AD Query / VBScript error

  • Thread starter Thread starter Latinmiguel
  • Start date Start date
L

Latinmiguel

Hello,

I am using an vbscript to read users data and create a signature. One
user is having a problem...

This is the part of the code where the error occurs:

Set objSysInfo = CreateObject("ADSystemInfo")
objSysInfo.RefreshSchemaCache
qQuery = "LDAP://" & objSysInfo.Username
Set objuser = GetObject(qQuery)



I receive an error for the líne "objSysInfo.RefreshSchemaCache" -
Active Directory (0x80070005) "General access denied error "


What rights are necessary? Can anybody help?

Thanks in advance,
Marco
 
Marco wrote:


I am using an vbscript to read users data and create a signature. One
user is having a problem...

This is the part of the code where the error occurs:

Set objSysInfo = CreateObject("ADSystemInfo")
objSysInfo.RefreshSchemaCache
qQuery = "LDAP://" & objSysInfo.Username
Set objuser = GetObject(qQuery)



I receive an error for the líne "objSysInfo.RefreshSchemaCache" -
Active Directory (0x80070005) "General access denied error "


What rights are necessary? Can anybody help?


You may need schema admin privileges. See this link:

http://msdn2.microsoft.com/en-us/library/aa705967.aspx

which says this method does a put of the schemaUpdateNow function on
RootDSE. I've never used this method. From the documentation I would say it
is only necessary if you have just modified the schema.
 
You may need schema admin privileges. See this link:

http://msdn2.microsoft.com/en-us/library/aa705967.aspx

which says this method does a put of the schemaUpdateNow function on
RootDSE. I've never used this method. From the documentation I would say it
is only necessary if you have just modified the schema.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -http://www.rlmueller.net
--
Click to expand...


None of the other users running this script is having schema admin
privileges...
If I clear this line the script does not run...

Any further suggestions?
 
None of the other users running this script is having schema admin
privileges...
If I clear this line the script does not run...

Any further suggestions?
Click to expand...

The ADSystemInfo object is available on any client with Windows 2000 or
above. The computer needs to be joined to the domain and the user must be
authenticated to the domain. The only time I've seen this code fail is when
the user is not authenticated (or is logged in locally instead of to the
domain).

I've never used RefreshSchemaCache (or seen it used). I just tried it. It
ran fine with an account that is a member of Domain Admins, but raised the
"General access denied" error when run by normal user. When I remove the
call to RefreshSchemaCache, the normal user can run the code fine. There
must be some other problem, because this is very common code. If you are
logged in locally and not authenticated to the domain, an error is raised
when you attempt to retrieve UserName.
 
Back
Top