Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2248
  • Last Modified:

-2147024891 Active Directory General access denied error

I have an activex script inside a DTS package that performs 3 functions - 1) creates accounts within active directory, 2) updates expiry dates for some accounts, 3) modifies the groups that a user is part of. The script connects to a database in order to determine what accounts to create or modify. The script runs on one server and creates / modifies accounts on a second server.

When I am logged into the first server and run the DTS package, then it works perfectly. However, when I schedule the DTS package to run from a job my script generates the error '-2147024891 Active Directory General access denied error' when it tries to create new accounts or update the expiry dates of existing accounts. It does not however seem to have any problems adding users to groups or creating new groups.

I'm pretty sure that this problem is permissions based??? The job is set to run under the administrator account and this account is a domain administrator. The activex script uses an SQL user to connect to the database. So which account does the job run under?? I am confused as to which user the job is trying to execute my script under.

Any suggestions would be appreciated!
0
tyea
Asked:
tyea
  • 2
1 Solution
 
kkohlCommented:
Check what account your SQL Agent is running.

In Enterprise Manager (EM) expand your server, expand Management, right click SQL Server Agent and select Properties.

If the account it is running under is the local system account, it will not be able to perform jobs on remote servers.

0
 
tyeaAuthor Commented:
Thanks! I now have the service starting under an admin user and it is working fine. Out of interest though - why doesn't the job run under the account that i have set as the Owner in the job properties??
0
 
kkohlCommented:
The SQL Agent is what runs all jobs.  Inside the job is where the job's owner must have proper permissions.  But the job has to start first, which is with SQL Agent.

:-)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now