Monday, June 2, 2008

VBScript: Error : An invalid dn syntax has been specified

You receive this error message when manipulating AD objects that contain characters including:

Reserved character Description Hex value

space or # character at the beginning of a string

space character at the end of a string
, comma 0x2C
+ plus sign 0x2B
" double quote 0x22
\ backslash 0x5C
< left angle bracket 0x3C
> right angle bracket 0x3E
; semicolon 0x3B
LF line feed 0x0A
CR carriage return 0x0D
= equals sign 0x3D
/ forwards slash 0x2F

Working with AD accounts and groups with reserved characters

For most reserved characters, you can use them in binding strings simply by placing a backslash (\) in front of the characters. This script will successfully bind to the !TestGroup group and report back the user’s CN:
Set objGroup = GetObject("LDAP://CN=\!TestGroup,OU=Accounting,DC=fabrikam,DC=com")
Wscript.Echo objGroup.CN

Related articles
http://www.microsoft.com/technet/scriptcenter/resources/qanda/nov04/hey1105.mspx
http://msdn.microsoft.com/en-us/library/aa366101(VS.85).aspx

No comments: