932 replies to this topic

[water]

Some thoughts to your script:

• You know that you can specify the attributes to be returned by _AD_GetObjectProperties? In your case:

$object_properties = _AD_GetObjectProperties($initials,"givenName,sn,displayName,company,department,physicalDeliveryOfficeName,lastLogon,pwdLastSet,accountExpires")

• lastLogon doesn't return the "true" last logon date as this is not propagated to all DCs. Use _AD_GetLastLoginDate instead

Edited by water, 10 March 2010 - 06:36 PM.

[gcue]

thanks for the heads up!

[deeptrancer]

Function _AD_DisablePasswordExpire doesn't work Can Somebody fix it ???

[water]

Function _AD_DisablePasswordExpire doesn't work Can Somebody fix it ???

Moved your question to the "General Help and Support Thread"

[eternally1027]

Here is another script which I have converted from Jonathan Clelland's AD UDF, v3.3.

It is working perfectly.

It is, admittedly, lacking error checking.

AutoIt        expandcollapse  popup

; #Function#====================================================================================================================
; Name...........: _AD_MailEnableUser
; Description ...: Enables Mail for a User
; Syntax.........: _AD_MailEnableUser($sAD_User, $mdbstore, $store, $server, $admingroup, $domain, $emaildomain)
; Parameters ....: $sAD_User - Username, $mdbstore - Mailbox Store Name, $store - Information Store
;                : $server - Email Server, $admingroup - Admin Group in Exchange, $domain - Domain Name
;                : $emaildomain - Exchange Server Group Name
; Return values .: 1 (Worked)
; Author ........: Jonathan Clelland
; Modified.......: Ethan Turk
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......:
; ===============================================================================================================================

Func _AD_MailEnableUser($sAD_User, $mdbstore, $store, $server, $admingroup, $domain, $emaildomain)

    If _AD_ObjectExists($sAD_User) = 0 Then Return 0
    $sAD_Query = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(sAMAccountName=" & $sAD_User & ");ADsPath;subtree"
    Local $oAD_RecordSet = $oAD_Connection.Execute($sAD_Query) ; Retrieve the FQDN for the object
    $sAD_LDAPEntry = $oAD_RecordSet.fields(0).value
    Local $oAD_Object = _AD_ObjGet($sAD_LDAPEntry) ; Retrieve the COM Object for the object

    ;If $oAD_Object.HomeMDB <> "" Then Return 0

    $mailboxpath = "LDAP://CN="
    $mailboxpath = $mailboxpath & $mdbstore
    $mailboxpath = $mailboxpath & ",CN="
    $mailboxpath = $mailboxpath & $store
    $mailboxpath = $mailboxpath & ",CN=InformationStore"
    $mailboxpath = $mailboxpath & ",CN="
    $mailboxpath = $mailboxpath & $server
    $mailboxpath = $mailboxpath & ",CN=Servers,CN="
    $mailboxpath = $mailboxpath & $admingroup
    $mailboxpath = $mailboxpath & ",CN=Administrative Groups,CN=" & $emaildomain & ",CN=Microsoft Exchange,CN=Services,CN=Configuration,"
    $mailboxpath = $mailboxpath & $domain

    $oAD_Object.MailNickName = $sAD_User

    $oAD_Object.CreateMailbox($mailboxpath)
    $oAD_Object.SetInfo

    $oAD_Object = 0

    Return 1

EndFunc

[Joe2010]

Hi,

I tested a lot of functions and fixed the following bugs (Win2003Server Domain):

1.
In the new version AD 0.37 the Func _AD_GetObjectsInOU returns an empty array because of $aAD_DataToRetrieve.
Original:
Line 1133:

$aAD_Objects[$iCount2] = $oAD_RecordSet.Fields($aAD_DataToRetrieve).Value

Fixed (like previous versions):
Line 1133:

$aAD_Objects[$iCount2] = $oAD_RecordSet.Fields($sAD_DataToRetrieve).Value

2.
Also in the Func _AD_GetObjectsInOU the "Searchscope property" doesn't work. The last argument ";subtree" is used for this.
Line 1098:

$oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_OU & ">;" & $sAD_Filter & ";" & $sAD_DataToRetrieve & ";subtree"

Possible arguments:
";base"
";onelevel"
";subtree"

3.
The Func _AD_FQDNToSamAccountName can't handle OrganizationalUnits with a slash in the name (for example: "Accounts/Controlling").
This is a known Active Directory bug so I declared wrong given slashs "/" from AD as special character "\/" (normaly it's job of Active Directory for example the special character: comma).

