+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Thread, How to work out domain string (LDAP I think) in Technical; Hopefully someone can correct/help me - I have a line that looks like this: cn=Joe,cn=users,OU=strOU,dc=MyDom,dc=com How do I work out ...
  1. #1

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,258
    Thank Post
    962
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164

    How to work out domain string (LDAP I think)

    Hopefully someone can correct/help me - I have a line that looks like this:

    cn=Joe,cn=users,OU=strOU,dc=MyDom,dc=com

    How do I work out what to put where. As in what is the syntax.

    Any pointers to websites that help also appreciated - that way I can teach myself.

    Cheers

    Gareth

  2. #2
    apoth0r's Avatar
    Join Date
    Apr 2007
    Location
    Northants
    Posts
    1,221
    Thank Post
    151
    Thanked 180 Times in 132 Posts
    Rep Power
    51
    cn=Joe(username?),cn=users(group they are a member of),OU=strOU(organisational unit),dc=MyDom(domain - school),dc=com(.county.sch.uk)

    Don't quote me, but it's my guesstimate on what it is after

  3. Thanks to apoth0r from:

    garethedmondson (9th September 2009)

  4. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,524
    Thank Post
    513
    Thanked 2,399 Times in 1,859 Posts
    Blog Entries
    24
    Rep Power
    821
    Quote Originally Posted by apoth0r View Post
    cn=Joe(username?),cn=users(group they are a member of),OU=strOU(organisational unit),dc=MyDom(domain - school),dc=com(.county.sch.uk)

    Don't quote me, but it's my guesstimate on what it is after
    Ok. Imagine in your Active Directory/LDAP server you have the following structure

    Domain: my.domain.co.uk

    Staff
    -> Art
    -> Fred Bloggs

    Staff and Art would be OU's (Organisational Units). Fred Bloggs is a User, so you refer to it by its CN (Common Name).

    So, the string for that would be

    CN=Fred Bloggs,OU=Art,OU=Staff,DC=My,DC=Domain,DC=Co,DC=UK

    You can have more levels of CN's though, for example in an active directory the 'Users' container is also a CN, so if Fred Bloggs had been in there, the string would have been

    CN=Fred Bloggs,CN=Users,DC=My,DC=Domain,DC=Co,DC=UK

    Every part of the path is a seperate item, so your domain has to be split into its component parts.
    Hope this helps.

  5. Thanks to localzuk from:

    garethedmondson (9th September 2009)

  6. #4

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,479
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    Or do what I do - download ADExplorer from the Microsoft Sysinternals website. It'll give you the proper ldap string for any object

  7. Thanks to Soulfish from:

    garethedmondson (9th September 2009)

  8. #5

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,258
    Thank Post
    962
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164
    So with that in mind I've tried to break it down into it's component parts:

    OU=Curriculum-v1, OU=Workstations, OU=Secondary Schools, OU=YGGwyr, OU=Local, OU=ManagedWorkstations, OU=strOU, DC=school, DC=education, DC=swansea, DC=SCH, DC=UK

    Ahha - ADExplorer gave it different:

    OU=strOU, OU=ManagedWorkstations,OU=Local,OU=YGGwyr,OU=Secon dary Schools,OU=Workstations,OU=Curriculum-v1,DC=school,DC=education,DC=swansea,DC=sch,DC=uk

    So I wasn't far wrong

    Where I have put OU=strOU - that is meant to be replaced by a string variable entered by the user. If that makes sense. Would it work like that or does it need to be put in different?

    I'm trying to adapt a script that lets the user tell a WDS image where to drop itself in the LEA AD structure.

    OU=YGGwyr is my school.

    Gareth
    Last edited by garethedmondson; 9th September 2009 at 04:09 PM.

  9. #6

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,258
    Thank Post
    962
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164
    Quote Originally Posted by Soulfish View Post
    Or do what I do - download ADExplorer from the Microsoft Sysinternals website. It'll give you the proper ldap string for any object
    LOL - just seen this after my last post. Am trying it now.

    GJE

  10. #7
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    30
    Easiest way to remember is work backwards, when trying to figure it out. Just open AD, find the user, than work backwards from the top of the tree downwards.

    domain.local
    container0
    container1
    container3
    -- group 1
    -- group 2
    ---- user 1


    user1, group2, container3, domain, local and the such

  11. Thanks to ahuxham from:

    garethedmondson (9th September 2009)

  12. #8

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,258
    Thank Post
    962
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164
    So I've adapted this script with what people have said and it works upto the line where it tries to add to the domain.

