Hey, Scripting Guy! How Can I Retrieve the Value of an Active Directory Attribute that has a Hyphen in Its Name?

Hey, Scripting Guy! How Can I Retrieve the Value of an Active Directory Attribute that has a Hyphen in Its Name?

  • Comments 4
  • Likes

Hey, Scripting Guy! Question

Hey, Scripting Guy! We have a custom application that adds some attributes to the Active Directory schema. These attributes have hyphens in their names, and I can’t figure out how to retrieve the value of those attributes; any time I try to connect to one I get an error message. Any suggestions?

-- TW

SpacerHey, Scripting Guy! Answer

Hey, TW. You know a lot of people don’t believe in coincidence or chance occurrence; instead, they believe that everything happens for a reason. (Of course, in the case of the Scripting Guys we usually can’t figure out what the heck that reason could be, but, still….)

Why do we mention the fact that many people don’t believe in coincidences? Well, interestingly enough, about the same time we received your email we were fooling around with some of the new attributes that have been added to the Active Directory schema for Windows Server 2003. Many of these new attributes also have hyphens in their names; thus we had simple little scripts similar to this:

Set objUser = GetObject(LDAP://cn=Ken Myer, OU=Finance, DC=fabrikam, DC=com)
Wscript.Echo "User account control computed: " & objUser.msDS-User-Account-Control-Computed

And what do you suppose happened when we tried running one of these simple little scripts? If you guessed, “It probably worked and you got back the value you were looking for,” well, take a look at this:

C:\Scripts\test.vbs(2, 1) Microsoft VBScript runtime error: Object doesn't support 
this property or method: 'objUser.msDS'

Yikes. ADSI doesn’t like seeing a hyphen in an attribute name; in fact, as far as ADSI is concerned the name of our property (msDS-User-Account-Control-Computed) consists of just the four letters msDS. As soon as it encounters the hyphen ADSI assumes it has reached the end of the attribute name; it then tries looking for an attribute named msDS and, not surprisingly, can’t find one.

Ah, but now the chain of “coincidences” gets really spooky. Just a week or so before that we had resolved a problem that had been bugging us for nearly a year: how can you use ADO to read a text file that contains a space in the file name? As it turned out, the answer was to enclose the file name in square brackets, like so:

strFile = "[Fabrikam Employees.txt]"

Although it seemed like a million-to-one shot, we decided to put square brackets around our Active Directory attribute name:

Set objUser = GetObject(LDAP://cn=Ken Myer, OU=Finance, DC=fabrikam, DC=com)
Wscript.Echo "User account control computed: " & objUser.[msDS-User-Account-Control-Computed]

If you’ve ever seen the Twilight Zone then you already know what happened: the square brackets worked like a charm! Do you need to get or set the value of an Active Directory attribute that has a hyphen in the name? Then just put square brackets around the name. Do that and - like magic - everything will work perfectly. Try it and see.

Yes, very eerie, isn’t it?

By the way, you can put square brackets around any attribute name and your script will work just fine. We aren’t sure why you’d do this, but following script will return the CN for the user Ken Myer:

Set objUser = GetObject(LDAP://cn=Ken Myer, OU=Finance, DC=fabrikam, DC=com)
Wscript.Echo "CN: " & objUser.[CN]

Makes you shudder just thinking about it, doesn’t it? But, then again, maybe it’s all just a coincidence….

 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • A minor point, but I believe the problem with dashes is not ADSI but the VBScript interpreter. The dash does not require escaping in AD. Neither does the forward slash, but ADSI does require escaping the forward slash with a backslash. ADO uses ADSI, but I can query AD for attribute values where the attribute name includes dashes with no problem. I also note that the following works fine:

    objUser.Get("msDS-User-Account-Control-Computed")

    I also note that the square brackets are required in VBScript if you have a variable name identical to a reserved name, such as a variable named "Call". I think the square brackets are required in the example because otherwise the interpreter will assume the dash is a math operator.

  • Warming up old stuff! Yeah. First I was very happy finding a site which find a solution to this very special problem. But as I tried the solution it didnt worked then I tried Richards suggestions and with this one I was really able to read the appropriate attribute. Just one problem left... I need to change this attribute now... :(

    Anyone found a solution to do this?

    regards Tekkion

  • You guys are awesome !

  • thank you