Setting Attribute Values with ADSI

ItsMe2003 has asked for the wisdom of the Perl Monks concerning the following question:

I've done several small projects using ADSI (Win32::OLE) to do various tasks in Active Directory, such as create and delete users, groups, containers, add and remove users, etc. I have not done much with setting any attribute values, except for setting some attributes when creating objects. Now I need to set a value for an attribute and read it back later in the program. This should be simple to do, but it's not doing what I expect it to do. It's got to be something I'm doing wrong, but for the life of me I just can't see it. I have pasted a sample program below that demonstrates the problem.

I have tried this on two different domains, and with at least half a dozen different attributes, such as: description, displayName, adminDescription, company, etc. I realize that some of those attributes are multi-valued, and that if I was really trying to work with them I would need to use PutEX. I have tried printing Win32::OLE->LastError but it is always 0. I've also tried adding a GetInfo() after the SetInfo(), but to no avail. This code is correctly setting the value in active directory, but for the life of me I cannot see what the problem is. Could someone please tell me what I am doing wrong.

Here is the program:

    use strict;
    use warnings;
    use diagnostics;
    use Win32::OLE;
    $Win32::OLE::Warn = 3;

    my $ldapStr="LDAP://CN=MyTest User,OU=Test,DC=ZZZZZZZZ,DC=local";
    my $userObject = Win32::OLE->GetObject($ldapStr);
    print "$userObject->{displayName}\n";
    $userObject->{displayName}="aaaabbbb";
    $userObject->SetInfo();
    print "$userObject->{displayName}\n";
[download]

And here is the output:

cccaaabbbcccddd
ARRAY(0x52bf334)
[download]

The first value printed is correct, but I expect to see "aaaabbbb" as the second value. I would appreciate any guidance to what I need to do to fix this.

Comment on Setting Attribute Values with ADSI Select or Download Code

Replies are listed 'Best First'.
Re: Setting Attribute Values with ADSI by GrandFather (Saint) on Jan 01, 2012 at 00:01 UTC
`$userObject->{displayName}` has become an array reference. It's not at all clear why SetInfo should change displayName/FullName, however you can show the contents of the array using: `print "@{$userObject->{displayName}}\n";` [download] which may shed some light on what is going on. True laziness is hard work	[reply] [d/l] [select]
Re^2: Setting Attribute Values with ADSI by ItsMe2003 (Initiate) on Jan 01, 2012 at 08:54 UTC
Your suggestion provided more information, but I don't know what to make of it. I had tried to dereference the array before posting, but I must have done something wrong. When I added your suggested line of code, I got: `top person organizationalPerson user` [download] as the output. Those are the values of the "objectClass" attribute. Any ideas why it would be reading objectClass instead of displayName?	[reply] [d/l]
Re: Setting Attribute Values with ADSI by NetWallah (Canon) on Jan 01, 2012 at 06:04 UTC
When you query "$userObject->{displayName}", you are getting data from a cached version, which is populated by GetObject. I think when you call SetInfo(), the cache changes, so you probably need to call GetObject again. Also - I would recommend doing error-checking at each step. For info and examples, check the ADSI chapter in 'perl for system admin'. "Battle not with trolls, lest ye become a troll; and if you gaze into the Internet, the Internet gazes also into you." -Friedrich Nietzsche: A Dynamic Translation	[reply]
Re^2: Setting Attribute Values with ADSI by ItsMe2003 (Initiate) on Jan 02, 2012 at 05:28 UTC
Thanks for answering. As I mentioned in the original post, I did the error checking after every ADSI call and got a 0 return code, I figured my sample code might be clearer if I omitted it. I don't know for sure about having to do another GetObject. It's possible that it works that way, but I've never read anything about having to do that, and I've read the chapter that you recommended (several times), at least 20 nodes here at perlmonks about ADSI, and perhaps 50 other web pages about ADSI programming. Most of those pages use VB in their examples, but I think for the most part, the ADSI stuff has a one-to-one translation between VB and Perl. I did see a VB example on MSDN that suggests that you don't have to do that. The page at: http://technet.microsoft.com/en-us/library/ee156502.aspx shows writing an attribute, doing a SetInfo, then reading the attribute back in without doing another GetObject. I've snipped out most of the code just to keep this short and readable. `Set objUser = _ GetObject("LDAP://cn=MyerKen,ou=HR,dc=NA,dc=fabrikam,dc=com") '<snip> objUser.Put "givenName", "Ken" '<snip> objUser.SetInfo '<snip> strGivenName = objUser.Get("givenName") '<snip> Wscript.Echo "givenName: " & strGivenName` [download] I figured all along that doing GetObject again would work (and I verified that this evening). I wanted to try to avoid that if possible, as I had designed the program around creating the connection once, and keeping it open for the duration of the program, then letting it close at the end. I want to fully credit you with your suggestion about GetObject, because even though I believed it would work, until you suggested it I never considered it as a workaround. I was planning on opening the connection at the beginning of the program and closing it at the end. Without boring you with the details, what I can do is actually create one connection that I keep open like I was planning to do, and since I only have one object that I need to read, write, then read from, I will use a second connection for that and open it and close it as I need to do the reads and writes.	[reply] [d/l]