First, to the original question... If you still haven't solved your ISA
problem, head on over to www.ISAServer.org... There's lots of great
documentation, great forums and a great mailing list all dedicated to
ISA server there...
What Joe(@joeware.net) said is generally correct, but I have run into
instances where if the UPN is not actually specified in then it just
doesn't seem to work. In my particular instance, we implemented IAS
server to authenticate roaming Internet users and for some users the
authentication would continually fail until I specifically filled in
their UPN name (and yes I'm sure their standard login name and the
username portion of the UPN were the same)... Hence the reason for the
script, to fill in the UPN's for all the users who had been part of the
original NT4 domain.
Hunter is correct. Since I replied to the original message, which was
in HTML, my reply was also in HTML... Grrr... Damn HTML... Here's the
script again, in plain text this time FWIW...
' Begin Script
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
logfile = "C:\TEMP\BatchAddUPN.log"
Set fso = CreateObject("Scripting.FileSystemObject")
Set fsOut = fso.OpenTextFile(logfile, ForAppending, True)
Set objConnection = CreateObject("ADODB.Connection")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = "<LDAP://dc=YourDomain,dc=local>;" &_
"(&(objectCategory=person)(objectClass=user));" & "ADsPath;subtree"
objCommand.Properties("Page Size") = 10000
Set objRecordSet = objCommand.Execute
While Not objRecordset.EOF
strADsPath = objRecordset.Fields("ADsPath")
Set objUser = GetObject(strADsPath)
If objUser.userPrincipalName = "" Then
ObjUserUPN = objUser.samaccountname & "@YourDomain.local"
fsOut.WriteLine (objUser.name & " UPN Set to ") & ObjUserUPN
objuser.Put "userPrincipalName", ObjUserUPN
objUser.SetInfo
End if
objrecordset.MoveNext
Wend
objConnection.Close
fsOut.Close
WScript.Echo "Script Complete!"
' End Script
Joe Pochedley
Weiler's Law - Nothing is impossible for the man who doesn't have to do
it himself.
-----Original Message-----
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Monday, February 09, 2004 5:01 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADUC - User logon name (is empty)
Phil-
If you copied and pasted from Joe's message, you may have lost something
in
the process. I *think* that Joe's message was in HTML format, and that
hid
some brackets that you'll need.
Make sure that the line
objCommand.CommandText = "LDAP://cd=YourDomain,dc=local;";
Actually includes the brackets like this:
objCommand.CommandText = "<LDAP://dc=YourDomain,dc=local>;"
And that the domain names get replaced to reflect your environment
Hunter
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, February 09, 2004 1:50 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADUC - User logon name (is empty)
Thanks for all the help all,
I don't think the user log on name is related to the isa server issue
some
pointed this out to me.
JOE P. I like your script looks good, only wish I could get pass that
line
22 error I keep getting in my test box with it. But I'll work on
figuring it
out; it can't be that hard to find the problem.
PS. I love this mailing list thing.
________________________________
From: Joe Pochedley [mailto:[EMAIL PROTECTED]
Sent: Monday, February 09, 2004 2:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADUC - User logon name (is empty)
This is very common in domains that were upgraded from NT4. The new
Login
name is called the Universal Principal Name (UPN) and basically allows
the
user to specify an email style login ([EMAIL PROTECTED]) instead
of
the NT4 style Username, Password, Domain ( or Domain\Username) style...
Here's a script that I wrote that will do exactly what you want...
Be sure to replace the YourDomain and local entries with your actual
domain
name for the LDAP query and the UPN suffix areas (in the ObjUserUPN=
line)
Also be sure to change the path to the logfile to a directory you have
available...
If you want to see what items are going to be changed, comment out the
line
with " objUser.SetInfo " by putting a ' at the beginning, then you can
review the logfile to see the changes.
Finally, I don't believe that ISA server relies on the UPN name being
present for authentication, so I don't know if this will help your
problem
(we ran ISA just fine without UPN names for many months).
(Watch for wrapping!)
' SNIP
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