Func _AD_FQDNToDisplayname($sAD_FQDN)

                ;AD BUG: Declare wrong given slashs "/" from AD as special character "\/"
                $sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/")

                Local $oAD_Item = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_FQDN)
                If IsObj($oAD_Item) Then
                               Local $sAD_Name = $oAD_Item.name
                               $sAD_Name = StringTrimLeft($sAD_Name, 3)
                               $sAD_Name = StringReplace($sAD_Name, "\,", ",")
                               Return $sAD_Name
                Else
                               Return SetError(1, 0, "")
                EndIf

EndFunc   ;==>_AD_FQDNToDisplayname

greetings

Edited by Joe2010, 17 March 2010 - 12:50 PM.

[jazzyjeff]

Water,

I am using your AD.au3 UDF hoping it'd solve my problems, but unfortunately I cannot get it to work at all. I am trying to use the _AD_IsMemberOf function, but I keep receiving this error when I try to compile the script.
>"C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe" /run /prod /ErrorStdOut /in "C:\Users\carrollje\Desktop\MasterLog Test1.au3" /autoit3dir "C:\Program Files\AutoIt3" /UserParams
+>16:01:10 Starting AutoIt3Wrapper v.2.0.1.24 Environment(Language:0409 Keyboard:00000409 OS:WIN_7/ CPU:X64 OS:X86)
>Running AU3Check (1.54.19.0) from:C:\Program Files\AutoIt3
+>16:01:11 AU3Check ended.rc:0
>Running:(3.3.2.0):C:\Program Files\AutoIt3\autoit3.exe "C:\Users\carrollje\Desktop\MasterLog Test1.au3"
C:\Program Files\AutoIt3\Include\AD.au3 (482) : ==> Variable must be of type "Object".:
Local $oAD_RecordSet = $oAD_Connection.Execute($sAD_Query)
Local $oAD_RecordSet = $oAD_Connection^ ERROR
->16:01:11 AutoIT3.exe ended.rc:1
>Exit code: 1 Time: 2.251

The script I am running is this, and it is supposed to exporta users login details into a specific CSV file depending on their security group membership.

AutoIt        expandcollapse  popup

#include <WindowsConstants.au3>
#include <AD.au3>

$TITLE = ("Username, Computer Name, IP Address, Time, Date")
$Login = (@UserName & "," & @ComputerName & "," & @IPAddress1 & "," & @HOUR & ":" & @MIN & ":" & @SEC & "," & @MON & "/" & @MDAY & "/" & @YEAR)
$DA = True ;==> Domain Admins
$T = True ;==> Teachers
$S = True ;==> Students
$O = True ;==> Office
$CSHT = True ; ==> CSH Teachers
$CSHS = True ;==> CSH Students
$CSHO = True ;==> CSH Office
$EMST = True ; ==> EMS Teachers
$EMSS = True ;==> EMS Students
$EMSO = True ;==> EMS Office
$TCHST = True ; ==> TCHS Teachers
$TCHSS = True ;==> TCHS Students
$TCHSO = True ;==> TCHS Office
$WMST = True ; ==> WMS Teachers
$WMSS = True ;==> WMS Students
$WMSO = True ;==> WMS Office
$WSHT = True ;==> WSH Teachers
$WSHS = True ;==> WSH Students
$WSHO = True ;==> WSH Office

;==> These functions will do the part of adding a record to the log in the CSV file.
;==> The records are added to the particular log depending on the security group.
;==> Each function is named by the security group.

Func DomainAdmins()
    If FileReadLine("\\app2\logs$\Domain Admins Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\Domain Admins Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\Domain Admins Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\Domain Admins Log.csv", $Login)
    EndIf
EndFunc   ;==>DomainAdmins

Func Teachers()
    If FileReadLine("\\app2\logs$\WSH - Teachers Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\WSH - Teachers Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\WSH - Teachers Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\WSH - Teachers Log.csv", $Login)
    EndIf
EndFunc   ;==>Teachers

Func Students()
    If FileReadLine("\\app2\logs$\WSH - Students Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\WSH - Students Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\WSH - Students Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\WSH - Students Log.csv", $Login)
    EndIf
EndFunc   ;==>Students

