Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
JeTmAn
Starting Member
2 Posts |
 Posted - 2005-12-19 : 16:33:45
|
| Hi, first time poster. My situation is as follows:On our network where I work we've got an Active Directory group called noPolicy. If you are a part of this group, a popup window appears when you log on asking you to take a work policies quiz. Once you have successfully completed that quiz, you are supposed to be automatically removed from the noPolicy group so you don't get that popup window on logon anymore. The process for removing users from this group goes like this: A. From the quiz page (an ASP.NET page), when someone has successfully completed the quiz, xp_cmdshell is called with the argument of C:\noPolicy.vbs usersnamegoes here. B. The noPolicy.vbs script takes the username passed to it and removes them from the noPolicy group in active directory. This is all fairly straightforward, and it all worked just like it was supposed to until recently. Now, for some reason xp_cmdshell fails to remove a user from the noPolicy group when it is executed from the web box.I have established that:A. xp_cmdshell itself works fine. It returns results when I run other commands, such as a dir command (which returns the contents of the root directory). B. The script for removing the user from Active Directory works fine. When I run it from the command-line after logging directly into the SQL box in which it is contained, it does exactly what it's supposed to.So the disconnect is somehow occurring between xp_cmdshell and the VBscript. xp_cmdshell by itself works fine. The script by itself works fine. But try and use xp_cmdshell to run the script and for some reason it fails. This has to be permissions-related, but I'm not sure what could be stopping it. I do know that the user SQL is set up to run xp_cmdshell as is a domain admin user with all the authority it needs to make changes in Active Directory, and after all this was all working fine until just recently. I can't figure out what might've changed.Well, if anyone is willing to read through all that and attempt a response, I will be very appreciative. This has been a real head-scratcher. |
|
|
SQLServerDBA_Dan
Aged Yak Warrior
752 Posts |
Posted - 2005-12-19 : 16:55:53
|
| #1) If you're using ASP.NET then why not just write some C# or VB.NET to take them out of the group? It seems silly to me that you'd delegate that task to SQL Server instead of use what you already have in your quiz. People generally don't approve of putting triggers on system tables. Keep VB code where it belongs (in your application).#2) To run a vb script from a command line dont you need to call cscript instead of the script itself? (exec master..xp_cmdshell 'Cscript D:\scripts\MyScript.vbs')Daniel, MCP, A+SQL Server DBAwww.dallasteam.com |
 |
|
|
JeTmAn
Starting Member
2 Posts |
Posted - 2005-12-19 : 17:44:07
|
quote:
#1) If you're using ASP.NET then why not just write some C# or VB.NET to take them out of the group? It seems silly to me that you'd delegate that task to SQL Server instead of use what you already have in your quiz. People generally don't approve of putting triggers on system tables. Keep VB code where it belongs (in your application).
Well, IIRC correctly I tried that at first but had some trouble doing it. I believe it was because I was trying to still run the script on the command-line by calling it from the page, which is naturally made very difficult by necessary security precautions. However you seem to be referring to manipulating AD directly using VB.NET...this is something I haven't done before so I wasn't aware of the possibilities for this. Care to enlighten me? quote:
#2) To run a vb script from a command line dont you need to call cscript instead of the script itself? (exec master..xp_cmdshell 'Cscript D:\scripts\MyScript.vbs')
No, Windows Server 2003 at least interprets VBscript natively, and this process was working just fine before, and the method of running the script has not changed.Thanks for your response!Daniel, MCP, A+SQL Server DBAwww.dallasteam.com[/quote] |
|
|
|
SQLServerDBA_Dan
Aged Yak Warrior
752 Posts |
Posted - 2005-12-20 : 09:00:00
|
quote:
Originally posted by JeTmAn
quote:
#1) If you're using ASP.NET then why not just write some C# or VB.NET to take them out of the group? It seems silly to me that you'd delegate that task to SQL Server instead of use what you already have in your quiz. People generally don't approve of putting triggers on system tables. Keep VB code where it belongs (in your application).
Well, IIRC correctly I tried that at first but had some trouble doing it. I believe it was because I was trying to still run the script on the command-line by calling it from the page, which is naturally made very difficult by necessary security precautions. However you seem to be referring to manipulating AD directly using VB.NET...this is something I haven't done before so I wasn't aware of the possibilities for this. Care to enlighten me?
Active Directory is native to .NET and located in SYSTEM.DIRECTORYSERVICES.Google this info: VB.NET "Active directory"ORGoogle this info: VB.NET "System.DirectoryServices"What all can be done from here, I don't know. I'm a DBA not a .NET developer.  Have fun,Daniel, MCP, A+SQL Server DBAwww.dallasteam.com |
|
|
|
|
|
|
|
|
Problem using xp_cmdshell with VBscript