hi, WMI Hangs (John Watson)
I had a similar problem. in my case this particular server was not reachable via dns or hosts. so wmi has problem when nameresolution is not proper configured. so long volker strasser -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Freitag, 9. Juli 2004 19:44 To: [EMAIL PROTECTED] Subject: Perl-Win32-Admin Digest, Vol 6, Issue 6 Send Perl-Win32-Admin mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Perl-Win32-Admin digest..." Today's Topics: 1. WMI Hangs (John Watson) 2. Using Perl from IIS to enable and disable accounts. (Michael H. Martel) 3. RE: Using Perl from IIS to enable and disable accounts. (Spitzer, Robert L. (Newport News)) 4. RE: Using Perl from IIS to enable and disable accounts. (Michael H. Martel) 5. RE: Using Perl from IIS to enable and disable accounts. (Steven Manross) 6. adsi user groups enumeration (Martin Douglas) 7. RE: adsi user groups enumeration (henry isham) ---------------------------------------------------------------------- Message: 1 Date: Thu, 8 Jul 2004 21:38:48 -0400 From: "John Watson" <[EMAIL PROTECTED]> Subject: WMI Hangs To: <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" I have this strange problem. I have a script which calls a series of servers executing a WMI call against each of them. One one particular machine, it fails. In fact, the OLE call to the remote server hangs, never to return, causing my script to stop processing. The script exhibits the same behavior just processing that particular server, and it exhibits the same behavior if I reduce the script to nothing but the WMI call. Now, obviously, there is something wrong with that server, but more importantly, I'd prefer for the script to fail gracefully rather than just hang. Obviously I could skip that server, or even fix it, but that wouldn't prevent the problem from happening on other servers. Here is a code snippet: print ("before WMI\n"); my $wmisuccess = $wmiservices = Win32::OLE->GetObject("winmgmts:{impersonationLevel=impersonate,(security)}/ /$computer"); print ("after WMI\n"); The "after WMI" trace is never seen. The server in question is a W2K server, nothing particularly unusual about it. The script runs under an admin account. I've searched for some way to tell OLE to time out, or to test something before the WMI call, both without success. Anyone have any thoughts on how I can keep the script from hanging on the failed WMI call? Thanks, John. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://ASPN.ActiveState.com/ASPN/Mail/Browse/Threaded/perl-win32-admin/attac hments/20040708/cb53e6ec/attachment-0001.htm ------------------------------ Message: 2 Date: Fri, 09 Jul 2004 07:16:03 -0400 From: "Michael H. Martel" <[EMAIL PROTECTED]> Subject: Using Perl from IIS to enable and disable accounts. To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii; format=flowed Hello! I'm using ActiveState Perl v5.8.4 on Windows Server 2003. I'm trying to call a perl script to enable or disable Active Directory accounts. The code I'm using works fine at the command prompt, but I suspect that's becuase I'm logged in as an Administrator. Below is the code I'm using and the error message I'm getting. ############## begin code snippet ################ $distinguished_name = "CN=theuser,OU=People,DC=vsc,DC=edu" $strADsPath = "LDAP://dc=vsc,dc=edu";; $user = "[EMAIL PROTECTED]"; $password = "his_super_secret_password"; my $objNameSpace = Win32::OLE->GetObject ('LDAP:') or die ("Cannot create LDAP object"); my $objObjSec = $objNameSpace->OpenDSObject($strADsPath, $user, $password, 1); my $objUser = Win32::OLE->GetObject("LDAP://"; . $distinguished_name ); $objUser->{AccountDisabled} = 1 ; $objUser->SetInfo; ############### end code snippet ################## Everything works up to the SetInfo call. When I try and call it I get this message. General access denied error Win32::OLE(0.1701) error 0x80070005: "Access is denied" in METHOD/PROPERTYGET "SetInfo" at c:\inetpub\wwwroot\vscwebadmin\t1.pl line 698 HTTP/1.0 200 OK I'm assuming it's some sort of Authentication issue, but I can't for the life of me figure out how to get around it. Having the IIS service run as an Administrator is _not_ an option. :-) Thanks for any thoughts you've got! