-2147024891 Active Directory General access denied error

Posted on 2004-11-08
Last Modified: 2008-05-30
I have an activex script inside a DTS package that performs 3 functions - 1) creates accounts within active directory, 2) updates expiry dates for some accounts, 3) modifies the groups that a user is part of. The script connects to a database in order to determine what accounts to create or modify. The script runs on one server and creates / modifies accounts on a second server.

When I am logged into the first server and run the DTS package, then it works perfectly. However, when I schedule the DTS package to run from a job my script generates the error '-2147024891 Active Directory General access denied error' when it tries to create new accounts or update the expiry dates of existing accounts. It does not however seem to have any problems adding users to groups or creating new groups.

I'm pretty sure that this problem is permissions based??? The job is set to run under the administrator account and this account is a domain administrator. The activex script uses an SQL user to connect to the database. So which account does the job run under?? I am confused as to which user the job is trying to execute my script under.

Any suggestions would be appreciated!
Question by:tyea
    LVL 3

    Accepted Solution

    Check what account your SQL Agent is running.

    In Enterprise Manager (EM) expand your server, expand Management, right click SQL Server Agent and select Properties.

    If the account it is running under is the local system account, it will not be able to perform jobs on remote servers.


    Author Comment

    Thanks! I now have the service starting under an admin user and it is working fine. Out of interest though - why doesn't the job run under the account that i have set as the Owner in the job properties??
    LVL 3

    Expert Comment

    The SQL Agent is what runs all jobs.  Inside the job is where the job's owner must have proper permissions.  But the job has to start first, which is with SQL Agent.


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    Entering a date in Microsoft Access can be tricky. A typo can cause month and day to be shuffled, entering the day only causes an error, as does entering, say, day 31 in June. This article shows how an inputmask supported by code can help the user a…
    Video by: Steve
    Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now