn=testuser,ou=Users,dc=PDC,dc=mydomain,dc=com")
objUser.Put "userPrincipalName", "magnus"
objUser.SetInfo
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9773602
Maybe you should try using the PutEx method instead of the Put method:
Try using this command instead

objUser.PutEx ADS_PROPERTY_UPDATE, "userPrincipalName", "magnus"
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:magsdtev
ID: 9773884
TooKoolKris
Thanks for the response

I tried
objUser.PutEx ADS_PROPERTY_UPDATE, "userPrincipalName", "magnus"

and
Set objUser = GetObject("LDAP://cn=testuser,ou=Users,dc=PDC,dc=mydomain,dc=com")
objUser.Put "userPrincipalName", "magnus"
objUser.SetInfo

with the same result
C:\Support\UPNs\upn.vbs(5, 1) (null): There is no such object on the server

I also verified the LDAP path as well and it is correct

Any other Ideas?

Magnus
0
 
LVL 5

Accepted Solution

by:
RainUK earned 200 total points
ID: 9787002
Quote [ When I run the above I get the followong error
C:\Support\UPNs\upn.vbs(3, 1) (null): A referral was returned from the server ]

This could be because the UPN you are trying to assign already exists. You need to check that the UPN does not already exist for another account before trying to update an account with the new UPN.

Quote [ with the same result
C:\Support\UPNs\upn.vbs(5, 1) (null): There is no such object on the server ]

This would definitely be an incorrect LDAP path name. Check your path using ADSI Edit (Use mmc)? Silly question to ask, but you know that an object CN (Container Name) is not equivalent to a users ADs 'FirstName' or 'DisplayName' properties.

Do you have a mixed mode Setup for NT4 Server backward compatibility on your domain?
Also when you run your script, under what user/security context (Administrator)?
0
 

Author Comment

by:magsdtev
ID: 9788139
RainUK
Thanks for the response

I did verify that they user did not have a UPN as well as that UPN was unique
I double checked the LDAP path as well and ran it as an administrator both with no luck

Right now I am in Mixed mode as well

Any other Ideas?
0
 
LVL 5

Expert Comment

by:RainUK
ID: 9788227
Hmmmm, well thats pretty strange. Do you have multiple UPN Suffixes on your doman e.g.
Domain1.Com, Domain2.net. You could try updating the UPN by specifying the full UPN. e.g

objUser.Put "userPrincipalName", "magnus@yourDomain.yourSuffix"

Have never encountered the problem you are getting. If the above doesn't work, any chance of you dumping the exact code e.g. the real domain etc etc?
0
 

Author Comment

by:magsdtev
ID: 9788383
RainUK
I did the above with no success.  We are only running one suffix  (mycompany.com)  I did dig a bit deeper with ADSI edit and the path was correct but the CN=magnus was wrong.  It looks like someone in my company changed the schema a bit (mainly for a groupwise connector and address list sycnh) and the cn was actually CN=Smith\, Magnus  Once I changed it in the script it work fine

Thanks for the help

Magnus
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now