936 replies to this topic

[water]

I have converted and extended the adfunctions.au3 written by Jonathan Clelland to a full AutoIt UDF including help file, examples, ScITE integration etc.
The example scripts should run fine without changes.

2012-10-12: Version: 1.3.0.0
As always: Please test before using in production!

Spoiler

KNOWN BUGS: (Last changed: 2012-12-19)

• If you run AutoIt < 3.3.9.2 and your script defines a COM error handler before _AD_Open is called then _AD_Open will fail with @error = 3.
  Thanks to user bartekd for pointing me to this error. A workaround is available.
• If you try to delete an object with characters that need to be escaped in the CN then function _AD_DeleteObject will crash.
  Thanks to user bartekd for pointing me to this error. A workaround is available.

General:

• This version should (again) run with all production and beta versions of AutoIt. It combines 1.2.0 and 1.2.2.0.
  The COM error handler is activated automatically when the AutoIt version is < 3.3.9.2

 AD 1.3.0.0.zip   275.81K   3890 downloads
 History.txt   49.34K   813 downloads

Edited by water, 13 January 2013 - 07:16 PM.

[water]

I've finished to implement the read-only functions (see previous post).
Before I start with the write-functions I need a volunteer to help me test this functions as I don't have write access to an Active Directory.

[rogerd2u]

Just wanted to say that you've done an awesome job thus far!!! I look forward to using this UDF!!!

I'm converting Jonathan Clelland adfunctions.au3 to a full AutoiIt UDF including help file, examples, ScITE integration etc.
In a first step the readonly functions will be converted.
In a second step all other functions will follow.

[water]

Anyone willing to run the example scripts and report errors/problems?

[FractalReactor]

hi,
Sorry for my bad English, I speak Spanish.
I can test functions. I have an AD, in which test some of the functions read-only of your library.

I leave my mail marianilucas@gmail.com

greetings

Edited by FractalReactor, 12 December 2009 - 10:18 PM.

[water]

More then 50 downloads and still no error reports?

Edited by water, 18 December 2009 - 08:51 AM.

[stamandster]

More then 50 downloads and still no error reports?

Working great Water! I'm currently using it in production.

I've adapted the example to my environment, it will check for FQDN group if you want but you can change it to general

Plain Text        expandcollapse  popup

Func _AD_UserInGroup($ADusername,$ADGroupName,$FQDN = 0)
    ; Open Connection to the Active Directory
    local $founduser
    _AD_Open()

    ; Get an array of group names (FQDN) that the current user is immediately a member of
    _AD_GetUserGroups($aUser, $ADusername)

    IF $FQDN = 0 Then 
        $ADGroupName = "CN=" & $ADGroupName & ","
    Endif
    
    For $each in $aUser
        IF StringinStr($each,$ADGroupName) Then
            _AD_Close()
            Return 1
        Endif
    Next

    _AD_Close()
    
    Return 0
    
EndFunc

Edited by kickarse, 18 December 2009 - 06:09 PM.

[someone]

@Water,

I'll do my best to check things out and test..I have access to an AD environment. If there is anything specific you want tested please let me know otherwise I'll just go through as best I can. Regardless though I want to say thanks for heading up this UDF project.... I used adfunctions.au3 pretty recently to make an easy add/remove groups interface for myself.

[water]

Working great Water! I'm currently using it in production.

I've adapted the example to my environment, it will check for FQDN group if you want but you can change it to general

Hi kickarse,
I think the function you have written (test if a user is a member of a specific group) is already available as "_AD_IsMemberOf($sAD_Group, $sAD_User)"

Edited by water, 20 December 2009 - 01:57 PM.

[Yorn]

water,
Thank you very much for working on this. I'm going to have to revise/revisit most of my scripts because of what you're doing, but it'll be well worth it. I'm very thankful for Johnny having made the original as well! This is probably my most-used UDF.

[water]

Glad to hear that it's of use for someone

[Talder]

Hi,

First off all, great job and very useful UDF!

For those who are interested on making connection to a domain controller from a pc that is not registered into any domain, i had to change one line

Local $oAD_RootDSE = ObjGet("LDAP://RootDSE")

into

Local $oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServerParam & "/RootDSE")

and i was able to connect and query the domain controller. (of course you have to provide all necessary parameters to _ad_open())

Without this change you get a COM error.

Bye,

Tim

[EndFunc]

I've been using the other adfuctions.au3 and I have to admit that there should have been examples because some of the functions were a little hard to get working.
I had trouble with several that I ended up just finding vbscripts and converting them to autoit. Example I could never get the list domains controllers to work with the one in that UDF, but I found a vbscript that did the same thing and converted it to autoit. I have also since made several other custom AD functions not included in the adfuntions. I would love to see this as an official UDF so that it shows up in Scite and in the help file with usage examples.
Thanks for taking this one as it has been needed for a long time.

