mooka
asked on
LDAP Query to GC fails SOMETIMES - Table does not exist
Hello All,
I have a customer who is unable to run the script below, they are getting the Table Does Not Exist Error. I'm hoping someone can point to some troubleshooting efforts and leverage some good experience from this board...
The infamous error: Table Does not Exist - With a Twist
I have the following Code (VB Script) used to enumerate the trusted domains...
I can run it no problem, I have other customers who are getting the table does not exist...
Here is the script:
strDomain = InputBox("Enter the name of the Domain in Domain.com notation",Title,strDomain)
If InStr(strDomain, ".") = FALSE Then
MsgBox("The Domain must be the FQDN e.g. Domain.com")
WScript.Quit
End If
aDomain = Split(strDomain, ".")
strNTDomain = aDomain(0)
strDomainUid = InputBox("Enter a User Account (Domain\UserName)",Title,s trNTDomain & "\")
strDomainPwd = InputBox("Enter Password for " & strDomain,Title,strDomainP wd)
GetTrustedDomains strDomain, strDomainUid, strDomainPwd
Sub GetTrustedDomains(strDomai n, strDomainUid, strDomainPwd)
On Error Resume Next
Set con = CreateObject("ADODB.Connec tion")
con.provider = "ADsDSOObject"
con.Properties("User ID") = strDomainUid
con.Properties("Password") = strDomainPwd
con.open "Active Directory Provider"
Set com = CreateObject("ADODB.Comman d")
Set com.ActiveConnection = con
com.CommandText = "select name FROM 'GC://" & strDomain & "' where objectCategory='trustedDom ain'"
Set rs = com.Execute
If Err.Number <> 0 Then
MsgBox "Error opening connection To " & strDomain & ". Error is : " & Err.Description
Exit Sub
End If
If Not rs.EOF Then
Do Until rs.EOF
wscript.echo "Trusted Domain: " & rs("name")
rs.MoveNext
Loop
MsgBox "Query is functioning properly."
Else
wscript.echo "No Trusted Domains Discovered."
End If
rs.Close
Set com = Nothing
If Err.Number <> 0 Then
MsgBox "Error opening connection To " & strDomain & ". Error is : " & Err.Description
Exit Sub
End If
End sub
For one particular client, this occurrs in their test domain, but not their production domain.
The domain is a Windows 2003 domain. From this thread it seems like the user permissions and MDAC are likely causes.
I know this script works, so I'm trying to troubleshoot why it works for some and not others. I've verified it against both Windows 2000 and Windows 2003 domains.
This is actually for a website, but I put it in VBS for ease of use.
The web service is using Integrated Authentication only, but doesnt really matter since I'm passing my own account information over. The problem seems to occcur for any level of domain permissions (Domain Admins and regular users.)
So if you guys can try this in your own domains to see if it works or not, or any ideas why it would work in some domains and not others, then you will have saved a mans business and will have good fortune for all of your lives.
Any help would be MUCH appreciated.
/John
I have a customer who is unable to run the script below, they are getting the Table Does Not Exist Error. I'm hoping someone can point to some troubleshooting efforts and leverage some good experience from this board...
The infamous error: Table Does not Exist - With a Twist
I have the following Code (VB Script) used to enumerate the trusted domains...
I can run it no problem, I have other customers who are getting the table does not exist...
Here is the script:
strDomain = InputBox("Enter the name of the Domain in Domain.com notation",Title,strDomain)
If InStr(strDomain, ".") = FALSE Then
MsgBox("The Domain must be the FQDN e.g. Domain.com")
WScript.Quit
End If
aDomain = Split(strDomain, ".")
strNTDomain = aDomain(0)
strDomainUid = InputBox("Enter a User Account (Domain\UserName)",Title,s
strDomainPwd = InputBox("Enter Password for " & strDomain,Title,strDomainP
GetTrustedDomains strDomain, strDomainUid, strDomainPwd
Sub GetTrustedDomains(strDomai
On Error Resume Next
Set con = CreateObject("ADODB.Connec
con.provider = "ADsDSOObject"
con.Properties("User ID") = strDomainUid
con.Properties("Password")
con.open "Active Directory Provider"
Set com = CreateObject("ADODB.Comman
Set com.ActiveConnection = con
com.CommandText = "select name FROM 'GC://" & strDomain & "' where objectCategory='trustedDom
Set rs = com.Execute
If Err.Number <> 0 Then
MsgBox "Error opening connection To " & strDomain & ". Error is : " & Err.Description
Exit Sub
End If
If Not rs.EOF Then
Do Until rs.EOF
wscript.echo "Trusted Domain: " & rs("name")
rs.MoveNext
Loop
MsgBox "Query is functioning properly."