Func Office()
    If FileReadLine("\\app2\logs$\WSH - Office Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\WSH - Office Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\WSH - Office Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\WSH - Office Log.csv", $Login)
    EndIf
EndFunc   ;==>Office

Func CSH_Teachers()
    If FileReadLine("\\app2\logs$\CSH - Teachers Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\CSH - Teachers Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\CSH - Teachers Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\CSH - Teachers Log.csv", $Login)
    EndIf
EndFunc   ;==>CSH_Teachers

Func CSH_Students()
    If FileReadLine("\\app2\logs$\CSH - Students Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\CSH - Students Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\CSH - Students Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\CSH - Students Log.csv", $Login)
    EndIf
EndFunc   ;==>CSH_Students

Func CSH_Office()
    If FileReadLine("\\app2\logs$\CSH - Office Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\CSH - Office Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\CSH - Office Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\CSH - Office Log.csv", $Login)
    EndIf
EndFunc   ;==>CSH_Office

Func EMS_Teachers()
    If FileReadLine("\\app2\logs$\EMS - Teachers Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\EMS - Teachers Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\EMS - Teachers Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\EMS - Teachers Log.csv", $Login)
    EndIf
EndFunc   ;==>EMS_Teachers

Func EMS_Students()
    If FileReadLine("\\app2\logs$\EMS - Students Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\EMS - Students Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\EMS - Students Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\EMS - Students Log.csv", $Login)
    EndIf
EndFunc   ;==>EMS_Students

Func EMS_Office()
    If FileReadLine("\\app2\logs$\EMS - Office Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\EMS - Office Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\EMS - Office Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\EMS - Office Log.csv", $Login)
    EndIf
EndFunc   ;==>EMS_Office

Func TCHS_Teachers()
    If FileReadLine("\\app2\logs$\TCHS - Teachers Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\TCHS - Teachers Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\TCHS - Teachers Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\TCHS - Teachers Log.csv", $Login)
    EndIf
EndFunc   ;==>TCHS_Teachers

Func TCHS_Students()
    If FileReadLine("\\app2\logs$\TCHS - Students Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\TCHS - Students Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\TCHS - Students Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\TCHS - Students Log.csv", $Login)
    EndIf
EndFunc   ;==>TCHS_Students

Func TCHS_Office()
    If FileReadLine("\\app2\logs$\TCHS - Office Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\TCHS - Office Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\TCHS - Office Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\TCHS - Office Log.csv", $Login)
    EndIf
EndFunc   ;==>TCHS_Office

Func WMS_Teachers()
    If FileReadLine("\\app2\logs$\WMS - Teachers Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\WMS - Teachers Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\WMS - Teachers Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\WMS - Teachers Log.csv", $Login)
    EndIf
EndFunc   ;==>WMS_Teachers

Func WMS_Students()
    If FileReadLine("\\app2\logs$\WMS - Students Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\WMS - Students Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\WMS - Students Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\WMS - Students Log.csv", $Login)
    EndIf
EndFunc   ;==>WMS_Students

Func WMS_Office()
    If FileReadLine("\\app2\logs$\WMS - Office Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\WMS - Office Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\WMS - Office Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\WMS - Office Log.csv", $Login)
    EndIf
EndFunc   ;==>WMS_Office

Func WSH_Teachers()
    If FileReadLine("\\app2\logs$\WSH - Teachers Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\WSH - Teachers Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\WSH - Teachers Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\WSH - Teachers Log.csv", $Login)
    EndIf
EndFunc   ;==>WSH_Teachers

Func WSH_Students()
    If FileReadLine("\\app2\logs$\WSH - Students Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\WSH - Students Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\WSH - Students Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\WSH - Students Log.csv", $Login)
    EndIf
EndFunc   ;==>WSH_Students

Func WSH_Office()
    If FileReadLine("\\app2\logs$\WSH - Office Log.csv", 1) = $TITLE Then
        FileWriteLine("\\app2\logs$\WSH - Office Log.csv", $Login)
    Else
        FileWriteLine("\\app2\logs$\WSH - Office Log.csv", $TITLE)
        FileWriteLine("\\app2\logs$\WSH - Office Log.csv", $Login)
    EndIf
EndFunc   ;==>WSH_Office

;==>
Select
    Case $DA
If _AD_IsMemberOf("Domain Admins","") Then DomainAdmins()
    ContinueCase

    Case $T
If _AD_IsMemberOf("Teachers","") Then Teachers()
    ContinueCase

    Case $S
If _AD_IsMemberOf("Students","") Then Students()
    ContinueCase

    Case $O
If _AD_IsMemberOf("Office","") Then Office()
    ContinueCase

    Case $CSHT
If _AD_IsMemberOf("CSH_Teachers","") Then CSH_Teachers()
    ContinueCase

