Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Active Directory UDF - Help & Support


  • This topic is locked This topic is locked
781 replies to this topic

#261 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 13 July 2011 - 03:26 PM

For documentation purpose:
To use the AD UDF with Windows PE a guy who asked on the german forum had to do the following:

I had to add the following to the WIN-PE.WIM:

1. Dism.exe /image:c:\winpe_x86\mount /add-driver /driver:.\ADSI_X86\ADSIx86.inf /forceunsigned
2. Dism /image:C:\winpe_x86\mount /Add-Package /PackagePath:.\PETools\x86\WinPE_FPs\winpe-hta.cab
Dism /image:C:\winpe_x86\mount /Add-Package /PackagePath:.\PETools\x86\WinPE_FPs\winpe-mdac.cab


Some more details can be found here.

HTH
Water
UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki







#262 gcue

gcue

    just a wannabe

  • Active Members
  • PipPipPipPipPipPip
  • 1,902 posts

Posted 14 July 2011 - 05:24 PM

does _AD_IsMemberOf support checking for nested sub groups?

if not, is there a way you can recommend doing it?

thanks for such a great UDF and all the work you've put into this.

Edited by gcue, 14 July 2011 - 05:24 PM.


#263 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 14 July 2011 - 05:48 PM

No.
_AD_IsMemberOf "Returns 1 if the object (user, group, computer) is an immediate member of the group."
But you can recursively query the groups the user is a member of using _AD_RecursiveGetMemberOf and check if the group in question is contained in the result.
UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

#264 gcue

gcue

    just a wannabe

  • Active Members
  • PipPipPipPipPipPip
  • 1,902 posts

Posted 14 July 2011 - 06:11 PM

i used your example

; Open Connection to the Active Directory _AD_Open() ; Returns a recursively searched list of groups the currently logged on user is a member of Global $aUser = _AD_RecursiveGetMemberOf(@UserName, 10, 1) If @error > 0 Then     MsgBox(64, "Active Directory Functions - Example 1", "User '" & @UserName & "' has not been assigned to any group") Else     ; For groups that are inherited, the return is the FQDN of the group or user, and the FQDN(s) of the group(s) it     ; was inherited from, seperated by '|'     _ArrayDisplay($aUser, "Active Directory Functions - Example 1 - Group names user '" & @UserName & "' is a member of") EndIf ; Close Connection to the Active Directory _AD_Close()

and after some time i am getting this error, any ideas?

U:\scripts\#Tech#\Dashboard\AD.au3 (1005) : ==> Recursion level has been exceeded - AutoIt will quit to prevent stack overflow.:
If _AD_ObjectExists($sAD_Object) = 0 Then Return SetError(1, 0, "")


Edited by gcue, 14 July 2011 - 06:13 PM.


#265 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 14 July 2011 - 06:31 PM

What version of the UDF do you use? Line 1005 is in the middle of a comments block in the most current version 1.0.0.
UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

#266 gcue

gcue

    just a wannabe

  • Active Members
  • PipPipPipPipPipPip
  • 1,902 posts

Posted 14 July 2011 - 06:34 PM

sorry i just updated it. still getting the same error

U:\scripts\#Tech#\Dashboard\AD.au3 (1054) : ==> Recursion level has been exceeded - AutoIt will quit to prevent stack overflow.:
If _AD_ObjectExists($sAD_Object) = 0 Then Return SetError(1, 0, "")


Edited by gcue, 14 July 2011 - 06:35 PM.


#267 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 14 July 2011 - 06:45 PM

There might be a loop in your group membership definitions. Let's say group A is a member of group B which is a member of group A. The loop is closed and function _AD_RecursiveGetMemberOf loops and loops and loops because it doesn't correctly check the nesting level (default = 10).
As a quick and dirty solution could you please insert the following line as the first statement in function_AD_RecursiveGetMemberOf and post the results?
Local $aAD_Nested[1] = [0] If $iAD_Depth = 0 then return $aAD_Nested

UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

#268 gcue

gcue

    just a wannabe

  • Active Members
  • PipPipPipPipPipPip
  • 1,902 posts

Posted 14 July 2011 - 06:48 PM

that worked! =)

thanks for the quick solution.

Edited by gcue, 14 July 2011 - 06:48 PM.


#269 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 14 July 2011 - 07:07 PM

I will check the solution and update the UDF to remove the bug.
UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

#270 gcue

gcue

    just a wannabe

  • Active Members
  • PipPipPipPipPipPip
  • 1,902 posts

Posted 14 July 2011 - 07:14 PM

cool thanks again.

