Active Directory UDF

[araneon]

Ok Thank you try

[araneon]

Thank you very much for UDF
Great job. Thank you very much!
Tell me how to learn the user logon script and how to change it?

[water]

The logon script path can be retrieved from property "scriptPath".

What do you mean by change? Modify the script or modify the user object so a different script is called at logon time?

[kor]

@water, it would be really nice if

_AD_GetUserGroups would allow me to return the group members as sAMAccountName

I can return sAMAccountName when I use _AD_RecursiveGetMemberOf, but doing a recursive search on each user is a huge performance hit.

[water]

I will have a look as soon as I return to my office.

[water]

The property "memberOf", which is queried by the function, stores the returned values as FQDN.

So there is no easy way to return the SamAccountName instead of the FQDN.

What do you need the SamAccountName for? All functions of the AD UDF accept FQDN and SamAccountName.

[araneon]

I need to know that the user is registered in Logon script:

And how to change this value?

[water]

That's set in the propery "scriptpath".

How to set the logon script is described here.

It's either by Group Policy or by setting parameter "scriptpath".

[araneon]

"scriptpath" That is as it should be sought.

Thank you very much.
Now think of how to change it!?

[water]

Now think of how to change it!?

 

Please see my previous post:

 

It's either by Group Policy or by setting parameter "scriptpath".

[water]

Version 1.4.1.1 (Bug fix) of the UDF has been released.

Only runs with AutoIt 3.3.12.0 and later.

Please test before using in production!

For download please see my signature.

[GregThompson]

I was looking to pull back email/name/display name/sAMAccountName from a group. Tried _AD_GetGroupMembers but that only pulls back the user string.

[water]

You have to do it in two steps.

First pull the members of a group. Then query each user for email/name/display name/sAMAccountName using _AD_GetObjectProperties.

[GregThompson]

Yeah, I wrote this...

#include <AD.au3>
Global $names

_AD_Open()

$aMembers = _AD_GetGroupMembers("CabbageSoupGroup")
If @error > 0 Then
    MsgBox(64, "You're a garbage man.", "Failed to get Group members.")
    Exit
Else
    _ArraySort($aMembers, 0, 1)
EndIf

For $i = 1 To $aMembers[0]
    $names = $names & "(sAMAccountName=" & _AD_FQDNToSamAccountName($aMembers[$i]) & ")"
Next
$names = "(|" & $names & ")"

$aObjects = _AD_GetObjectsInOU("OU=_Users,DC=NOYOUDONT!,DC=net", $names, 2, "DisplayName, sAMAccountName, Name, mail")

If @error > 0 Then
    MsgBox(64, "You failed again fatty!", "No OUs could be found")
Else
    _ArrayDisplay($aObjects, "Active Directory")

EndIf

_AD_Close()

Edited August 5, 2014 by GregThompson

[water]

Clever solution

[GregThompson]

I can't find one that will allow me to search for a group with a wildcard? Like a dsquery might look like this

dsquery group -name bomgar*

[water]

Use _AD_GetObjectsInOU using filter: "(&(objectCategory=group)(name=bomgar*))".

This will eventually return multiple results. Grab the one required and then run _AD_GetGroupMembers with this group name.

[GregThompson]

Yeah I just realized I was in the _Users OU and not our groups, that made the difference, thanks.

[Endot]

Hello!

I'm trying to create a script to reset all users in a targeted OU to a preset password. 

I seem to be having issues in the loop section.

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Sets the password for all users
; *****************************************************************************
#include <AD.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>

; Open Connection to the Active Directory
_AD_Open("Administrator", "password")
If @error Then Exit MsgBox(16, "Active Directory Master Password Reset", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

Global $iReply = MsgBox(308, "Active Directory Master Password Reset", "This script changes the password for all Users in the 'Quality' OU." & @CRLF & @CRLF & _
        "Are you sure you want to change the Active Directory?")
If $iReply <> 6 Then Exit

Global $aUsers
Global $sOU = "OU=Users,OU=Quality,OU=Engineering,DC=dev,DC=fbf"
$aUsers = _AD_GetObjectsInOU($sOU, "(objectclass=user)", 2, "name,samaccountname")
_ArraySort($aUsers, 0, 1)

For $i = 1 to $aUsers[0]
    Global $iValue = _AD_SetPassword( _AD_FQDNToSamAccountName($aUsers[$i]) & , "demo")
   If $iValue = 1 Then
    MsgBox(64, "Active Directory Functions - Set Password", "Password for user '" & $sUser & "' successfully changed")
   Else
    MsgBox(64, "Active Directory Functions - Set Password", "Return code '" & @error & "' from Active Directory")
   EndIf
Next
_AD_Close()

The error I'm receiving:

Any idea where I went wrong?

[Endot]

Got it worked out. There were a number of things I was doing incorrectly actually, mainly how I was attempting to target users using _AD_FQDNToSamAccountName when I'd already gotten their SamAccountname. 

 

Finished script:

#include <AD.au3>

; Open Connection to the Active Directory
_AD_Open("Administrator", "password")
If @error Then Exit MsgBox(16, "Active Directory Master Password Reset", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

Global $iReply = MsgBox(308, "Active Directory Master Password Reset", "This script changes the password for all Users in the 'Quality' OU." & @CRLF & @CRLF & _
"Are you sure you want to change the Active Directory?")
If $iReply <> 6 Then Exit

Global $aUsers
;update target to the appropriate OU you wish to reset
Global $sOU = "OU=Users,OU=Quality,OU=Engineering,DC=dev,DC=fbf"
$aUsers = _AD_GetObjectsInOU($sOU, "(objectclass=user)", 2, "samaccountname")

;reset password loop
FileWriteLine("log.txt", @Hour & ":" & @Min & ":" & @Sec & " - " & "Beginning Password Reset..." )
For $i = 1 to $aUsers[0]
    Global $iValue = _AD_SetPassword( $aUsers[$i], "demo") ; set password here
If @error Then Exit FileWriteLine("log.txt", @Hour & ":" & @Min & ":" & @Sec & " - " "There was an issue changing the password for " & $aUsers[$i] & " - @error = " & @error & ", @extended = " & @extended)
FileWriteLine("log.txt", @Hour & ":" & @Min & ":" & @Sec & " - " & $aUsers[$i] & "'s password changed to 'demo'" )
Next
FileWriteLine("log.txt", @Hour & ":" & @Min & ":" & @Sec & " - " & "Ending Password Reset" )
Global $iReply = MsgBox(0, "Active Directory Master Password Reset", "Password Reset Successful")
_AD_Close()

Edited August 26, 2014 by Endot