Edited by EndFunc, 23 December 2009 - 11:02 PM.

[water]

@EndFunc
If there are any functions you want to see in the UDF which are not yet implemented in adfunctions.au3 or AD.au3 please just drop me a note and I will do my very best.

[EndFunc]

@EndFunc
If there are any functions you want to see in the UDF which are not yet implemented in adfunctions.au3 or AD.au3 please just drop me a note and I will do my very best.

Well something that would be a awesome function is searchable usernames. Just like the find in ADUC. I can pull up info based on a username but if it isn't exact then you get the error. What would be nice is that if finds names that match or are close and give you a choice. I've been trying to look at that but so far no go.

This guy's site has some very good vbscripts for many things. I've used a few of them in AutoIt. Some were difficult to convert because of not knowning the AutoIt equivalent. Anyway check out this site. Lots of good stuff for functions. That's just for seaching stuff, he has much more code on his site for other things.

http://www.rlmueller.net/freecode6.htm

Edited by EndFunc, 03 January 2010 - 10:23 PM.

[EndFunc]

Known bugs:

• _AD_Open: Still does not work when you connect from a PC that is no domain member. Is solved in the next version
• _AD_ListRoleOwners: Gives "Object referenced outside a "With" statement." in some environments
• _AD_ListSites: Gives a COM error in some environments
• _AD_MoveObject: Wrong syntax. Will be changed in next version
• _AD_EnablePasswordChange and _AD_DisablePasswordChange: Do not work at all. We investigate the situation - I think we will have to rewrite the code

[b]

These original functions in adfunctions.au3 work fine for me, so why not use it as it is, just updating the vars?
_ADEnablePasswordChange and _ADDisablePasswordChange

Edited by EndFunc, 03 January 2010 - 10:39 PM.

[water]

Hi EndFunc,

thanks for your reply!

• All readonly functions work fine in my environment (have only readonly access to an AD). The "known bugs" section lists some errors another user gets when he uses AD.au3 from a PC which is not a member of a domain.
• I will have a look at the suggested site. Are there any functions you would like to see in AD.au3?
• To search for a user name (full or partial) you can use something like: _AD_GetObjectsInOU($asUser, $sOU, "(&(objectCategory=user)(name="*water*))", 2, "department,cn,distinguishedName,sAMAccountName")
  This will return department, full name, FQDN and sAMAccountname for all users in the specified OU that have "water" somewhere in the field "name".
• _ADEnablePasswordChange and _ADDisablePasswordChange: As I understand the ACEs have to be sorted (according to KB269159) to make sure they work in all situations. The following scripts give an example. Do they work for you?
  http://www.wisesoft.co.uk/scripts/vbscri...disable_user_cannot_change_password.aspx
  http://www.rlmueller.net/Cannot%20Change%20PW.htm

I hope I will soon release a new version.

Edited by water, 06 January 2010 - 12:40 PM.

[water]

Hi EndFunc,

I did check out this site (http://www.rlmueller.net/freecode6.htm). Here are my findings:

• Search for Common Name: Use _AD_GetObjectsInOU
• Duplicate Display Names: _AD_GetObjectsInOU with sort parameter "displayname" and then check the resulting array
• Enumerate DC's: I've modified _AD_ListDomainControllers and incorporated the code from this script
• Enumerate Servers: Use _AD_GetObjectsInOU
• Document Forest: Use multiple calls to _AD_GetObjectsInOU
• Create User List: Use _AD_GetObjectsInOU
• Move Old Computers: _AD_GetPasswordInfo, _AD_DisableObject and _AD_MoveObject
• Computer Roles: Uses WMI which is outside the scope of the AD UDF
• Inventory Computers: Use _AD_GetObjectsInOU and the Excel UDF
• Document Organization: Not yet implemented in the AD UDF. Will be implemented if enough users have a need for it
• Unique Computer SIDs: Uses WINNT:// which is outside the scope of the AD UDF
• Local Admin Passwords: Uses WINNT:// which is outside the scope of the AD UDF
• Generic ADO Searches: Use _AD_GetObjectsInOU

If there are any functions you would like to see in the AD UDF please drop me a note.

Edited by water, 06 January 2010 - 12:59 PM.

[bavery]

First off, great work. Your AD functions are fantastic.

I have a bug/issue to report:

I noticed when I installed version 3.3.4.0 of AutoIt the _AD_IsMemberOf() function no longer works (i was using ad.au3 v0.33). It simply returns a -1. I rolled back to 3.3.0.0 and everything works fine. However, other functions such as _AD_GetUserGroups work with the new version. I also tried the original adfunctions.au3 file, and it also returns -1.

[water]

Hi,
I think we got hit by bug #1068: Binary to Int. This was fixed in 3.3.2.0
I was always wondering why the function returned a negative value because IsMember only returns 0x0 or 0x1.
I changed the code to return an absolute value so the function returns a valid result for every AutoIt version.