#271 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 17 July 2011 - 01:31 PM

Added a new script to the Example Script thread. Lets you display the OUs in your AD as a TreeView.

Edited by water, 18 July 2011 - 06:50 AM.

UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

#272 gr1fter

gr1fter

    Wayfarer

  • Active Members
  • Pip
  • 57 posts

Posted 19 July 2011 - 03:00 PM

Hello,
What I am looking to do is query all the SubOus of a container. Is _AD_GetObjectsInOU the function im looking for? Most of the examples I see are for user info, I only want to get organizationalUnit list of SubOUs on a given container. Can someone help me out in the right direction?

Thanks,



EDIT: I apologize, I did not see _AD_GetAllOUs. I was able to get what I needed. Thanks,

Edited by gr1fter, 19 July 2011 - 03:08 PM.


#273 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 19 July 2011 - 04:53 PM

I just added a new example script in the Active Directy Example Scripts thread (for download please see my signature).
This lets you display the OU hierarchy in a TreeView.
UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

#274 gr1fter

gr1fter

    Wayfarer

  • Active Members
  • Pip
  • 57 posts

Posted 19 July 2011 - 07:17 PM

water or anyone

is it possible to exclude the root directory from the _AD_GetAllOUs array?


example script:

[__CODE_PROTECTED]PGJyIC8+CjxiciAvPgo7IE9wZW4gQ29ubmVjdGlvbiB0byB0aGUgQWN0aXZlIERpcmVjdG9yeTxiciAvPgpfQURfT3BlbigpPGJyIC8+CjxiciAvPgpHbG9iYWwgJiMwMzY7c3VPVT0gJnF1b3Q7b3U9Y29tcHV0ZXJzLG91PWRlc3NlcnQsZGM9ZWFzdCxkYz1taWNyb3NvZnQsZGM9Y29tJnF1b3Q7PGJyIC8+Ckdsb2JhbCAmIzAzNjtpSW5kZXg8YnIgLz4KR2xvYmFsICYjMDM2O2FkT1UgPSBfQURfR2V0QWxsT1VzKCYjMDM2O3N1T1UpPGJyIC8+CklmIEBlcnJvciAmZ3Q7IDAgVGhlbjxiciAvPgoJTXNnQm94KDY0LCAmcXVvdDtBY3RpdmUgRGlyZWN0b3J5IEZ1bmN0aW9ucyAtIEV4YW1wbGUgMSZxdW90OywgJnF1b3Q7Tm8gT1VzIGNvdWxkIGJlIGZvdW5kJnF1b3Q7KTxiciAvPgpFbHNlPGJyIC8+CjxiciAvPgoJRm9yICYjMDM2O2lJbmRleCA9IDEgVG8gJiMwMzY7YWRPVVswXVswXTxiciAvPgoJCSYjMDM2O3NPVSA9ICYjMDM2O2FkT1VbJiMwMzY7aUluZGV4XVsxXTxiciAvPgoJCSYjMDM2O3N0cnZhbCA9IFN0cmluZ1JlZ0V4cCgmIzAzNjtzT1UsICZxdW90Oyg/VSkoPzpPVT0pKC4rKSg/OiwpJnF1b3Q7LCAzKTxiciAvPgoJCSYjMDM2O3N1Ym91ID0gJiMwMzY7c3RydmFsWzJdICZhbXA7ICZxdW90OyYjMDkyOyZxdW90OyAmYW1wOyAmIzAzNjtzdHJ2YWxbMV0gJmFtcDsgJnF1b3Q7JiMwOTI7JnF1b3Q7ICZhbXA7ICYjMDM2O3N0cnZhbFswXTxiciAvPgoJCU1zZ0JveCAoNDgsJnF1b3Q7JnF1b3Q7LCYjMDM2O3N1Ym91KTxiciAvPgoJTmV4dDxiciAvPgo8YnIgLz4KRW5kSWY8YnIgLz4KPGJyIC8+CjsgQ2xvc2UgQ29ubmVjdGlvbiB0byB0aGUgQWN0aXZlIERpcmVjdG9yeTxiciAvPgpfQURfQ2xvc2UoKXM=[/__CODE_PROTECTED]



If i cycle through the message boxes, i dont want the first one to be shown which is the root. Thanks,

#275 BlackHoleSun

BlackHoleSun

    Wayfarer

  • Active Members
  • Pip
  • 67 posts

Posted 19 July 2011 - 08:30 PM

How to check a sub-domain for the computer info?