    Case $CSHS
If _AD_IsMemberOf("CSH_Students","") Then CSH_Students()
    ContinueCase

    Case $CSHO
If _AD_IsMemberOf("CSH_Office","") Then CSH_Office()
    ContinueCase

    Case $EMST
If _AD_IsMemberOf("EMS_Teachers","") Then EMS_Teachers()
    ContinueCase

    Case $EMSS
If _AD_IsMemberOf("EMS_Students","") Then EMS_Students()
    ContinueCase

    Case $EMSO
If _AD_IsMemberOf("EMS_Office","") Then EMS_Office()
    ContinueCase

    Case $TCHST
If _AD_IsMemberOf("TCHS_Teachers","") Then TCHS_Teachers()
    ContinueCase

    Case $TCHSS
If _AD_IsMemberOf("TCHS_Students","") Then TCHS_Students()
    ContinueCase

    Case $TCHSO
If _AD_IsMemberOf("TCHS_Office","") Then TCHS_Office()
    ContinueCase

    Case $WMST
If _AD_IsMemberOf("WMS_Teachers","") Then WMS_Teachers()
    ContinueCase

    Case $WMSS
If _AD_IsMemberOf("WMS_Students","") Then WMS_Students()
    ContinueCase

    Case $WMSO
If _AD_IsMemberOf("WMS_Office","") Then WMS_Office()
    ContinueCase

    Case $WSHT
If _AD_IsMemberOf("WSH_Teachers","") Then WSH_Teachers()
    ContinueCase

    Case $WSHS
If _AD_IsMemberOf("WSH_Students","") Then WSH_Students()
    ContinueCase

    Case $WSHO
If _AD_IsMemberOf("WSH_Office","") Then WSH_Office()
    ContinueCase
EndSelect

[Joe2010]

Hi jazzyjeff,

it's not a bug of AD.au3! -> "General Help and Support Thread"
Please use the _AD_Open/_AD_Close - Functions to get access to the Active Directory.

Have a look:

Case $DA
    _AD_Open()
    If _AD_IsMemberOf("domain admins") Then DomainAdmins()
    _AD_Close()

greetings

[Joe2010]

Hi Water,

please add the option "User must change password at next logon" to Func _AD_SetPassword.

Func _AD_SetPassword($sAD_User, $sAD_Password = "", $iChangePW = 0) ; changed by Joe2010

    If Not _AD_ObjectExists($sAD_User) Then Return SetError(1, 0, 0)
    If StringMid($sAD_User, 3, 1) <> "=" Then $sAD_User = _AD_SamAccountNameToFQDN($sAD_User) ; sAMACccountName provided
    Local $oAD_User = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_User)
    $oAD_User.SetPassword($sAD_Password)
    
    ; added by Joe2010
    $oAD_User.Put("pwdLastSet", $iChangePW) ; $iChangePW: (0 = User must change password at next logon / 1 = User must not change password at next logon)
    ;==> added by Joe2010
    
    $oAD_User.SetInfo()
    If @error <> 0 Then Return SetError(@error, 0, 0)
    Return 1

EndFunc   ;==>_AD_SetPassword

Edited by Joe2010, 19 March 2010 - 04:58 PM.

[Joe2010]

Sorry...the value for "user must not change password at next logon" is -1

Func _AD_SetPassword($sAD_User, $sAD_Password = "", $iChangePW = 0) ; changed by Joe2010

    If Not _AD_ObjectExists($sAD_User) Then Return SetError(1, 0, 0)
    If StringMid($sAD_User, 3, 1) <> "=" Then $sAD_User = _AD_SamAccountNameToFQDN($sAD_User) ; sAMACccountName provided
    Local $oAD_User = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_User)
    $oAD_User.SetPassword($sAD_Password)
    
    ; added by Joe2010
    $oAD_User.Put("pwdLastSet", $iChangePW) ; $iChangePW: (0 = User must change password at next logon / -1 = User must not change password at next logon)
    ;==> added by Joe2010
    
    $oAD_User.SetInfo()
    If @error <> 0 Then Return SetError(@error, 0, 0)
    Return 1

EndFunc   ;==>_AD_SetPassword

[ICANSEEYOU7687]

slightly random and maybe im just an idiot, but with the create user function, how can you create a user in AD to lets say... groups\division1\ so the OU is groups, which has another folder in it named division1, where you want the users placed?

thanks! and these scripts are great

[Prab]

Am I misunderstanding the return value from _AD_Open? I just downloaded 0.37 and wanted to make my script error out during _AD_Open. I use all five parameters, and the first 2 are populated from InputBox. The other 3 are static. I use my username and my correct password and it returns 1. I then use my username and an incorrect password and it still returns 1. Seems to me like it shouldn't be able to connect.

