-2147024891 Active Directory General access denied error

I have an activex script inside a DTS package that performs 3 functions - 1) creates accounts within active directory, 2) updates expiry dates for some accounts, 3) modifies the groups that a user is part of. The script connects to a database in order to determine what accounts to create or modify. The script runs on one server and creates / modifies accounts on a second server.

When I am logged into the first server and run the DTS package, then it works perfectly. However, when I schedule the DTS package to run from a job my script generates the error '-2147024891 Active Directory General access denied error' when it tries to create new accounts or update the expiry dates of existing accounts. It does not however seem to have any problems adding users to groups or creating new groups.

I'm pretty sure that this problem is permissions based??? The job is set to run under the administrator account and this account is a domain administrator. The activex script uses an SQL user to connect to the database. So which account does the job run under?? I am confused as to which user the job is trying to execute my script under.

Any suggestions would be appreciated!
tyeaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kkohlCommented:
Check what account your SQL Agent is running.

In Enterprise Manager (EM) expand your server, expand Management, right click SQL Server Agent and select Properties.

If the account it is running under is the local system account, it will not be able to perform jobs on remote servers.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tyeaAuthor Commented:
Thanks! I now have the service starting under an admin user and it is working fine. Out of interest though - why doesn't the job run under the account that i have set as the Owner in the job properties??
0
kkohlCommented:
The SQL Agent is what runs all jobs.  Inside the job is where the job's owner must have proper permissions.  But the job has to start first, which is with SQL Agent.

:-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.