LDAP newbie trying to pull a list of groups + members w/ADO script

Posted on 2006-06-06
Last Modified: 2010-04-30
I'm trying to create a list of all groups and membership from my domain, using the script found here:

I make it to line 62:
Set objGroup = GetObject("LDAP://" & strDN) which point I get an 80005000 error (bad directory), source: (null).  strDN at that point is:

CN=/SHG - Metro PA Mgm,CN=PDP Collaboration Services Objects,OU=PDP_GALSYNC_Objects,DC=axp,DC=corp,DC=amexfa,DC=com

My extremely loose understanding of LDAP leaves me a little dry at this point.  I know the mess of DC= at the end is the defaultNamingContext of my RootDSE, and I know it's correct, but that's about all I know.  Any input would be appreciated.
Question by:Rakafkaven
    LVL 16

    Assisted Solution

    The problem ios probably coming from the / in the group name
    Does that group exist? I didn't think you could create a group like that.

    Does this script error on the 1st time through or does it go through
    several groups until it gets to this one?
    LVL 70

    Accepted Solution


    This bit represents the Path and Name of the object:

    CN=/SHG - Metro PA Mgm,CN=PDP Collaboration Services Objects,OU=PDP_GALSYNC_Objects,

    CN is a Container Object, those are normally reserved for objects like Users, Groups, Computers, etc. There are a couple of special ones like the Users Folder as well. OU is Organizational Unit, and that's the normal type for folders you create to put things in.

    In the case above the error is caused by:

    CN=/SHG ...

    That extra / in there really messes up the directory path (technically it's an illegal character) for the script and for the script to work the character needs to be treated properly:

    CN=\/SHG - Metro PA Mgm,CN=PDP Collaboration Services Objects,OU=PDP_GALSYNC_Objects,

    The \ tells the script that it's part of the name and not to be treated as part of the path.

    Fortunately there's a way around this:

    objGroup.Get("distinguishedName") will always return the literal path, without any modifications to take care of illegal characters. objGroup.ADSPath on the other hand will return a usable path. To make that work in the script a couple of things need to be altered:

    strQuery = "<LDAP://" & strDNSDomain _
      & ">;(objectClass=group);distinguishedName;subtree"

    Needs changing to:

    strQuery = "<LDAP://" & strDNSDomain _
      & ">;(objectClass=group);aDSPath;subtree"


      strDN = objRecordSet.Fields("distinguishedName")
      Set objGroup = GetObject("LDAP://" & strDN)

    Needs changing to:

    Set objGroup = GetObject(objRecordSet.Fields("aDSPath"))

    If any of that isn't clear please let me know.

    LVL 4

    Author Comment

    This is the first group.  I'll try throwing an InStr check before the directory call and see if I get better results.
    LVL 4

    Author Comment

    Perfect!  the aDSPath solution worked.  Of course, my results are completely unreadable:

    A3A0B63E8776453C962 (Global/Security)
       Member: 385008F11037446BA14 (User)
       Member: 0E0016186820401EBF8 (User)
       Member: 723803D5FCF1451196F (User)
       Member: 53C0B0383AD44C71A10 (User)
    87117A422B4386B690D (Global/Security)
       Member: BC1B99EFF47F46D49D7 (User)
       Member: 4BCA7A31391B4A9C968 (User)

    So there will be another question posted about that in about two minutes, if either of you are interested.  Either way, thanks!

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Suggested Solutions

    When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
    You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
    Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
    This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now