Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

"General access denied error" when running VBScript to create user in Active Directory

Posted on 2011-02-10
2
Medium Priority
?
3,010 Views
Last Modified: 2012-05-11
I am trying to write a VBScript that will create a user in Active Directory and then add them to particular group. I got the user creation part to work on our Windows Server 2008 application server but when I added the piece in to add the new user to a particular group I ended up removing all existing users from that group instead (this is my major issue).

So, now, I am working in a VM until I can get the script working properly. I'm working on a new install of Windows Server 2008 but when I run the script here I get an error "General access denied error" on the line "objUser.SetInfo".

I tried disabling UAC but this does not resolve the issue. I am an admin and domain admin on the box. I have attached the script.


Thanks,
ob1
' UserOU.vbs
' Sample VBScript to create a User in a named OU.
' Author Guy Thomas http://Userperformance.co.uk/
' Version 2.4 - September 2010
' ------------------------------------------------------' 
Option Explicit
Dim objRootLDAP, objContainer, objUser, objGroup, objShell
Dim strUser, strName, strContainer, strSN, strCompany, strDistinguishedName, strUserPrincipalName, strDepartment, strMail, strDisplayName


strUser = "Test-UserName"
strName = "Test"
strSN = "User"
strCompany = "Test Company"
strDistinguishedName = "CN=Test-UserName,OU=Sandbox,DC=xxx,DC=com"
strUserPrincipalNAme = "user_company@xxx.local"
strDepartment = "Sandbox"
strMail = "testuser@company.com"
strDisplayName = strName & " " & strSN

strContainer = "OU=Sandbox ," ' Note the comma

' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://" & strContainer & _
objRootLDAP.Get("defaultNamingContext"))

dim text
text = objRootLDAP.Get("defaultNamingContext")
msgbox text


' Build the actual User.
Set objUser = objContainer.Create("User", "cn=" & strDisplayName)
objUser.Put "sAMAccountName", strUser
objUser.Put "givenName", strName
objUser.Put "SN", strSN
objUser.Put "company", strCompany
objUser.Put "description", strCompany
objUser.Put "distinguishedName", strDistinguishedName
objUser.Put "userPrincipalName", strUserPrincipalName
objUser.Put "mail", strMail
objUser.Put "department", strDepartment
objUser.Put "displayName", strDisplayName
objUser.SetInfo



'Const ADS_PROPERTY_APPEND = 1 
 
'Set objGroup = GetObject _
'  ("LDAP://CN=Test Users,OU=Test,DC=xxx,DC=local") 
 
'objGroup.PutEx ADS_PROPERTY_APPEND, "member", _
'    Array("CN=" & strDisplayName & ",OU=Sandbox,DC=xxx,DC=com")


 
'objGroup.SetInfo



' Optional section to launch Active Directory Uses and Users
Set objShell=CreateObject("WScript.Shell")
objShell.Run "%systemroot%\system32\dsa.msc"

WScript.Quit

' End of Sample UserOU VBScript.

Open in new window

0
Comment
Question by:ob1_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 6

Accepted Solution

by:
ob1_ earned 0 total points
ID: 34864935
Looks like the problem was UAC - I had not fully disabled in Local Security Policy.
0
 
LVL 6

Author Closing Comment

by:ob1_
ID: 34864946
disabled all UAC options in local security policy per this article: http://www.computerperformance.co.uk/Longhorn/server_2008_uac_user_account_control.htm
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question