Phil- If you copied and pasted from Joe's message, you may have lost something in the process. I *think* that Joe's message was in HTML format, and that hid some brackets that you'll need. Make sure that the line
objCommand.CommandText = "LDAP://cd=YourDomain,dc=local;"; Actually includes the brackets like this: objCommand.CommandText = "<LDAP://dc=YourDomain,dc=local>;" And that the domain names get replaced to reflect your environment Hunter ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, February 09, 2004 1:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADUC - User logon name (is empty) Thanks for all the help all, I don't think the user log on name is related to the isa server issue some pointed this out to me. JOE P. I like your script looks good, only wish I could get pass that line 22 error I keep getting in my test box with it. But I'll work on figuring it out; it can't be that hard to find the problem. PS. I love this mailing list thing. ________________________________ From: Joe Pochedley [mailto:[EMAIL PROTECTED] Sent: Monday, February 09, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADUC - User logon name (is empty) This is very common in domains that were upgraded from NT4. The new Login name is called the Universal Principal Name (UPN) and basically allows the user to specify an email style login ([EMAIL PROTECTED]) instead of the NT4 style Username, Password, Domain ( or Domain\Username) style... Here's a script that I wrote that will do exactly what you want... Be sure to replace the YourDomain and local entries with your actual domain name for the LDAP query and the UPN suffix areas (in the ObjUserUPN= line) Also be sure to change the path to the logfile to a directory you have available... If you want to see what items are going to be changed, comment out the line with " objUser.SetInfo " by putting a ' at the beginning, then you can review the logfile to see the changes. Finally, I don't believe that ISA server relies on the UPN name being present for authentication, so I don't know if this will help your problem (we ran ISA just fine without UPN names for many months). (Watch for wrapping!) ' --- Begin Script here Const ForReading = 1 Const ForWriting = 2 Const ForAppending = 8 logfile = "C:\TEMP\BatchAddUPN.log" Set fso = CreateObject("Scripting.FileSystemObject") Set fsOut = fso.OpenTextFile(logfile, ForAppending, True) Set objConnection = CreateObject("ADODB.Connection") Set objConnection = CreateObject("ADODB.Connection") objConnection.Open "Provider=ADsDSOObject;" Set objCommand = CreateObject("ADODB.Command") objCommand.ActiveConnection = objConnection objCommand.CommandText = " <ldap://dc=YourDomain,dc=> LDAP://dc=YourDomain,dc= <ldap://dc=YourDomain,dc=local> local;" &_ "(&(objectCategory=person)(objectClass=user));" & "ADsPath;subtree" objCommand.Properties("Page Size") = 10000 Set objRecordSet = objCommand.Execute While Not objRecordset.EOF strADsPath = objRecordset.Fields("ADsPath") Set objUser = GetObject(strADsPath) If objUser.userPrincipalName = "" Then ObjUserUPN = objUser.samaccountname & "@YourDomain.local" fsOut.WriteLine (objUser.name & " UPN Set to ") & ObjUserUPN objuser.Put "userPrincipalName", ObjUserUPN objUser.SetInfo End if objrecordset.MoveNext Wend objConnection.Close fsOut.Close WScript.Echo "Script Complete!" ' End of Script Joe Pochedley Weiler's Law - Nothing is impossible for the man who doesn't have to do it himself. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, February 09, 2004 12:28 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADUC - User logon name (is empty) Hey, guys this is my first? On here so here we go. AD users and computers - User account properties - Accounts tab. User logon name (field) is empty but the User logon name (pre-windows 2000) has the proper user account name. Is there anything that would allow me to copy the pre windows 2000 field which holds the user account name, to the User log on name field (where it should be). I think we have been running into authentication issues because that field isn't populated. I.e. Isa server prompts for username and password to get outside access and AD account info should be used to authenticate, I believe it's due to the User log on name field being blank. Thanks for your time, Phil This electronic mail and any attachments are intended only for the use of the intended recipient and may contain trade secrets, privileged or otherwise confidential information. Unauthorized review, use or dissemination of this electronic mail or the information contained herein or attached hereto by any person other than the intended recipient is prohibited. If you have received this message in error, or believe you are not authorized to receive this message, please contact: Yellow Book USA Help Desk at [EMAIL PROTECTED] This electronic mail and any attachments are intended only for the use of the intended recipient and may contain trade secrets, privileged or otherwise confidential information. Unauthorized review, use or dissemination of this electronic mail or the information contained herein or attached hereto by any person other than the intended recipient is prohibited. If you have received this message in error, or believe you are not authorized to receive this message, please contact: Yellow Book USA Help Desk at [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
