Solved

80070005 error on vbscript to move Computers to new OU

Posted on 2011-03-21
5
906 Views
Last Modified: 2012-05-11
I wanted to create a script that a standard user could run via the login script which will move the user's PC to their corresponding computers container in active directory.

The script is rough (as I am no vb expert), but works as an admin user. How can I make it work as a standard user. I get an access denied 80070005 error.  I tried playing with the impersonate command but with no joy. Any ideas ?

Option Explicit
Dim objSysInfo
DIM OU, OU1, OU2, COMPPATH, strADsPath, strADsPath1
DIM objNetwork
DIM objConnection
DIM objCommand
DIM WshShell
DIM WshNetwork
DIM colUserEnvVariables
DIM currentuser
DIM objNewOU
DIm objMoveComputer
DIm objRootDSE
DIM strDNSDomain
DIM test1
Dim strComputer
DIM objWMIService


'======If an error is encountered, keep going======
'On Error Resume Next


Set objSysInfo = CreateObject("ADSystemInfo")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set WshShell = CreateObject("Wscript.Shell")
Set CurrentUser = GetObject("LDAP://" & objSysInfo.UserName)

'Retrieve the collection of system variables
Set colUserEnvVariables = WshShell.Environment("System")


'------------------------------------------------------------------------------------
'-                  Get current OU of the user and comp
'------------------------------------------------------------------------------------
OU = objSysInfo.username
comppath= objSysInfo.computername

'------------------------------------------------------------------------------------
'-         Format the OU string for the query to provide location of new computers container
'------------------------------------------------------------------------------------
OU1= replace(ou, "USERS", "COMPUTERS")
OU2= instr (ou1, "OU=COMPUTERS")
strADsPath= mid (OU1,OU2)
strADsPath1= "OU=" & mid (OU1,OU2)
'------------------------------------------------------------------------------------
'-   TESTING
'------------------------------------------------------------------------------------
'msgbox ou
'msgbox ou1
msgbox ou2
msgbox comppath
msgbox strADsPath

'------------------------------------------------------------------------------------
'move PC to new OU
'------------------------------------------------------------------------------------

strComputer=WshNetwork.ComputerName
msgbox strComputer

CONST ForReading = 1
Const ForAppending = 8
 
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
Set objNewOU = GetObject("LDAP://" & strADsPath)
Set objMoveComputer = objNewOU.MoveHere ("LDAP://" & comppath, "CN=" & strComputer)

0
Comment
Question by:BlueDelta5
5 Comments
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Hi.
Could you provide the goal behind this? Why should this be solved at the client side? What changed to make it necessary?
0
 
LVL 1

Author Comment

by:BlueDelta5
Comment Utility
At the moment all PC's are in the standard computer  container. We have a user and computer container per dept. As machines are brought online and the user logs in for the first time, we want to move the PC to the right computer container.

The script works. I just need to know how to insert higher credentials so to allow the script to move an AD object,
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
0
 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
A domain user has only read access to the Computer object and OUs by default. If you want a domain user to be able to move objects, with a script, you'll need to grant them permissions. Not that I think that is a good idea.
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 250 total points
Comment Utility
Hi, if you really want to put your username and password in the script, this will allow the current computer object to be moved to the target OU.

Regards,

Rob.
sADDomain = "yourdomain"
sADUser = "adminuser"
sADPassword = "adminpassword"

Const ADS_SECURE_AUTHENTICATION = 1
sDestOU = "LDAP://OU=targetOU,OU=sites,DC=domain,DC=com"
Set objRootDSE = GetObject("LDAP:")
Set objSysInfo = CreateObject("ADSystemInfo")
Set objDestOU = objRootDSE.OpenDSObject(sDestOU, sADDomain & "\" & sADUser, sADPassword, ADS_SECURE_AUTHENTICATION)
Set objComputer = objRootDSE.OpenDSObject("LDAP://" & objSysInfo.ComputerName, sADDomain & "\" & sADUser, sADPassword, ADS_SECURE_AUTHENTICATION)
On Error Resume Next
objDestOU.MoveHere "LDAP://" & objComputer.distinguishedName, vbNullString
If Err.Number = 0 Then
	MsgBox "Computer moved successfully."
Else
	MsgBox "Error " & Err.Number & ": " & Err.Description
	Err.Clear
End If

Open in new window

0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Script is being strange 8 48
Path to Python 9 37
Windows 10 Firewall question 5 31
Making a PC to access Bluetoothe devices 2 16
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now