    Code:
     
    Const JOIN_DOMAIN = 1
    Const ACCT_CREATE = 2
    Const ACCT_DELETE = 4
    Const WIN9X_UPGRADE = 16
    Const DOMAIN_JOIN_IF_JOINED = 32
    Const JOIN_UNSECURE = 64
    Const MACHINE_PASSWORD_PASSED = 128
    Const DEFERRED_SPN_SET = 256
    Const INSTALL_INVOCATION = 262144
    Password = "setup"
    Username = "school\ygg-ris"
    Name = InputBox("Please enter a computer name:", "Rename Computer")
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colComputers = objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
    For Each objComputer in colComputers
    err = objComputer.Rename(Name, Password, Username)
     
    Name = InputBox("Please enter where in the Gwyr AD you would like to put this:", "Place in OU")
    Set objUser = GetObject("ldap://school.education.swansea.sch.uk/ OU=ManagedWorkstations,OU=Local,OU=YGGwyr,OU=Secondary Schools,OU=Workstations,OU=Curriculum-v1,DC=school,DC=education,DC=swansea,DC=sch,DC=uk")
    If Err.Number = 0 Then
    WScript.Echo "Successfully renamed computer to " & name & "!"
    WScript.Echo "System will now restart for change to take effect!"
    Call Restart
    Else
    WScript.Echo "An error occurred renaming the computer!"
    WScript.Echo "Error Number: " & Err.Number
    WScript.Echo "Error message: " & Err.Description
    End If 
    Next
    Sub Restart
    Dim wshShell
    Set wshShell = CreateObject("WScript.Shell")
    wshShell.Run "%WINDIR%\System32\shutdown.exe /r /t 0 /f /d p:2:4", 0
    End Sub
    The line causing me problems is:

    Code:
     
    Set objUser = GetObject("ldap://school.education.swansea.sch.uk/ OU=ManagedWorkstations,OU=Local,OU=YGGwyr,OU=Secondary Schools,OU=Workstations,OU=Curriculum-v1,DC=school,DC=education,DC=swansea,DC=sch,DC=uk")
    Any advice welcome,

    The error message says:

    An operations error occured
    80072020


    GJE

  13. #9
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Not quite sure how to place it in your script yet but when I need to find the domain string I use this.

    Code:
    Set objDomain = getObject("LDAP://rootDse")
    DomainString = Wshnetwork.UserDomain

  14. Thanks to cookie_monster from:

    garethedmondson (9th September 2009)

  15. #10
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    908
    Thank Post
    34
    Thanked 131 Times in 111 Posts
    Rep Power
    40
    When binding, you have to use a common name as the first component.

    Also, you want to edit it to read:

    Code:
    Set objUser = GetObject("ldap:// OU=ManagedWorkstations,OU=Local,OU=YGGwyr,OU=Secondary Schools,OU=Workstations,OU=Curriculum-v1,DC=school,DC=education,DC=swansea,DC=sch,DC=uk")
    But you'll still need a CN... or search your LDAP domain for the user and return a pre-built (I think) distinguished name

    Hey, Scripting Guy! How Can I Bind to a User Account Using Something Other Than the CN Attribute?

    Scripting guy may provide some insight for you.

  16. Thanks to DrPerceptron from:

    garethedmondson (9th September 2009)

  17. #11

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Drop the FQDN from it:

    Code:
    Set objOU = GetObject("ldap://OU=ManagedWorkstations,OU=Local,OU=YGGwyr,OU=Secondary Schools,OU=Workstations,OU=Curriculum-v1,DC=school,DC=education,DC=swansea,DC=sch,DC=uk")
    Note I've changed the variable to "objOU" because it will return an OU object. Plus what I can't see in there is any subsequent domain joining code - did you skip posting that bit?

