Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1277
  • Last Modified:

LDAP Query to GC fails SOMETIMES - Table does not exist

Hello All,

I have a customer who is unable to run the script below, they are getting the Table Does Not Exist Error. I'm hoping someone can point to some troubleshooting efforts and leverage some good experience from this board...


The infamous error: Table Does not Exist - With a Twist

I have the following Code (VB Script) used to enumerate the trusted domains...

I can run it no problem, I have other customers who are getting the table does not exist...

Here is the script:


strDomain = InputBox("Enter the name of the Domain in Domain.com notation",Title,strDomain)
If InStr(strDomain, ".") = FALSE Then
    MsgBox("The Domain must be the FQDN e.g. Domain.com")
    WScript.Quit
End If

aDomain = Split(strDomain, ".")
strNTDomain = aDomain(0)

strDomainUid = InputBox("Enter a User Account (Domain\UserName)",Title,strNTDomain & "\")


strDomainPwd = InputBox("Enter Password for " & strDomain,Title,strDomainPwd)



GetTrustedDomains strDomain, strDomainUid, strDomainPwd

Sub GetTrustedDomains(strDomain, strDomainUid, strDomainPwd)
On Error Resume Next


Set con = CreateObject("ADODB.Connection")
con.provider = "ADsDSOObject"
con.Properties("User ID") = strDomainUid
con.Properties("Password") = strDomainPwd
con.open "Active Directory Provider"
Set com = CreateObject("ADODB.Command")
Set com.ActiveConnection = con
com.CommandText = "select name FROM 'GC://" & strDomain & "' where objectCategory='trustedDomain'"
Set rs = com.Execute

If Err.Number <> 0 Then
    MsgBox "Error opening connection To " & strDomain & ". Error is : " & Err.Description
    Exit Sub
End If

If Not rs.EOF Then
    Do Until rs.EOF
        wscript.echo "Trusted Domain: " & rs("name")
        rs.MoveNext
    Loop
    MsgBox "Query is functioning properly."
Else
    wscript.echo "No Trusted Domains Discovered."
End If
rs.Close
Set com = Nothing

If Err.Number <> 0 Then
    MsgBox "Error opening connection To " & strDomain & ". Error is : " & Err.Description
    Exit Sub
End If

End sub


For one particular client, this occurrs in their test domain, but not their production domain.

The domain is a Windows 2003 domain. From this thread it seems like the user permissions and MDAC are likely causes.

I know this script works, so I'm trying to troubleshoot why it works for some and not others. I've verified it against both Windows 2000 and Windows 2003 domains.

This is actually for a website, but I put it in VBS for ease of use.

The web service is using Integrated Authentication only, but doesnt really matter since I'm passing my own account information over. The problem seems to occcur for any level of domain permissions (Domain Admins and regular users.)

So if you guys can try this in your own domains to see if it works or not, or any ideas why it would work in some domains and not others, then you will have saved a mans business and will have good fortune for all of your lives.

Any help would be MUCH appreciated.

/John
0
mooka
Asked:
mooka
  • 6
  • 3
1 Solution
 
David LeeCommented:
Hi mooka,

I'll be at work shortly and will give this script a try.

Cheers!
0
 
David LeeCommented:
The script worked fine in my domain.
0
 
mookaAuthor Commented:
Thanks for the update. Do you have any child domains that you can run it against as well?

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
David LeeCommented:
Actually I ran it in a child domain.  I can try running it from the root too if you'd like.
0
 
mookaAuthor Commented:
have an application that reads data from the Global Catalog. I recently
had a problem with a client who has a multidomain forest. The clarification
is whether it is possible to bind to a global catalog in a child domain.

I recently spoke with an individual who stated that the Global Catalog only
truely exists in the root domain. This at first seemed counter-intuitive, as
DC's in Child Domains can be GC's. The issue at the client was that I could
bind to the GC in the root domain, but not in the child domain.

I am (apparently) able to bind to a GC in a child domain in a test
environment.

The reason this came to light is the client does not use MS DNS. They said
that MS DNS is letting be bind to the child domain.

