0

Basically, what I'm trying to accomplish is deleting a non-leaf user object from MS Active Directory. At some point in time, a few additional objects were put underneath these non-leaf user objects, so I am trying to query for all these objects underneath the base and remove them first.

Here is my query in VBScript:

qQuery = "<LDAP://[SERVERNAME]/[BASE_USER_OBJECT]>;" & _
"(objectCategory=*);dn

I am expecting this to return the dn of every object below my base user object. The script throws an "Unspecified Error".

If I change the requesting attributes to distinguishedName instead of dn, then it runs just fine and returns the distinguishedName attribute from a few of the child objects. The problem is that a majority of the child objects don't have this distinguishedName attribute, or ANY attribute for that matter.

Is there any way to query for the dn in VBScript?

Thank you for any help in advance!

robbie
  • 658
  • 3
  • 11
  • 26
  • If the objects don't have any attributes, what exactly are they? Other OUs? – Kodra Apr 24 '12 at 14:07
  • @Kodra It's another CN underneath the base. They were put there for some application to use single sign on. They are not needed anymore, and I need to clean them up. – robbie Apr 24 '12 at 14:37

1 Answers1

1

Guaranteed the objects have a distinguishedName. It's mandatory. Do you have enough permission to see these objects?

This link has a number of good examples for your situation - http://www.selfadsi.org/delete.htm.

Brian Desmond
  • 4,473
  • 1
  • 13
  • 11
  • You were correct. I had to bind as a domain admin in order to see the `distinguishedName` attribute. Thank you. – robbie Apr 24 '12 at 16:35