Board index » Visual Studio » LDAP query problems

edspyhill01

LDAP query problems

Visual Studio6
Hi there,



I am having a bit of trouble with Windows XP machines running my login

script. The script errors on on the line:



Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)



saying the domain does not exist. Although the same script works perfectly

well on my win 2k machines. There is however a complication, the network we

run has 2 VLANs 1 trusted and 1 untrusted. We have ACLs which allow the

trusted side to establish communication with the untrusted side but not visa

versa. There is no ICMP traffic allowed accross the network either. Therefore

if I want a win2k or winXP machine to connect to a domain on the untrusted

side of the network from the trusted side I have to put an entry in the hosts

and lmhosts file as the machines can be found by IP but not by name.



With these 2 files Windows 2k machines login to the domain without any

problems however the XP machines throw up Event ID 15 autoenrollment failed

and Event ID 1053 Userenv unable to locate domain controller, but they still

login and retain all domain functionality. There is no way I can change the

ACLs at we have around 200 on induvidual sites and the company responsible

charge £50 to make and changes to each one. But I really need to get this

login script working accross the VLAN.



So basically my question is, is there another way to query the current user

from AD with vbs without:



Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)



or some other variation on this?


-
 
Torgeir

Registered User

Mon Feb 28 05:39:13 CST 2005

Re:LDAP query problems

Leon Cripps wrote:



Quote
Hi there,



I am having a bit of trouble with Windows XP machines running my login

script. The script errors on on the line:



Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)



saying the domain does not exist. Although the same script works perfectly

well on my win 2k machines. There is however a complication, the network we

run has 2 VLANs 1 trusted and 1 untrusted. We have ACLs which allow the

trusted side to establish communication with the untrusted side but not visa

versa. There is no ICMP traffic allowed accross the network either. Therefore

if I want a win2k or winXP machine to connect to a domain on the untrusted

side of the network from the trusted side I have to put an entry in the hosts

and lmhosts file as the machines can be found by IP but not by name.



With these 2 files Windows 2k machines login to the domain without any

problems however the XP machines throw up Event ID 15 autoenrollment failed

and Event ID 1053 Userenv unable to locate domain controller, but they still

login and retain all domain functionality. There is no way I can change the

ACLs at we have around 200 on induvidual sites and the company responsible

charge £50 to make and changes to each one. But I really need to get this

login script working accross the VLAN.



So basically my question is, is there another way to query the current user

from AD with vbs without:



Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)



or some other variation on this?

Hi



Your problem could be caused by WinXP's "Fast Logon Optimization

Feature".



Description of the Windows XP Professional Fast Logon Optimization

Feature

http://support.microsoft.com/default.aspx?scid" rel="nofollow" target="_blank">support.microsoft.com/default.aspx=kb;EN-US;305293



You can suppress this behavior (set it back to how Win2k behaves):



See the Group Policy setting

Computer Configuration\Administrative Templates\System\Logon

\Always wait for the network at computer startup and logon



and

"Run Logon Scripts Synchronously"



Scripts May Not Run Before Windows Explorer Starts Even Though

the "Run Logon Scripts Synchronously" Setting is Enabled

http://support.microsoft.com/default.aspx?scid" rel="nofollow" target="_blank">support.microsoft.com/default.aspx=kb;EN-US;304970





By registry edit; Set the value SyncForegroundPolicy to 1 (REG_DWORD)

in this key:



HKEY_LOCAL_MACHINE\Software

\Policies\Microsoft\Windows NT

\CurrentVersion\Winlogon\





With a VBScript:



'--------------------8<----------------------

Set oShell = CreateObject("WScript.Shell")

sRegValue = "HKLM\Software\Policies\Microsoft\Windows NT\" _

& "CurrentVersion\Winlogon\SyncForegroundPolicy"



oShell.RegWrite sRegValue, 1, "REG_DWORD"



MsgBox "Please reboot the computer"

