regygys Posted March 5, 2007 Share Posted March 5, 2007 (edited) hi, I need you for a ldap request. I got 2 domains XX and XY and they approved each other. When i execute the script with the XX administrator on the XX domain the script is working. But when i use it the script with the XX administrator on the XY domain the script is not working... $objConnection = ObjCreate("ADODB.Connection") $objConnection.Open ("Provider=ADsDSOObject;") $objCommand = ObjCreate("ADODB.Command") $objCommand.ActiveConnection = $objConnection $objCommand.CommandText = "<LDAP://" & $domain & ">;(&(objectCategory=Computer)" & $filter & "(CN=" & $name & "));operatingSystem;substree" $objRecordSet = $objCommand.Execute if $objRecordSet.RecordCount = 0 then How make a ldap request in a different domain where ever the administrator had the good rights ? Edited March 5, 2007 by regygys Link to comment Share on other sites More sharing options...
joness59 Posted March 6, 2007 Share Posted March 6, 2007 I am trying to do something similar where I need to authenticate myself to the LDAP from a machine that is not on the domain. I haven't got it to fully work yet, but here is a snippet of my code and maybe you or someone else can help figure this out.$objConnection = ObjCreate("ADODB.Connection") ; Create COM object to AD$objConnection.Provider = "ADsDSOObject"$objConnection.Properties("User ID") = "domain\userid"$objConnection.Properties("Password") = "password"$objConnection.Properties("Encrypt Password") = TRUE$objConnection.Properties("ADSI Flag") = 3$objConnection.Open ("Active Directory Provider") ; Open connection to AD$objRootDSE = ObjGet("LDAP://RootDSE")$objCommand = ObjCreate("ADODB.Command"); Dustin$objCommand.ActiveConnection = $objConnection; DustinAlso check out this link - http://www.microsoft.com/technet/scriptcen...05/hey1209.mspxHope this points you in the right direction. Link to comment Share on other sites More sharing options...
chr Posted March 7, 2007 Share Posted March 7, 2007 I am trying to do something similar where I need to authenticate myself to the LDAP from a machine that is not on the domain. I haven't got it to fully work yet, but here is a snippet of my code and maybe you or someone else can help figure this out. I've put this working code together from different sources. The code should be cleaned up, and exploded into more functions (authenticate,getDN,isMemberOfGroup etc...) CODE $oMyError = ObjEvent("AutoIt.Error", "ComError") global $strDNSDomain = "10.255.255.38" global $group = "Users" ; a group the user must be member of $isValid = authenticate("username","password"); returns 1 for success! Func authenticate($user,$password) Dim $usergroups[1], $i = 1 Dim $objConnection, $oUsr,$groupdn Local $ADS_SECURE_AUTHENTICATION = 0x0001 $objConnection = ObjCreate("ADODB.Connection") ; Create COM object to AD $objConnection.Provider = "ADsDSOObject" $objConnection.Properties("Encrypt Password") = 1 $objConnection.Properties("ADSI Flag") = $ADS_SECURE_AUTHENTICATION $objConnection.Properties("User ID") = $user $objConnection.Properties("Password") = $password $objConnection.Open ("Active Directory Provider") ; Open connection to AD ;not needed: ;$objRootDSE = ObjGet("LDAP://"&$strDNSDomain&"/RootDSE") ;Global $strDNSDomain_ = $objRootDSE.Get ("defaultNamingContext") ; Retrieve the current AD domain name $strQuery = "<LDAP://" & $strDNSDomain & ">;(sAMAccountName=" &$user& ");distinguishedName;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the logged on user If @error <> 0 Then Return 0 if $objRecordSet.eof then SetError(2) Return 0 ;group non found Else $userdn=$objRecordSet.fields(0).value EndIf global $strGrpPassed = false Dim $objGroupList, $objUser, $strDN global $o = ObjGet("LDAP:") $objUser = $o.OpenDSObject("LDAP://" & $strDNSDomain & "/" & $userdn, $user , $password , 1) ; Bind to dictionary object. global $objGroupList = ObjCreate("Scripting.Dictionary") ; Enumerate group memberships. EnumGroups($objUser,$user,$password) return $strGrpPassed ; return true if authentication and membership of $group is ok. EndFunc Func EnumGroups($objADObject,$user,$password) ; Recursive subroutine to enumerate user group memberships. ; Includes nested group memberships. Local $colstrGroups, $objGroup, $j $objGroupList.CompareMode = 1 ;vbTextCompare $colstrGroups = $objADObject.memberOf If not IsArray($colstrGroups) Then Return EndIf For $j = 0 To UBound($colstrGroups)-1 $objGroup = $o.OpenDSObject("LDAP://" & $strDNSDomain & "/" & $colstrGroups[$j], $user , $password , 1) If Not $objGroupList.Exists($objGroup.sAMAccountName) Then $objGroupList($objGroup.sAMAccountName) = True ; $group should be a parameter to function call, not global if $group = StringRight($objGroup.Name,StringLen($objGroup.Name) -3) then $strGrpPassed = true EndIf EnumGroups($objGroup,$user,$password) EndIf Next $objGroup = "nothing" EndFunc ;COM Error function Func ComError() If IsObj($oMyError) Then $HexNumber = Hex($oMyError.number, 8) SetError($HexNumber) Else SetError(1) EndIf Return 0 EndFunc ;==>ComError Link to comment Share on other sites More sharing options...
regygys Posted March 19, 2007 Author Share Posted March 19, 2007 I didn't found yet the way to request a different Domain with account of an other domain who have the right to do it... Any ideas ? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now