Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows 2003 LDAP read permissions

Posted on 2004-09-21
2
Medium Priority
?
455 Views
Last Modified: 2011-09-20
This question must have been asked before, but I could not find it.

My login script does a lookup to find out what groups you belong to in order to map the correct drive letters.  It works fine as long as you are a member of the Domain Admin group or a member of a group that has modify computer accounts permissions for RIS imaging.  

Here is the script and it fails at the line "For Each strGroup in objUser.memberOf"

'***************************************
'Declair group variables and set them to 0
'This will determine what groups the user belongs too

dim strUser, objUser, strGroup, objGroup
Set objADSysInfo = CreateObject("ADSystemInfo")

dim Group1
Group1=0

dim Group2
Group2=0

strUser = objADSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)
For Each strGroup in objUser.memberOf
    Set objGroup = GetObject("LDAP://" & strGroup)

          if Instr(strGroup, "Group1") then
          Group=1
         end if
   
          if InStr(strGroup, "Group2") then
          Group2=1
          end if
'un-Rem the line below to view what group memberships the script found
Wscript.Echo objGroup.CN    
next
'***************************************

I get an "Object is not a collection error" and I have determined that it is unable to poll the LDAP to find out what groups you belong too.  From another article I read (on a different forum) it looks like it works fine in Windows 2000.  Windows 2003 added a security feature.  I have tried to add Domain Users Read permisions to the User Container in AD, but that did not work.  

What read permissions do I need to add to fix this?  I'm sure the answer is right in front of me, but I can't see it.

Thanks
0
Comment
Question by:crazycanuck42
2 Comments
 
LVL 10

Accepted Solution

by:
jhautani earned 800 total points
ID: 12120996
Your script works unmodified as a user if the user belongs to more than two groups, not including 'Domain Users'.

Replace the
  For Each strGroup in objUser.memberOf
with
  For Each strGroup in objUser.GetEx("memberOf")

Then a collection is always returned and the line works, no matter how many groups the user belongs to.

Reference: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/accessing_attributes_with_adsi.asp

hope this helps
0
 

Author Comment

by:crazycanuck42
ID: 12122306
Works like a charm.  Although I do not understand how since some other people are members of multiple groups and do not have a problem, they are just members of a gorup that has admin like permissions to the Machine accoutns for RIS imaging.

Thank you very much, I would not have figured this one out on my own.

I have awarded points.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question