We help IT Professionals succeed at work.

LDAP query from non-domain computers

Hello, please allow me to give a brief description of what's going on. We are trying to map drives for users who are VPN'd (via SSL VPN) in. The scripts (different VBscripts for different offices) are on a server share.

What we have discovered is that if the VPN client computer is a managed computer, thus in Active Directory, the scripts run fine and the drives are mapped. However, if the VPN client computer is unmanaged, this is where the problem occurs.

Firstly, using the "Wscript.Network" object, we check for the .UserDomain property. If it's not the domain name then we prompt the user for credentials via InputBox dialogs. We use those credentials to pass to the .MapNetworkDrive method since it takes username/password arguments. This works fine.

The problems come when using the "ADSystemInfo" object. The .UserName property value is used for LDAP queries. From an unmanaged computer there is no .UserName property since credentials are local I suppose. And I can't seem to pass credentials to this object. Thus I cant make LDAP queries.

I thought I found a work around with some code I found (see below). Thats to have a first script determine if the computer is managed or unmanaged. If unmanaged then I would run the second script under assigned credentials. This works from a managed machine but not from an unmanaged one. step2.vbs never executes from the unmanaged machine.

Const conPath = "\\server\share\step2.vbs"
Const conUser = "domain\username"
Const conPwd = "password~" 'The tild(~) simulates an enter key press.
Dim objShell
Set objShell = CreateObject("WScript.Shell")
objShell.Run("runas /user:" & conUser & " " & chr(34) & "wscript \" & chr(34) & _ conPath & chr(34) & chr(34))
objShell.AppActivate "Runas"
WScript.Sleep 100
objShell.SendKeys conPwd

I'm at my wits end. Is there any way I can make an LDAP query from an unmanaged computer?

Thanks in advance,
Jim
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014

Commented:
Have you tried using the OpenDSObject method?
http://msdn2.microsoft.com/en-us/library/aa706065(VS.85).aspx

There's an example of using it here under the "Now lets take a look at the ADSI version" section:
http://www.microsoft.com/technet/scriptcenter/resources/qanda/dec04/hey1213.mspx

Regards,

Rob.

Author

Commented:
Thanks Rob! Using the OpenDSObject method and WinNT object did the trick.

Jim
CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014
Commented:
Great!  Are you able to accept an answer and close this question, or do you still have any issues?

Regards,

Rob.