'--------------------8<----------------------







--

torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway

Administration scripting examples and an ONLINE version of

the 1328 page Scripting Guide:

www.microsoft.com/technet/scriptcenter/default.mspx">www.microsoft.com/technet/scriptcenter/default.mspx

-
LeonCripps

Registered User

Mon Feb 28 13:55:02 CST 2005

Re:LDAP query problems

I have tried stopping fast logon optimization and synchronous logons. This

didnt seem to work. With some fiddling with the certificates on the server I

managed to stop the autoenrolment error I was gettiong but this still leaves

me with EVENT ID 1053 and sometimes its 1054 Userenv. The script is still

stopping in exactly the same place. Is there any other way to get the current

user in vbs? I could just make a seperate script for users on these machines

however this kind of defeats the object of me having a login script which

maps by OU etc, I should only need 1.



I have tried running a sniffing tool to establish what is different about an

XP logon over a 2k logon but it seems to use the same ports etc but just more

sessions 150 compared to 2k's 100. There is no DNS traffic on port 53 and the

same ICMP packets as 2k. Im really stumped... I would like to just change the

ACLs but my hands are tied.



"Torgeir Bakken (MVP)" wrote:



Quote
Leon Cripps wrote:



>Hi there,

>

 >I am having a bit of trouble with Windows XP machines running my login

>script. The script errors on on the line:

>

 >Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)

>

 >saying the domain does not exist. Although the same script works perfectly

>well on my win 2k machines. There is however a complication, the network we

>run has 2 VLANs 1 trusted and 1 untrusted. We have ACLs which allow the

>trusted side to establish communication with the untrusted side but not visa

>versa. There is no ICMP traffic allowed accross the network either. Therefore

>if I want a win2k or winXP machine to connect to a domain on the untrusted

>side of the network from the trusted side I have to put an entry in the hosts

>and lmhosts file as the machines can be found by IP but not by name.

>

 >With these 2 files Windows 2k machines login to the domain without any

>problems however the XP machines throw up Event ID 15 autoenrollment failed

>and Event ID 1053 Userenv unable to locate domain controller, but they still

>login and retain all domain functionality. There is no way I can change the

>ACLs at we have around 200 on induvidual sites and the company responsible

>charge �£50 to make and changes to each one. But I really need to get this

>login script working accross the VLAN.

>

 >So basically my question is, is there another way to query the current user

>from AD with vbs without:

>

 >Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)

>

 >or some other variation on this?

Hi



Your problem could be caused by WinXP's "Fast Logon Optimization

Feature".



Description of the Windows XP Professional Fast Logon Optimization

Feature

http://support.microsoft.com/default.aspx?scid" rel="nofollow" target="_blank">support.microsoft.com/default.aspx=kb;EN-US;305293



You can suppress this behavior (set it back to how Win2k behaves):



See the Group Policy setting

Computer Configuration\Administrative Templates\System\Logon

\Always wait for the network at computer startup and logon



and

"Run Logon Scripts Synchronously"



Scripts May Not Run Before Windows Explorer Starts Even Though

the "Run Logon Scripts Synchronously" Setting is Enabled

http://support.microsoft.com/default.aspx?scid" rel="nofollow" target="_blank">support.microsoft.com/default.aspx=kb;EN-US;304970





By registry edit; Set the value SyncForegroundPolicy to 1 (REG_DWORD)

in this key:



HKEY_LOCAL_MACHINE\Software

\Policies\Microsoft\Windows NT

\CurrentVersion\Winlogon\





With a VBScript:



'--------------------8<----------------------

Set oShell = CreateObject("WScript.Shell")

sRegValue = "HKLM\Software\Policies\Microsoft\Windows NT\" _

& "CurrentVersion\Winlogon\SyncForegroundPolicy"



oShell.RegWrite sRegValue, 1, "REG_DWORD"



MsgBox "Please reboot the computer"

'--------------------8<----------------------







--

torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway

Administration scripting examples and an ONLINE version of

the 1328 page Scripting Guide:

www.microsoft.com/technet/scriptcenter/default.mspx">www.microsoft.com/technet/scriptcenter/default.mspx



-