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator [EMAIL PROTECTED] | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------------ Message: 3 Date: Fri, 9 Jul 2004 07:54:48 -0400 From: "Spitzer, Robert L. (Newport News)" <[EMAIL PROTECTED]> Subject: RE: Using Perl from IIS to enable and disable accounts. To: "'Michael H. Martel'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain Michael, If you turn off Windows Integrated Authentication and Anonymous Authentication and enable Basic, IIS will use the credentials entered in the browser prompt to run the script. Hope this helps. Rob -----Original Message----- From: Michael H. Martel [mailto:[EMAIL PROTECTED] Sent: Friday, July 09, 2004 7:16 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Using Perl from IIS to enable and disable accounts. Hello! I'm using ActiveState Perl v5.8.4 on Windows Server 2003. I'm trying to call a perl script to enable or disable Active Directory accounts. The code I'm using works fine at the command prompt, but I suspect that's becuase I'm logged in as an Administrator. Below is the code I'm using and the error message I'm getting. ############## begin code snippet ################ $distinguished_name = "CN=theuser,OU=People,DC=vsc,DC=edu" $strADsPath = "LDAP://dc=vsc,dc=edu";; $user = "[EMAIL PROTECTED]"; $password = "his_super_secret_password"; my $objNameSpace = Win32::OLE->GetObject ('LDAP:') or die ("Cannot create LDAP object"); my $objObjSec = $objNameSpace->OpenDSObject($strADsPath, $user, $password, 1); my $objUser = Win32::OLE->GetObject("LDAP://"; . $distinguished_name ); $objUser->{AccountDisabled} = 1 ; $objUser->SetInfo; ############### end code snippet ################## Everything works up to the SetInfo call. When I try and call it I get this message. General access denied error Win32::OLE(0.1701) error 0x80070005: "Access is denied" in METHOD/PROPERTYGET "SetInfo" at c:\inetpub\wwwroot\vscwebadmin\t1.pl line 698 HTTP/1.0 200 OK I'm assuming it's some sort of Authentication issue, but I can't for the life of me figure out how to get around it. Having the IIS service run as an Administrator is _not_ an option. :-) Thanks for any thoughts you've got! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator [EMAIL PROTECTED] | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ------------------------------ Message: 4 Date: Fri, 09 Jul 2004 08:06:21 -0400 From: "Michael H. Martel" <[EMAIL PROTECTED]> Subject: RE: Using Perl from IIS to enable and disable accounts. To: "Spitzer, Robert L. (Newport News)" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii; format=flowed --On Friday, July 9, 2004 4:54 AM -0700 "Spitzer, Robert L. (Newport News)" <[EMAIL PROTECTED]> wrote: > If you turn off Windows Integrated Authentication and Anonymous > Authentication and enable Basic, IIS will use the credentials entered in > the browser prompt to run the script. Hope this helps. Hmm ... I have Windows Integrated on, and Basic on. Let's see ... Nope. I get the same error message, I even restarted the IIS Service to make sure it took. Thanks for the idea though! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator [EMAIL PROTECTED] | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------------ Message: 5 Date: Fri, 9 Jul 2004 09:15:50 -0700 From: "Steven Manross" <[EMAIL PROTECTED]> Subject: RE: Using Perl from IIS to enable and disable accounts. To: "Michael H. Martel" <[EMAIL PROTECTED]>, "Spitzer, Robert L. (Newport News)" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" The local admin or Domain admin? If local (and IIS is not on a DC) then yes, that may be your problem, Because the local admin won't have access (what's the error you are getting.. That'll tell us right away. 0x80070005 ??? -- I think that's Access denied...) print Win32::OLE->LastError()."\n"; #assuming you are using OLE to access AD. IIS 6 supports full pass-through NT Domain authentication. Users shouldn't have to enter logins/pws in any boxes if it's all set up correctly and the IIS box is seen in the local intranet zone. There's lots of things to check to make sure it's working, but the short list is to make sure that: -the IIS computer account is set to "Trust Computer for Delegation". (so the user's credential are able to pass through the IIS box to AD) -NTLM is the only auth mechanism for IIS -the client is seeing this IIS server in the local intranet zone (when all else fails add an entry in the client's local intranet site list) -the client computer is set to "Enable Integrated Windows Authentication (requires restart)" -check the NTFS perms on the IIS pages to make sure they have access. -- you might need to run the adsutil.vbs from the adminscripts directory to reset NTLM auth, but it's only a rare circumstance that it needs to get reset, and depending on the auth on the rest of the system, I wouldn't want to blanketly have you change it without knowing what else on the box we could break if we set the auth at the wrong level. Let me know if you have any other problems from there.. I have made this work in a lot of situations. Steven -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael H. Martel Sent: Friday, July 09, 2004 5:06 AM To: Spitzer, Robert L. (Newport News); [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Using Perl from IIS to enable and disable accounts. --On Friday, July 9, 2004 4:54 AM -0700 "Spitzer, Robert L. (Newport News)" <[EMAIL PROTECTED]> wrote: > If you turn off Windows Integrated Authentication and Anonymous > Authentication and enable Basic, IIS will use the credentials entered in > the browser prompt to run the script. Hope this helps. Hmm ... I have Windows Integrated on, and Basic on. Let's see ... Nope. I get the same error message, I even restarted the IIS Service to make sure it took. Thanks for the idea though! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator [EMAIL PROTECTED] | Vermont State Colleges http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 _______________________________________________ Perl-Win32-Web mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ------------------------------ Message: 6 Date: Fri, 09 Jul 2004 13:22:48 -0400 From: Martin Douglas <[EMAIL PROTECTED]> Subject: adsi user groups enumeration To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed All I want to do is print out the groups a user belongs to. I searched the list for 'group' but came up with nothing. Here is my code: #! C:\perl\bin\perl use strict; use warnings; # script modules usage use Win32::OLE; # base functionality # attach to user and my $oUser = Win32::OLE->GetObject("LDAP://cn=username,DC=test,DC=ca";); my (@aGroups, $sGroup); @aGroups = $oUser->GetEx('memberOf'); foreach $sGroup (@aGroups) { print "Group is: $sGroup\n"; } I have also tried: @aGroups = $oUser->Groups to no avail. I definitely is friday afternoon here, I can't get anything done. Any help? martin -- ***************************************************************** Martin Douglas (martin at you double-you oh dot see eh) ITS Network Operations Information Technology Services Natural Sciences Centre, Room 209 University of Western Ontario (519) 661-2111 x81187 ------------------------------ Message: 7 Date: Fri, 9 Jul 2004 13:43:39 -0400 From: "henry isham" <[EMAIL PROTECTED]> Subject: RE: adsi user groups enumeration To: "Martin Douglas" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="utf-8" Try this. I found this online.. Other scripts from the same source worked for me. Good luck. -Henry # ------ SCRIPT CONFIGURATION ------ my $strUserDN = "<UserDN>"; # e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com # ------ END CONFIGURATION --------- use Win32::OLE 'in'; $Win32::OLE::Warn = 3; my $objUser = Win32::OLE->GetObject("LDAP://"; . $strUserDN); print "Group membership for ", $objUser->Get("cn"), ":\n"; my $strSpaces = ""; my %dicSeenGroup; DisplayGroups("LDAP://$strUserDN";, $strSpaces, %dicSeenGroup); sub DisplayGroups { my ($strObjectADsPath, $strSpaces, %dicSeenGroup) = @_; my $objObject = Win32::OLE->GetObject($strObjectADsPath); print $strSpaces, $objObject->Name,"\n"; if ($objObject->Get("memberOf")) { $colGroups = $objObject->Get("memberOf"); } foreach my $strGroupDN (in $colGroups) { if (not $dicSeenGroup{$strGroupDN}) { $dicSeenGroup{$strGroupDN} = 1; DisplayGroups("LDAP://"; . $strGroupDN, $strSpaces . " ", %dicSeenGroup); } } } -----Original Message----- From: [EMAIL PROTECTED] on behalf of Martin Douglas Sent: Fri 7/9/2004 1:22 PM To: [EMAIL PROTECTED] Cc: Subject: adsi user groups enumeration All I want to do is print out the groups a user belongs to. I searched the list for 'group' but came up with nothing. Here is my code: #! C:\perl\bin\perl use strict; use warnings; # script modules usage use Win32::OLE; # base functionality # attach to user and my $oUser = Win32::OLE->GetObject("LDAP://cn=username,DC=test,DC=ca";); my (@aGroups, $sGroup); @aGroups = $oUser->GetEx('memberOf'); foreach $sGroup (@aGroups) { print "Group is: $sGroup\n"; } I have also tried: @aGroups = $oUser->Groups to no avail. I definitely is friday afternoon here, I can't get anything done. Any help? martin -- ***************************************************************** Martin Douglas (martin at you double-you oh dot see eh) ITS Network Operations Information Technology Services Natural Sciences Centre, Room 209 University of Western Ontario (519) 661-2111 x81187 _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs ------------------------------ _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs End of Perl-Win32-Admin Digest, Vol 6, Issue 6 ********************************************** *** Diese Mail wurde nach gef�hrlichen Inhalten gescannt *** *** WICHTIG: Bitte Vorsicht beim �ffnen von Mailanh�ngen von unbekannten oder verd�chtigen Absendern *** *** eSafe scanned this email for malicious content *** *** IMPORTANT: Do not open attachments from unrecognized senders *** All for One Systemhaus AG, Abteilung Professional Services _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