The way the domain I'm on is setup, the user accounts are on the main level domain (sub.domain.com) and the computers are in a sub-domain of that (sub2.sub.domain.com). When I run _AD_GetObjectProperties(), I get the user account info fine, but the computer gives an error of 1, and doesn't return anything. Any ideas on how to switch to the sub-domain? I've tried the FQDN of "computer$.sub2.sub.domain.com" already.

#276 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 19 July 2011 - 08:37 PM

If you specify the computername as SamAccountName you have to append a dollar sign.
$aProperties = _AD_GetObjectProperties(@Computername & "$", "..properties...")

Edited by water, 19 July 2011 - 08:37 PM.

UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

#277 BlackHoleSun

BlackHoleSun

    Wayfarer

  • Active Members
  • Pip
  • 67 posts

Posted 20 July 2011 - 01:06 AM

If you specify the computername as SamAccountName you have to append a dollar sign.

$aProperties = _AD_GetObjectProperties(@Computername & "$", "..properties...")

I was doing it with the dollar sign, and didn't have any luck.

#278 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 20 July 2011 - 06:09 AM

The Active Directory can only connect to one domain at a time.
So if your computers are in a different domain you can either:

  • Close the connection to domain sub.domain.com using _AD_Close() and then connect to domain sub2.sub.domain.comspecifying the necessary parameters for _AD_Open
  • Connect to the global catalog (GC). So you can query all properties that are replicated to the global catalog. The GC is read-only.
BTW:

I've tried the FQDN of "computer$.sub2.sub.domain.com" already.

This is not a valid FQDN.
Run the _AD_GetObjectProperties.au3 example script and see what you get in example 3 - properties for your computer. distinguishedName the FQDN of your computer.

Can you please post the code you use to query the computer properties?
UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

#279 water

water

    ?

  • MVPs
  • 15,452 posts

Posted 20 July 2011 - 06:16 AM

@gr1fter
Your example crashes here with error:

H:\tools\AutoIt3\AD\AD_Test.au3 (17) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$subou = $strval[2] & "\" & $strval[1] & "\" & $strval[0]
$subou = ^ ERROR

Can you post an example how the desired result should look like?
UDFs:
Active Directory (NEW 2014-07-21 - Version 1.4.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2014-07-27 - Version 1.0.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2013-01-21 - Version 0.3.1.1) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

#280 BlackHoleSun

BlackHoleSun

    Wayfarer

  • Active Members
  • Pip
  • 67 posts

Posted 20 July 2011 - 03:26 PM

The Active Directory can only connect to one domain at a time.
So if your computers are in a different domain you can either:

  • Close the connection to domain sub.domain.com using _AD_Close() and then connect to domain sub2.sub.domain.comspecifying the necessary parameters for _AD_Open
  • Connect to the global catalog (GC). So you can query all properties that are replicated to the global catalog. The GC is read-only.
BTW:
This is not a valid FQDN.
Run the _AD_GetObjectProperties.au3 example script and see what you get in example 3 - properties for your computer. distinguishedName the FQDN of your computer.

Can you please post the code you use to query the computer properties?

After some tweaking, I got it to work now. Below is my code, but why I wanted to do this, is I was looking at grabbing the description. For my test computer the description is 5th in the array, but it might not always be that way, so how can I have the message box show only the description field, instead of hard-coding 5 in it? I tried putting "description" in it, but it errors out. Any way to do that with out loops looking at what each value is?
Func _GetAD($stComp)     _AD_Open()     $SConfiguration = $sAD_Configuration     _AD_Close()     $SDNSDomain = "DC=sub2,DC=sub1,DC=domain,DC=com"     $SHostServer = "server.sub2.sub1.domain.com"     _AD_Open("", "", $SDNSDomain, $SHostServer, $SConfiguration)     ConsoleWrite("Starting with the computer: '" & $stComp & "$" & "'" & @CRLF)     $aProperties = _AD_GetObjectProperties($stComp & "$")     If @error = 0 Then         ConsoleWrite("Diplaying array" & @CRLF)         _ArrayDisplay($aProperties, $stComp)         MsgBox(0, "Description", $aProperties[5][2])     Else         ConsoleWrite("Error code: " & @error & @CRLF & "Extended: " & @extended & @CRLF)     EndIf     ConsoleWrite("Finished" & @CRLF)         _AD_Close() EndFunc   ;==> _GetAD





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users