BlueDelta5
asked on
80070005 error on vbscript to move Computers to new OU
I wanted to create a script that a standard user could run via the login script which will move the user's PC to their corresponding computers container in active directory.
The script is rough (as I am no vb expert), but works as an admin user. How can I make it work as a standard user. I get an access denied 80070005 error. I tried playing with the impersonate command but with no joy. Any ideas ?
Option Explicit
Dim objSysInfo
DIM OU, OU1, OU2, COMPPATH, strADsPath, strADsPath1
DIM objNetwork
DIM objConnection
DIM objCommand
DIM WshShell
DIM WshNetwork
DIM colUserEnvVariables
DIM currentuser
DIM objNewOU
DIm objMoveComputer
DIm objRootDSE
DIM strDNSDomain
DIM test1
Dim strComputer
DIM objWMIService
'======If an error is encountered, keep going======
'On Error Resume Next
Set objSysInfo = CreateObject("ADSystemInfo ")
Set WshNetwork = WScript.CreateObject("WScr ipt.Networ k")
Set WshShell = CreateObject("Wscript.Shel l")
Set CurrentUser = GetObject("LDAP://" & objSysInfo.UserName)
'Retrieve the collection of system variables
Set colUserEnvVariables = WshShell.Environment("Syst em")
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------
'- Get current OU of the user and comp
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------
OU = objSysInfo.username
comppath= objSysInfo.computername
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------
'- Format the OU string for the query to provide location of new computers container
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------
OU1= replace(ou, "USERS", "COMPUTERS")
OU2= instr (ou1, "OU=COMPUTERS")
strADsPath= mid (OU1,OU2)
strADsPath1= "OU=" & mid (OU1,OU2)
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------
'- TESTING
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------
'msgbox ou
'msgbox ou1
msgbox ou2
msgbox comppath
msgbox strADsPath
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------
'move PC to new OU
'------------------------- ---------- ---------- ---------- ---------- ---------- ---------
strComputer=WshNetwork.Com puterName
msgbox strComputer
CONST ForReading = 1
Const ForAppending = 8
Set objRootDSE = GetObject("LDAP://RootDSE" )
strDNSDomain = objRootDSE.Get("defaultNam ingContext ")
Set objCommand = CreateObject("ADODB.Comman d")
Set objConnection = CreateObject("ADODB.Connec tion")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio n = objConnection
Set objNewOU = GetObject("LDAP://" & strADsPath)
Set objMoveComputer = objNewOU.MoveHere ("LDAP://" & comppath, "CN=" & strComputer)
The script is rough (as I am no vb expert), but works as an admin user. How can I make it work as a standard user. I get an access denied 80070005 error. I tried playing with the impersonate command but with no joy. Any ideas ?
Option Explicit
Dim objSysInfo
DIM OU, OU1, OU2, COMPPATH, strADsPath, strADsPath1
DIM objNetwork
DIM objConnection
DIM objCommand
DIM WshShell
DIM WshNetwork
DIM colUserEnvVariables
DIM currentuser
DIM objNewOU
DIm objMoveComputer
DIm objRootDSE
DIM strDNSDomain
DIM test1
Dim strComputer
DIM objWMIService
'======If an error is encountered, keep going======
'On Error Resume Next
Set objSysInfo = CreateObject("ADSystemInfo
Set WshNetwork = WScript.CreateObject("WScr
Set WshShell = CreateObject("Wscript.Shel
Set CurrentUser = GetObject("LDAP://" & objSysInfo.UserName)
'Retrieve the collection of system variables
Set colUserEnvVariables = WshShell.Environment("Syst
'-------------------------
'- Get current OU of the user and comp
'-------------------------
OU = objSysInfo.username
comppath= objSysInfo.computername
'-------------------------
'- Format the OU string for the query to provide location of new computers container
'-------------------------
OU1= replace(ou, "USERS", "COMPUTERS")
OU2= instr (ou1, "OU=COMPUTERS")
strADsPath= mid (OU1,OU2)
strADsPath1= "OU=" & mid (OU1,OU2)
'-------------------------
'- TESTING
'-------------------------
'msgbox ou
'msgbox ou1
msgbox ou2
msgbox comppath
msgbox strADsPath
'-------------------------
'move PC to new OU
'-------------------------
strComputer=WshNetwork.Com
msgbox strComputer
CONST ForReading = 1
Const ForAppending = 8
Set objRootDSE = GetObject("LDAP://RootDSE"
strDNSDomain = objRootDSE.Get("defaultNam
Set objCommand = CreateObject("ADODB.Comman
Set objConnection = CreateObject("ADODB.Connec
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio
Set objNewOU = GetObject("LDAP://" & strADsPath)
Set objMoveComputer = objNewOU.MoveHere ("LDAP://" & comppath, "CN=" & strComputer)
ASKER
At the moment all PC's are in the standard computer container. We have a user and computer container per dept. As machines are brought online and the user logs in for the first time, we want to move the PC to the right computer container.
The script works. I just need to know how to insert higher credentials so to allow the script to move an AD object,
The script works. I just need to know how to insert higher credentials so to allow the script to move an AD object,
Sorry, I don't know how to.
But maybe this is of interest: http://www.windowsitpro.com/article/windows-server-2003/how-can-i-change-the-default-container-in-which-active-directory-ad-creates-new-computers-in-windows-server-2003-.aspx
But maybe this is of interest: http://www.windowsitpro.com/article/windows-server-2003/how-can-i-change-the-default-container-in-which-active-directory-ad-creates-new-computers-in-windows-server-2003-.aspx
A domain user has only read access to the Computer object and OUs by default. If you want a domain user to be able to move objects, with a script, you'll need to grant them permissions. Not that I think that is a good idea.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Could you provide the goal behind this? Why should this be solved at the client side? What changed to make it necessary?