Any help is appreciated.

Sidenote, might be a good idea to add this (untested) to the top of _AD_Open to enforce adding all three of the last parameters

If $sAD_DNSDomainParam <> "" Then
  If $sAD_HostServerParam = "" OR $sAD_ConfigurationParam == "" Then Return SetError(SOME ERROR INFO)
EndIf

[water]

@Joe2010
Thanks a lot for testing. All problems will be fixed in version 0.38.

[water]

please add the option "User must change password at next logon" to Func _AD_SetPassword.

The function _AD_SetPasswordExpired already sets "pwdLastSet" to 0. I could extend the function to let you set it to -1.
What do you think? Does this make more sense?

[water]

how can you create a user in AD to lets say... groups\division1\ so the OU is groups, which has another folder in it named division1

You have to specify the OU in the form "OU=groups,OU=division1,DC=microsoft,DC=com"

[water]

Am I misunderstanding the return value from _AD_Open?

Yes and No
I tried to put as much error checking into _AD_Open as possible. Unfortunately a check for correct user credentials is not possible as this information is not returned at the time the conncection is opened. The function returns 1 even when you specifiy an incorrect password but will crash as soon as you call another _AD-function.
We already opened a ticket.

Error checking will be enhanced in version 0.38.

Edited by water, 28 March 2010 - 01:24 PM.

[Joe2010]

The function _AD_SetPasswordExpired already sets "pwdLastSet" to 0. I could extend the function to let you set it to -1.
What do you think? Does this make more sense?

Hi Water,

i can't find the function _AD_SetPasswordExpired. There is only _AD_DisablePasswordExpire in AD 0.37. I think an opposite function would be great.
But the "pwdLastSet" = 0 - param in the Func _AD_SetPassword makes a lot of sense. For example if an user forget his password and i set it to "1234", the user must promptly change his password at next logon.

[water]

I can't find the function _AD_SetPasswordExpired.

Your are right. It's still in the pipeline for version 0.38.
I'll think about it and hope to come up with a good solution.

[Joe2010]

Hi Water,

on the subject of >>can't handle OrganizationalUnits with a slash in the name (for example: "Accounts/Controlling")<<, I found some other affected functions.
Additionally I added the code lines below in case the bug would be fixed @Server2008 for example (it should be ).

Func _AD_FQDNToSamAccountName($sAD_FQDN)

    ; added by Joe2010
    ;AD BUG: In case the bug is fixed declare right given slashs "wrong"
    $sAD_FQDN = StringReplace($sAD_FQDN, "\/", "/")
    ;AD BUG: Declare wrong given slashs "/" from AD as special character "\/" (normaly it's job of Active Directory for example the special character: comma)
    $sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/")
    ; added by Joe2010

    Local $oAD_Object = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_FQDN)
    If $oAD_Object = 0 Then Return SetError(1, 0, "")
    Local $sAD_Result = $oAD_Object.sAMAccountName
    Return $sAD_Result

EndFunc   ;==>_AD_FQDNToSamAccountName

Func _AD_FQDNToDisplayname($sAD_FQDN)

    ; added by Joe2010
    ;AD BUG: In case the bug is fixed declare right given slashs "wrong"
    $sAD_FQDN = StringReplace($sAD_FQDN, "\/", "/")
    ;AD BUG: Declare wrong given slashs "/" from AD as special character "\/" (normaly it's job of Active Directory for example the special character: comma)
    $sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/")
    ; added by Joe2010

    Local $oAD_Item = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_FQDN)
    If IsObj($oAD_Item) Then
        Local $sAD_Name = $oAD_Item.name
        $sAD_Name = StringTrimLeft($sAD_Name, 3)
        $sAD_Name = StringReplace($sAD_Name, "\,", ",")
        Return $sAD_Name
    Else
        Return SetError(1, 0, "")
    EndIf