  18. Thanks to PiqueABoo from:

    garethedmondson (9th September 2009)

  19. #12

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,258
    Thank Post
    962
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164
    Quote Originally Posted by PiqueABoo View Post
    Drop the FQDN from it:

    Code:
    Set objOU = GetObject("ldap://OU=ManagedWorkstations,OU=Local,OU=YGGwyr,OU=Secondary Schools,OU=Workstations,OU=Curriculum-v1,DC=school,DC=education,DC=swansea,DC=sch,DC=uk")
    Note I've changed the variable to "objOU" because it will return an OU object. Plus what I can't see in there is any subsequent domain joining code - did you skip posting that bit?
    Hi - no the sysprep.ini file joins the domain for me. I have thought about taking that bit out of the sysprep.ini file - but haven't got there yet.

    Basically this is what happens:

    1. image installs from WDS
    2. Post-image script is run (the one I posted)
    3. Script asks user for the new name
    4. Script changes the machine name from the one created by syspref.ini to the one provided in step 3
    4. The script should then ask the user where in the Gwyr AD structure would I like to put the machine (I have not added this)
    5. The script should then drop the machine into the correct OU container in our part of the AD>

    I found the script for renaming the machines on the internet and am trying to edit it to include steps 4 and 5 above.

    I'm not a scripter. This is the first I have ever done - but I am trying to learn by reading other people's scripts and asking advice.

    Will try everyone's suggestions in the morning,

    GJE

  20. #13

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I am trying to learn by reading other people's scripts and asking advice
    Ok I've attached a BDD/MDT script that might be a [useful|confusing|both] reference. It's in a WSF wrapper, but the code is VBS. This moves a computer that has already been joined to the domain from wherever it is now to a given OU. In this case all the info required for the move is already present in a bunch of environment variables.
    Attached Files Attached Files

  21. Thanks to PiqueABoo from:

    garethedmondson (9th September 2009)

  22. #14
    mortstar's Avatar
    Join Date
    Jan 2007
    Location
    Oxford
    Posts
    341
    Thank Post
    12
    Thanked 29 Times in 18 Posts
    Rep Power
    21
    Using WDS it is pretty simple to get it to automatically join the domain with the correct machine name and in the OU you require.

    All you need do is create a new Computer object for each machine (you do this 1 time and once it is set you don't need to do it again - you can create the Computer object in any OU you want) and when asked if it is managed tick yes. You can either use the GUID or the machine's MAC preceeded by 20 zeros (a whole bunch of our Evesham built machines have no GUID so we use the MAC address option). Now when WDS is imaging the machine it 'knows' which machine it is.

    You need to change the sysprep to join domain (I can post our sysprep file if you are interested).

    Then when you deploy the image the machine is named correctly and added to the domain automatically.

    Simples

  23. Thanks to mortstar from:

    garethedmondson (9th September 2009)

  24. #15

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,258
    Thank Post
    962
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164
    Quote Originally Posted by mortstar View Post
    Using WDS it is pretty simple to get it to automatically join the domain with the correct machine name and in the OU you require.

    All you need do is create a new Computer object for each machine (you do this 1 time and once it is set you don't need to do it again - you can create the Computer object in any OU you want) and when asked if it is managed tick yes. You can either use the GUID or the machine's MAC preceeded by 20 zeros (a whole bunch of our Evesham built machines have no GUID so we use the MAC address option). Now when WDS is imaging the machine it 'knows' which machine it is.

    You need to change the sysprep to join domain (I can post our sysprep file if you are interested).

    Then when you deploy the image the machine is named correctly and added to the domain automatically.

    Simples
    Hi Mortstar,

    Excuse my ignorance with this. Is this what they call prestaging? I get the concept of this but I'm not sure how it works by only creating the computer object once. What if you have sixty machines of the same spec? In the same room?

    For example in my room we have ygg-tg01-01 all the way through to ygg-tg01-30

    The way I have wanted to do it is as close to RIS custom build that we can get (and similar to RM's build CC3 build).

    Thanks for your advice,

    GJE

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Domain controller: LDAP server signing requirements
    By cookie_monster in forum Windows Server 2008
    Replies: 0
    Last Post: 11th August 2009, 08:56 AM
  2. Java Won't Work As Domain Users!
    By DreddMetal in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 5th May 2009, 11:25 AM
  3. Mysql - pre-pend to string
    By danIT in forum Coding
    Replies: 3
    Last Post: 9th January 2009, 06:17 PM
  4. Replies: 8
    Last Post: 16th October 2007, 09:57 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •