3 Replies Latest reply on Jul 25, 2009 10:32 AM by SafeBoot

    Autodomain ConnectorName Problem

      Scenario:

      1. A user is not tradionally created by the AD Connector or deleted from the database.
      2. AutoDomain is set to RunOnceOnLogon=True.
      3. ConnectorName is designated to a Ad Connector.
      4. A Domain User logs into a machine for the first time and creates a new profile.
      5. AutoDomain Script runs at logon and creates the user in the database and assigns the user to the machine as expected.

      Now I assume that the ConnectorName in the script will bind thw user to the AD Connector but when I look at the binding properties of that user I see:

      SbAdCon1.val 0x00000000
      SbAdCon1.att objectGUID
      SbAdCon1.username 0x00000000

      When I run the AD Connector I get this error:

      error adding user "csutton" (0xdb010008) - "The object already exists"

      I look at the AutoDomainLog file and I have this entry:

      7/23/2009 21:11:49.88 PM: Created user "csutton" in the group Helpdesk.
      7/23/2009 21:11:50.08 PM: Running sbadmclAddBinding (csutton/SbAdCon1.username/\30\15\8d\6f\21\2a\c2\42\a3\89\5c\2a\36\53\1c\1c)...
      7/23/2009 21:11:50.09 PM: Existing Connection
      7/23/2009 21:11:50.19 PM: 0x00000000 | The operation completed successfully.
      7/23/2009 21:11:50.19 PM: Set binding for user "csutton"
      7/23/2009 21:11:50.19 PM: 0x00000000 | The operation completed successfully.
      7/23/2009 21:11:50.19 PM: Running sbadmclAddBinding (csutton/SbAdCon1.att/objectGUID)...
      7/23/2009 21:11:50.19 PM: Existing Connection
      7/23/2009 21:11:50.27 PM: 0x00000000 | The operation completed successfully.
      7/23/2009 21:11:50.27 PM: Set binding for user "csutton"
      7/23/2009 21:11:50.27 PM: 0x00000000 | The operation completed successfully.
      7/23/2009 21:11:50.27 PM: Running sbadmclAddBinding (csutton/SbAdCon1.val/0x00000000)...
      7/23/2009 21:11:50.27 PM: Existing Connection
      7/23/2009 21:11:50.34 PM: 0x00000000 | The operation completed successfully.
      7/23/2009 21:11:50.34 PM: Set binding for user "csutton"
      7/23/2009 21:11:50.34 PM: 0x00000000 | The operation completed successfully.
      7/23/2009 21:11:50.34 PM: Running sbadmclAddBinding (csutton/SbAdCon1.username/0x00000000)...
      7/23/2009 21:11:50.34 PM: Existing Connection
      7/23/2009 21:11:50.42 PM: 0x00000000 | The operation completed successfully.
      7/23/2009 21:11:50.42 PM: Set binding for user "csutton"
      7/23/2009 21:11:50.42 PM: 0x00000000 | The operation completed successfully.

      It seems at that the user gets the correct binding from the AD Connector and it is overwritten afterwards. I see that there were errors in the script like:

      7/23/2009 21:01:29.25 PM: ....Captured Command Result Description: Access to driver not permitted.

      I decided to include the command line utility SbAdmCl on the mahince and make the user a Domain Admin. The user logs into the machine for the first time. I still get the same results.

      Does the ConnectorName variable only work if the user is populated into the database by the AD Connector before they logon to the machine for the first time?
        • 1. RE: Autodomain ConnectorName Problem
          when you say the bindings are:

          SbAdCon1.val 0x00000000
          SbAdCon1.att objectGUID
          SbAdCon1.username 0x00000000

          Do you mean literally? that seems very odd - it should be the objectGUID, it should not say objectGUID...

          if so, that looks like a bug to me.
          • 2. RE: Autodomain ConnectorName Problem
            Yep. the binding properties of that user literally states - SbAdCon1.att objectGUID.

            I wonder if this is be a bug in the script or a problem in my virtual test environment?

            Has anyone had issues with this in production?
            • 3. RE: Autodomain ConnectorName Problem
              naa - it's me. I added some code to handle certs and used the return code from one arg as the input to another.

              you'll need to get a copy of v5.20+ I will publish it to ctogonewild next week.

              if you want to fix it yourself, its in the createuserhelper and createuserhelper2 routines - you'll see in the addbinding function I didnt use the userGUID in the right places, thus you got the success code (0x00000000) instead of the actual guid.

              my bad.