Hey, Scripting Guy! How Can I Retrieve the Value of an Active Directory Attribute that has a Hyphen in Its Name?


Hey, Scripting Guy! Question

Hey, Scripting Guy! We have a custom application that adds some attributes to the Active Directory schema. These attributes have hyphens in their names, and I can’t figure out how to retrieve the value of those attributes; any time I try to connect to one I get an error message. Any suggestions?

— TW

SpacerHey, Scripting Guy! Answer

Hey, TW. You know a lot of people don’t believe in coincidence or chance occurrence; instead, they believe that everything happens for a reason. (Of course, in the case of the Scripting Guys we usually can’t figure out what the heck that reason could be, but, still….)

Why do we mention the fact that many people don’t believe in coincidences? Well, interestingly enough, about the same time we received your email we were fooling around with some of the new attributes that have been added to the Active Directory schema for Windows Server 2003. Many of these new attributes also have hyphens in their names; thus we had simple little scripts similar to this:

Set objUser = GetObject(LDAP://cn=Ken Myer, OU=Finance, DC=fabrikam, DC=com)
Wscript.Echo "User account control computed: " & objUser.msDS-User-Account-Control-Computed

And what do you suppose happened when we tried running one of these simple little scripts? If you guessed, “It probably worked and you got back the value you were looking for,” well, take a look at this:

C:\Scripts\test.vbs(2, 1) Microsoft VBScript runtime error: Object doesn't support 
this property or method: 'objUser.msDS'

Yikes. ADSI doesn’t like seeing a hyphen in an attribute name; in fact, as far as ADSI is concerned the name of our property (msDS-User-Account-Control-Computed) consists of just the four letters msDS. As soon as it encounters the hyphen ADSI assumes it has reached the end of the attribute name; it then tries looking for an attribute named msDS and, not surprisingly, can’t find one.

Ah, but now the chain of “coincidences” gets really spooky. Just a week or so before that we had resolved a problem that had been bugging us for nearly a year: how can you use ADO to read a text file that contains a space in the file name? As it turned out, the answer was to enclose the file name in square brackets, like so:

strFile = "[Fabrikam Employees.txt]"

Although it seemed like a million-to-one shot, we decided to put square brackets around our Active Directory attribute name:

Set objUser = GetObject(LDAP://cn=Ken Myer, OU=Finance, DC=fabrikam, DC=com)
Wscript.Echo "User account control computed: " & objUser.[msDS-User-Account-Control-Computed]

If you’ve ever seen the Twilight Zone then you already know what happened: the square brackets worked like a charm! Do you need to get or set the value of an Active Directory attribute that has a hyphen in the name? Then just put square brackets around the name. Do that and – like magic – everything will work perfectly. Try it and see.

Yes, very eerie, isn’t it?

By the way, you can put square brackets around any attribute name and your script will work just fine. We aren’t sure why you’d do this, but following script will return the CN for the user Ken Myer:

Set objUser = GetObject(LDAP://cn=Ken Myer, OU=Finance, DC=fabrikam, DC=com)
Wscript.Echo "CN: " & objUser.[CN]

Makes you shudder just thinking about it, doesn’t it? But, then again, maybe it’s all just a coincidence….



Discussion is closed.

Feedback usabilla icon