Hi,
I wonder if anyone else has run into a situation, where normal ADSI
rootDSE binding doesn't work, unless the user is a domain admin?
The following two-line script is a sample:
Set objDSE = GetObject("LDAP://rootDSE")
WScript.Echo objDSE.Get("defaultNamingContext")
The first line produces the error 800401E4 (invalid syntax), if an end
user runs the lines on an XP SP1 workstation in my tiny dev forest.
- If the same user logs on to a DC (everyone is allowed to log on to
them in this case) and runs the lines, they work fine.
- If the same user is put in Domain Admins, the lines work fine even on
the previously mentiones XP workstation.
- If the same user (without being an admin) starts LDP on the XP
workstation, she'll get the rootDSE information in LDP.
This is only a two-DC dev forest (with one root domain and one child
domain), but I wonder if this could happen in production too? The DCs
are Windows Server 2003, and not even SP1, because they originate from a
project I did early last year, and now returned to it. Even though the
DCs were frozen for quite a while as Virtual PC images, replication
works quite fine and the tombstone lifetime is 10 years.
Yours, Sakari
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