Else
wscript.echo "No Trusted Domains Discovered."
End If
rs.Close
Set com = Nothing
If Err.Number <> 0 Then
MsgBox "Error opening connection To " & strDomain & ". Error is : " & Err.Description
Exit Sub
End If
End sub
For one particular client, this occurrs in their test domain, but not their production domain.
The domain is a Windows 2003 domain. From this thread it seems like the user permissions and MDAC are likely causes.
I know this script works, so I'm trying to troubleshoot why it works for some and not others. I've verified it against both Windows 2000 and Windows 2003 domains.
This is actually for a website, but I put it in VBS for ease of use.
The web service is using Integrated Authentication only, but doesnt really matter since I'm passing my own account information over. The problem seems to occcur for any level of domain permissions (Domain Admins and regular users.)
So if you guys can try this in your own domains to see if it works or not, or any ideas why it would work in some domains and not others, then you will have saved a mans business and will have good fortune for all of your lives.
Any help would be MUCH appreciated.
/John
The script worked fine in my domain.
ASKER
Thanks for the update. Do you have any child domains that you can run it against as well?
Actually I ran it in a child domain. I can try running it from the root too if you'd like.
ASKER
have an application that reads data from the Global Catalog. I recently
had a problem with a client who has a multidomain forest. The clarification
is whether it is possible to bind to a global catalog in a child domain.
I recently spoke with an individual who stated that the Global Catalog only
truely exists in the root domain. This at first seemed counter-intuitive, as
DC's in Child Domains can be GC's. The issue at the client was that I could
bind to the GC in the root domain, but not in the child domain.
I am (apparently) able to bind to a GC in a child domain in a test
environment.
The reason this came to light is the client does not use MS DNS. They said
that MS DNS is letting be bind to the child domain.
Here is a sample script that I was using to test... This script (VBS) would
work in the test environment using both the child domain and root domain. For
the client it would only work for the root domain.
strDomain = InputBox("Enter the name of the Domain in Domain.com
notation",Title,strDomain)
aDomain = Split(strDomain, ".")
strNTDomain = aDomain(0)
strDomainUid = InputBox("Enter the ESD AD Connection Account
(Domain\UserName)",Title,s trNTDomain & "\")
strDomainPwd = InputBox("Enter Password for " & strDomain,Title,strDomainP wd)
GetTrustedDomains strDomain, strDomainUid, strDomainPwd
Sub GetTrustedDomains(strDomai n, strDomainUid, strDomainPwd)
On Error Resume Next
Set oConnection = CreateObject("ADODB.Connec tion")
Set oRecordset = CreateObject("ADODB.Record set")
oConnection.Provider = "ADsDSOObject" 'The ADSI OLE-DB provider
oConnection.Properties("Us er ID") = strDomainUid
oConnection.Properties("Pa ssword") = strDomainPwd
oConnection.Open "ADs Provider"
strQuery = "<GC://" & strDomain &
">;(&(objectCategory=trust edDomain)) ;Name;subt ree"
Set rs = oConnection.Execute(strQue ry)
If Err.Number <> 0 Then
MsgBox "Error opening connection To " & strDomain & ". Error is : " &
Err.Description
Exit Sub
End If
If Not rs.EOF Then
Do Until rs.EOF
wscript.echo "Trusted Domain: " & rs("name")
rs.MoveNext
Loop
MsgBox "Query is functioning properly."
Else
wscript.echo "No Trusted Domains Discovered."
End If
rs.Close
Set oCont = Nothing
Set rs = Nothing
Set oConnection = Nothing
If Err.Number <> 0 Then
MsgBox "Error opening connection To " & strDomain & ". Error is : " &
Err.Description
Exit Sub
End If
End sub
Any clarification on this would be greatly appreciated.
