Greetings, I have been using the following VBscript code to translate SIDs to LDAP DNs for my main AD domain with no issues. Recently we have created a new tree in our forest and the objTranslate.Set call fails with: "Could not find the name or insufficient right to see name." The objTranslate.Set call fails even when logged in as a Domain and/or Enterprise Admins. The existing domain started life as a Win2k mixed mode and has since been upgraded & converted to Win2003 native. The new domain has been created from scratch as Win2003 AD (1st change was to make it native). Obviously it is something different between the two domains, but where do I start looking??? Thanks in advance! '------------------------------------------- Set objTranslate = CreateObject("NameTranslate") objTranslate.Init ADS_NAME_INITTYPE_DOMAIN, strDomainName objTranslate.Set ADS_NAME_TYPE_NT4, strDomainName & "\" & strUserName strUserDN = objTranslate.Get(ADS_NAME_TYPE_1779) Set objUser = GetObject("LDAP://" & strUserDN) objUser.GetInfoEx Array("tokenGroups"), 0 arrTokenGroups = objUser.Get("tokenGroups") For intCounter = LBound(arrTokenGroups) To UBound(arrTokenGroups) strSid = ConvertHexStringToSidString(ConvertByteArrayToHexString(arrTokenGroups(intCounter))) objTranslate.Set ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME, strSid strUserDN = objTranslate.Get(ADS_NAME_TYPE_1779) WScript.Echo "SID: " & strSid WScript.Echo "DN: " & strUserDN Next '-------------------------------------------
