Joystik59 0 Posted January 18, 2011 Hi all, Have a problem with authenticating to a different domain. Have searched the forums, but could not find a solution. Preliminary info: DomainA - Server 2003 R2 - Functional Level 2003 DomainB - Server 2003 - Functional Level 2000 User ID and PW's are the same in both domains. My XP workstation is in DomainA Using the following code, I do get back an array of information for my user ID when using the vars for DomainA. If I switch the vars to DomainB, I get a return code of '0' (failure) on the _ad_open, and an error code of '8'. I did run Water's little script to get the $sAD_ConfigurationParam info on the DomainB DC, so I believe it is correct. I have been able to get information from both domains using an ADODB connection and setting the appropriate properties, however I would rather use the ad.au3 functions, as they are much simpler to use. Any assistance would be appreciated. Thanx in advance. $strUserID = "myuserid" $strPW = "mypassword" $strDomain = "dc=DomainA,dc=org" $strDomainController = "DC-A.DomainA.org" ;$strDomain = "dc=DomainB,dc=org" ;$strDomainController = "DC-B.DomainB.org" $intADOpenRet = _AD_Open($strUserID, $strPW, $strDomain, $strDomainController, "CN=Configuration," & $strDomain) $intADOpenErr = @Error Consolewrite("$intADOpenRet = " & $intADOpenRet & @CRLF) Consolewrite("$intADOpenErr = " & $intADOpenErr & @CRLF) $aProperties = _AD_GetObjectProperties($strUserID) _ArrayDisplay($aProperties) _AD_Close() Share this post Link to post Share on other sites
water 2,391 Posted January 18, 2011 do you have a windows vista or windows 7 client in domain a? You can get detailed error information as described in the _ad_open example. My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - WikiOutlookEX (NEW 2020-12-15 - Version 1.6.3.1) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2020-06-27 - Version 1.3.2.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsPowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & SupportExcel - Example Scripts - WikiWord - WikiTask Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - WikiTutorials:ADO - Wiki, WebDriver - Wiki Share this post Link to post Share on other sites
Joystik59 0 Posted January 18, 2011 I ran the example script on a Windows 2008 server. Got @error 8; @extended -2147352567. I'll have to keep searching if you still want me to run it on Win 7. BTW - thanx for the incredibly fast response. Share this post Link to post Share on other sites
water 2,391 Posted January 19, 2011 (edited) There seems to be a problem with OpenDsObject. Could you please set line 159 toGlobal Const $ADS_USE_ENCRYPTION = 0x0and comment (deactivate) line$oAD_Connection.Properties("Encrypt Password") = True ; Encrypts userid and password Edited January 19, 2011 by water My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - WikiOutlookEX (NEW 2020-12-15 - Version 1.6.3.1) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2020-06-27 - Version 1.3.2.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsPowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & SupportExcel - Example Scripts - WikiWord - WikiTask Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - WikiTutorials:ADO - Wiki, WebDriver - Wiki Share this post Link to post Share on other sites
Joystik59 0 Posted January 19, 2011 There seems to be a problem with OpenDsObject. Could you please set line 159 toGlobal Const $ADS_USE_ENCRYPTION = 0x0and comment (deactivate) line$oAD_Connection.Properties("Encrypt Password") = True ; Encrypts userid and password Same error. Share this post Link to post Share on other sites
water 2,391 Posted January 19, 2011 (edited) Could you please insert the following code before$iAD_Debug = 2 Local $sAD_Hive = "HKLM" If @OSArch = "IA64" Or @OSArch = "X64" Then $sAD_Hive = "HKLM64" Local $sAD_OSVersion = RegRead($sAD_Hive & "\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentVersion") $sAD_OSVersion = StringSplit($sAD_OSVersion, ".") Msgbox(0,"", "Osversion: " & $sAD_OSVersion)and after your call to _AD_Open and post the results?Global $aError = _AD_GetLastADSIError() _ArrayDisplay($aError)Edit: What comes to my mind: Could you please use the NetBIOS name to login?$strUserID = "DomainB\myuserid" Edited January 19, 2011 by water My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - WikiOutlookEX (NEW 2020-12-15 - Version 1.6.3.1) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2020-06-27 - Version 1.3.2.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsPowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & SupportExcel - Example Scripts - WikiWord - WikiTask Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - WikiTutorials:ADO - Wiki, WebDriver - Wiki Share this post Link to post Share on other sites
Joystik59 0 Posted January 19, 2011 Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced $bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION) with $bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND) And it seems to work fine. Share this post Link to post Share on other sites
water 2,391 Posted January 20, 2011 (edited) Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced $bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION) with$bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND) And it seems to work fine. But removing the $ADS_USE_ENCRYPTION flag or setting it to 0x0 (as I suggested ) should yield the same result. Don't understand the difference The next version will include a new flag to use SSL and password encryption (as soon as I find a good docu on the internet - because M$s docu is very, very bad on this flags). Edited January 23, 2011 by water My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - WikiOutlookEX (NEW 2020-12-15 - Version 1.6.3.1) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2020-06-27 - Version 1.3.2.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsPowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & SupportExcel - Example Scripts - WikiWord - WikiTask Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - WikiTutorials:ADO - Wiki, WebDriver - Wiki Share this post Link to post Share on other sites
bluechipps 0 Posted February 7, 2011 Did some more playing. Seems to be the $bAD_BindFlags parm and encryption. I replaced $bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND, $ADS_USE_ENCRYPTION) with $bAD_BindFlags = BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND) And it seems to work fine. Thank you thank you! Spent all day trying to figure out why it wasn't working. I could get it working on same server using a simple vb script with same parameters, but _AD_Open() kept throwing errors like yours. Share this post Link to post Share on other sites