I have an activex script inside a DTS package that performs 3 functions - 1) creates accounts within active directory, 2) updates expiry dates for some accounts, 3) modifies the groups that a user is part of. The script connects to a database in order to determine what accounts to create or modify. The script runs on one server and creates / modifies accounts on a second server.
When I am logged into the first server and run the DTS package, then it works perfectly. However, when I schedule the DTS package to run from a job my script generates the error '-2147024891 Active Directory General access denied error' when it tries to create new accounts or update the expiry dates of existing accounts. It does not however seem to have any problems adding users to groups or creating new groups.
I'm pretty sure that this problem is permissions based??? The job is set to run under the administrator account and this account is a domain administrator. The activex script uses an SQL user to connect to the database. So which account does the job run under?? I am confused as to which user the job is trying to execute my script under.
Any suggestions would be appreciated!