Thanks,
John
had a problem with a client who has a multidomain forest. The clarification
is whether it is possible to bind to a global catalog in a child domain.
I recently spoke with an individual who stated that the Global Catalog only
truely exists in the root domain. This at first seemed counter-intuitive, as
DC's in Child Domains can be GC's. The issue at the client was that I could
bind to the GC in the root domain, but not in the child domain.
I am (apparently) able to bind to a GC in a child domain in a test
environment.
The reason this came to light is the client does not use MS DNS. They said
that MS DNS is letting be bind to the child domain.
Here is a sample script that I was using to test... This script (VBS) would
work in the test environment using both the child domain and root domain. For
the client it would only work for the root domain.
strDomain = InputBox("Enter the name of the Domain in Domain.com
notation",Title,strDomain)
aDomain = Split(strDomain, ".")
strNTDomain = aDomain(0)
strDomainUid = InputBox("Enter the ESD AD Connection Account
(Domain\UserName)",Title,s
strDomainPwd = InputBox("Enter Password for " & strDomain,Title,strDomainP
GetTrustedDomains strDomain, strDomainUid, strDomainPwd
Sub GetTrustedDomains(strDomai
On Error Resume Next
Set oConnection = CreateObject("ADODB.Connec
Set oRecordset = CreateObject("ADODB.Record
oConnection.Provider = "ADsDSOObject" 'The ADSI OLE-DB provider
oConnection.Properties("Us
oConnection.Properties("Pa
oConnection.Open "ADs Provider"
strQuery = "<GC://" & strDomain &
">;(&(objectCategory=trust
Set rs = oConnection.Execute(strQue
If Err.Number <> 0 Then
MsgBox "Error opening connection To " & strDomain & ". Error is : " &
Err.Description
Exit Sub
End If
If Not rs.EOF Then
Do Until rs.EOF
wscript.echo "Trusted Domain: " & rs("name")
rs.MoveNext
Loop
MsgBox "Query is functioning properly."
Else
wscript.echo "No Trusted Domains Discovered."
End If
rs.Close
Set oCont = Nothing
Set rs = Nothing
Set oConnection = Nothing
If Err.Number <> 0 Then
MsgBox "Error opening connection To " & strDomain & ". Error is : " &
Err.Description
Exit Sub
End If
End sub
Any clarification on this would be greatly appreciated.
Thanks,
John
Ok, I think I understand the question now. When I tested earlier I connected to the GC in my domain, not a GC in a different domain. On reading your last post I realized that wasn't a good test for this question. So, just now I tried connecting to a GC in a different child domain and got the same error message you reported. I know that's because I don't have any permissions in the other child domain. What I'm not clear on is why you need to connect to a GC in a different domain. All GCs in the same directory tree should have the same information, as the name global implies. It shouldn't matter what GC you check they should all report the same trusted domains. If one GC has information another doesn't, then there's something wrong with replication.
ASKER
Thanks for the reply...
My confusion comes with that fact that GC's are site based. My ultimate goal is to query the global catalog in the same site as the server or machine running the script.
So if I'm in child.domain.com and want to access the global catalog in my site, for sake of performance (not necessarly this script but something that makes many reads to the directory) can I simply call:
Set oCont = GetObject("GC:")
For Each oGC In oCont
strADsPath = oGC.ADsPath
Next
The path returned is the same regardless of whether it is executed in the Child domain or parent domain. Does that mean it is connecting to the GC in my site, but binding to that GC at the root level (strADsPath )?
Thanks,
John
My confusion comes with that fact that GC's are site based. My ultimate goal is to query the global catalog in the same site as the server or machine running the script.
So if I'm in child.domain.com and want to access the global catalog in my site, for sake of performance (not necessarly this script but something that makes many reads to the directory) can I simply call:
Set oCont = GetObject("GC:")
For Each oGC In oCont
strADsPath = oGC.ADsPath
Next
The path returned is the same regardless of whether it is executed in the Child domain or parent domain. Does that mean it is connecting to the GC in my site, but binding to that GC at the root level (strADsPath )?
Thanks,
John
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I believe I deserve some consideration. I tested his script, confirmed it worked on conditions similar to his setting, and responded back to all the author's questions.
I'll be at work shortly and will give this script a try.
Cheers!