Here is a sample script that I was using to test... This script (VBS) would
work in the test environment using both the child domain and root domain. For
the client it would only work for the root domain.


strDomain = InputBox("Enter the name of the Domain in Domain.com
notation",Title,strDomain)

aDomain = Split(strDomain, ".")
strNTDomain = aDomain(0)

strDomainUid = InputBox("Enter the ESD AD Connection Account
(Domain\UserName)",Title,strNTDomain & "\")


strDomainPwd = InputBox("Enter Password for " & strDomain,Title,strDomainPwd)



GetTrustedDomains strDomain, strDomainUid, strDomainPwd

Sub GetTrustedDomains(strDomain, strDomainUid, strDomainPwd)
On Error Resume Next



Set oConnection = CreateObject("ADODB.Connection")
Set oRecordset = CreateObject("ADODB.Recordset")
oConnection.Provider = "ADsDSOObject"  'The ADSI OLE-DB provider
oConnection.Properties("User ID") = strDomainUid
oConnection.Properties("Password") = strDomainPwd
oConnection.Open "ADs Provider"
strQuery = "<GC://" & strDomain & 
">;(&(objectCategory=trustedDomain));Name;subtree"
Set rs = oConnection.Execute(strQuery)


If Err.Number <> 0 Then
      MsgBox "Error opening connection To " & strDomain & ". Error is : " &
Err.Description
      Exit Sub
End If

If Not rs.EOF Then
      Do Until rs.EOF
            wscript.echo "Trusted Domain: " & rs("name")
            rs.MoveNext
      Loop
      MsgBox "Query is functioning properly."
Else
    wscript.echo "No Trusted Domains Discovered."
End If
rs.Close

Set oCont = Nothing
Set rs = Nothing
Set oConnection = Nothing

If Err.Number <> 0 Then
      MsgBox "Error opening connection To " & strDomain & ". Error is : " &
Err.Description
      Exit Sub
End If

End sub


Any clarification on this would be greatly appreciated.

Thanks,

John
0
 
David LeeCommented:
Ok, I think I understand the question now.  When I tested earlier I connected to the GC in my domain, not a GC in a different domain.  On reading your last post I realized that wasn't a good test for this question.  So, just now I tried connecting to a GC in a different child domain and got the same error message you reported.  I know that's because I don't have any permissions in the other child domain.  What I'm not clear on is why you need to connect to a GC in a different domain.  All GCs in the same directory tree should have the same information, as the name global implies.  It shouldn't matter what GC you check they should all report the same trusted domains.  If one GC has information another doesn't, then there's something wrong with replication.  
0
 
mookaAuthor Commented:
Thanks for the reply...

My confusion comes with that fact that GC's are site based. My ultimate goal is to query the global catalog in the same site as the server or machine running the script.

So if I'm in child.domain.com and want to access the global catalog in my site, for sake of performance (not necessarly this script but something that makes many reads to the directory) can I simply call:

        Set oCont = GetObject("GC:")
        For Each oGC In oCont
          strADsPath = oGC.ADsPath
        Next

The path returned is the same regardless of whether it is executed in the Child domain or parent domain. Does that mean it is connecting to the GC in my site, but binding to that GC at the root level (strADsPath )?

Thanks,

John
0
 
David LeeCommented:
John,

Yes, GC exist in a site, if that's what you mean by "site based".  If you want to query the nearest GC, then don't specify a domain and leave it to AD to grab the nearest one.  Yes, it's my belief that the code you posted will grab the nearest GC.  You can then modify your original code to use the ADsPath returned to connect to that GC.  I'm not sure about the answer to your last question.  It may be that the GC in the root is the one AD considers to be the closest or least busy.  Then again perhaps AD searches in a hierarchical top down fashion and it finds the GC in the root first.  Sorry, I'm not deep enough into AD to know the answer to that question.
0
 
David LeeCommented:
I believe I deserve some consideration.  I tested his script, confirmed it worked on conditions similar to his setting, and responded back to all the author's questions.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now