EndFunc   ;==>_AD_FQDNToDisplayname

AutoIt        expandcollapse  popup

Func _AD_GetPasswordInfo($sAD_Object = @UserName)

    If _AD_ObjectExists($sAD_Object) = 0 Then Return SetError(1, 0, "")

    ; changed by Joe2010
    If StringMid($sAD_Object, 3, 1) <> "=" Then
        $sAD_Object = _AD_SamAccountNameToFQDN($sAD_Object) ; sAMAccountName provided
    Else
        ; added by Joe2010
        ;AD BUG: In case the bug is fixed declare right given slashs "wrong"
        $sAD_Object = StringReplace($sAD_Object, "\/", "/")
        ;AD BUG: Declare wrong given slashs "/" from AD as special character "\/" (normaly it's job of Active Directory for example the special character: comma)
        $sAD_Object = StringReplace($sAD_Object, "/", "\/")
        ; added by Joe2010
    EndIf
    ; by Joe2010

    Local $sAD_PwdLastChanged
    Local $iAD_Error = 0
    Local $aAD_PwdInfo[10] = [9]
    Local $oAD_Object = ObjGet("LDAP://" & $sAD_DNSDomain)
    $aAD_PwdInfo[1] = Int(_AD_Int8ToSec($oAD_Object.Get("maxPwdAge"))) / 86400 ; Convert to Days
    $aAD_PwdInfo[2] = _AD_Int8ToSec($oAD_Object.Get("minPwdAge")) / 86400 ; Convert to Days
    $aAD_PwdInfo[3] = $oAD_Object.Get("pwdHistoryLength")
    $aAD_PwdInfo[4] = $oAD_Object.Get("minPwdLength")
    $aAD_PwdInfo[5] = _AD_Int8ToSec($oAD_Object.Get("lockoutDuration")) / 60 ; Convert to Minutes
    $aAD_PwdInfo[6] = $oAD_Object.Get("lockoutThreshold")
    $aAD_PwdInfo[7] = _AD_Int8ToSec($oAD_Object.Get("lockoutObservationWindow")) / 60 ; Convert to Minutes

    Local $oAD_User = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_Object)
    ; Is user account password set to expire
    Local $iAD_UAC = $oAD_User.userAccountControl
    If BitAND($iAD_UAC, $ADS_UF_DONT_EXPIRE_PASSWD) = $ADS_UF_DONT_EXPIRE_PASSWD Then
        $aAD_PwdInfo[9] = "Password does not expire"
        $iAD_Error = 2
    Else
        ; Has user account password been changed before
        $sAD_PwdLastChanged = $oAD_User.PasswordLastChanged
        If $iAD_COMError = 3 Then
            $aAD_PwdInfo[8] = "Password has never been set"
            $iAD_Error = 3
        Else
            $aAD_PwdInfo[8] = StringLeft($sAD_PwdLastChanged, 4) & "/" & StringMid($sAD_PwdLastChanged, 5, 2) & "/" & StringMid($sAD_PwdLastChanged, 7, 2) & _
                    " " & StringMid($sAD_PwdLastChanged, 9, 2) & ":" & StringMid($sAD_PwdLastChanged, 11, 2) & ":" & StringMid($sAD_PwdLastChanged, 13, 2)
            $aAD_PwdInfo[9] = _DateAdd("d", $aAD_PwdInfo[1], $aAD_PwdInfo[8])
        EndIf
    EndIf
    Return SetError($iAD_Error, 0, $aAD_PwdInfo)

EndFunc   ;==>_AD_GetPasswordInfo

Greetings and
thanks a lot for your nice work!

[water]

on the subject of >>can't handle OrganizationalUnits with a slash in the name (for example: "Accounts/Controlling")<<, I found some other affected functions.

Thanks a lot for the info.
I will incorporate the changes in the next version. The original UDF by John Clelland already has a function _AD_FixSpecialChars to insert or remove special characters. So I will use this in version 0.38.

BTW: Do you think your code will work? I didn't test it but I think it will change "\/" to "/" and in the next statement back to "\/" again.

; added by Joe2010
;AD BUG: In case the bug is fixed declare right given slashs "wrong"
$sAD_FQDN = StringReplace($sAD_FQDN, "\/", "/")
;AD BUG: Declare wrong given slashs "/" from AD as special character "\/"
$sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/")
; added by Joe2010

Edited by water, 29 March 2010 - 11:38 AM.