redfive19 Posted March 29, 2007 Share Posted March 29, 2007 hi all, I've searched the forums for something like this. I came across ADFunctions.au3 but I am unsure this is exactly what I need (and I am also getting an error on line 78 of ADFunctions.au3). I basically want to find out what (group/ou?) attributes are assigned to the current computer object. For instance, I want to be able to run a script on the local machine, have it query that machine's AD group membership, create a new computer object and copy those attributes over to the new computer object. First and foremost, I just want to be able to DISPLAY (echo) the group membership just so I am sure it's correct. I found some VB Code that's supposed to do just this but I can't make heads or tails of it: Set objCompt = _ GetObject("LDAP://cn=Computers,dc=NA,dc=fabrikam,dc=com") Set objComptCopy = objCompt.Create("computer", "cn=SEA-SQL-01") objComptCopy.Put "sAMAccountName", "sea-sql-01" objComptCopy.SetInfo Set objComptTemplate = GetObject _ ("LDAP://cn=SEA-PM-01,cn=Computers,dc=NA,dc=fabrikam,dc=com") arrAttributes = Array("description", "location") For Each strAttrib in arrAttributes strValue = objComptTemplate.Get(strAttrib) objComptCopy.Put strAttrib, strValue Next objComptCopy.SetInfo I know I can import it into AutoIt via a variety of ways but can someone please enlighten me as to what it's actually doing and how I can query AD first to make this happen? Thanks ahead of time for all of your help!!!! -redfive Link to comment Share on other sites More sharing options...
lod3n Posted March 29, 2007 Share Posted March 29, 2007 What are you trying to do? Just wondering. [font="Fixedsys"][list][*]All of my AutoIt Example Scripts[*]http://saneasylum.com[/list][/font] Link to comment Share on other sites More sharing options...
redfive19 Posted March 29, 2007 Author Share Posted March 29, 2007 I'm trying to duplicate group membership for new PC's. So if a user has Windows 2000 now and that computer is part of the SALES OU, I want to make sure that the new COMPUTER (running windows XP) will be added to the domain with the same exact group membership (new PC name). Link to comment Share on other sites More sharing options...
EndFunc Posted March 29, 2007 Share Posted March 29, 2007 (edited) Make sure you have the current ADFunctions UDF.http://www.autoitscript.com/forum/index.ph...st&p=294788Then use _ADGetObjectAttribute() and maybe try _ADGetGroupMembers()Read the UDF for syntax and examples.I'm trying to duplicate group membership for new PC's. So if a user has Windows 2000 now and that computer is part of the SALES OU, I want to make sure that the new COMPUTER (running windows XP) will be added to the domain with the same exact group membership (new PC name).That shoudn't be diffictult to do using the adfunctions UDF. Edited March 29, 2007 by EndFunc EndFuncAutoIt is the shiznit. I love it. Link to comment Share on other sites More sharing options...
ptrex Posted March 30, 2007 Share Posted March 30, 2007 @redfive19 This the translation, but according to me this code doen not get the attribs. But writes it ?! #include <array.au3> $objCompt = ObjGet("LDAP://cn=Computers,dc=NA,dc=fabrikam,dc=com") $objComptCopy = $objCompt.Create("computer", "cn=compaq_7010_01") $objComptCopy.Put ("sAMAccountName", "sea-sql-01") $objComptCopy.SetInfo() $objComptTemplate = ObjGet ("LDAP://cn=SEA-PM-01,cn=Computers,dc=NA,dc=fabrikam,dc=com") $arrAttributes = _ArrayCreate("description", "location") For $strAttrib in $arrAttributes $strValue = $objComptTemplate.Get($strAttrib) $objComptCopy.Put ($strAttrib, $strValue) Next $objComptCopy.SetInfo() Enjoy ptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New Link to comment Share on other sites More sharing options...
VeeDub Posted March 31, 2007 Share Posted March 31, 2007 Hi, I've just been looking at aufunctions.au3 and would appreciate if someone can clarify how the authentication to AD via LDAP works. It seems to me that no "logon credentials" are provided, if you like, an anonymous connection is made. Am I right about that? I would be surprised if an anonymous connection would be permitted to perform any (or at least any significant) update or query for that matter, but where is the logon / authentication statements? VW Link to comment Share on other sites More sharing options...
redfive19 Posted April 2, 2007 Author Share Posted April 2, 2007 Thank you guys for all of your help. I'm going to try this out and repost. Link to comment Share on other sites More sharing options...
EndFunc Posted April 2, 2007 Share Posted April 2, 2007 Hi,I've just been looking at aufunctions.au3 and would appreciate if someone can clarify how the authentication to AD via LDAP works.It seems to me that no "logon credentials" are provided, if you like, an anonymous connection is made. Am I right about that?I would be surprised if an anonymous connection would be permitted to perform any (or at least any significant) update or query for that matter, but where is the logon / authentication statements?VWYou're right and I asked this question along time ago, but never got an answer. Some of these functions will work with out authentication but usually to modify or create something you need authentication. So right now to me it's only usually for tasks that I have access to. But if running from another computer there seems to be no way to authenticate without logging in as yourself. I would sure like that added myself. EndFuncAutoIt is the shiznit. I love it. Link to comment Share on other sites More sharing options...
redfive19 Posted April 5, 2007 Author Share Posted April 5, 2007 Couldn't you just do a RunAsSet? Link to comment Share on other sites More sharing options...
Developers Jos Posted April 5, 2007 Developers Share Posted April 5, 2007 Hi,I've just been looking at aufunctions.au3 and would appreciate if someone can clarify how the authentication to AD via LDAP works.It seems to me that no "logon credentials" are provided, if you like, an anonymous connection is made. Am I right about that?I would be surprised if an anonymous connection would be permitted to perform any (or at least any significant) update or query for that matter, but where is the logon / authentication statements?VWYou're right and I asked this question along time ago, but never got an answer. Some of these functions will work with out authentication but usually to modify or create something you need authentication. So right now to me it's only usually for tasks that I have access to. But if running from another computer there seems to be no way to authenticate without logging in as yourself. I would sure like that added myself.Not sure I understand this question but am pretty sure that the credentials of the useraccount running the script are used. When this is not an AD account it will try to access by means of the guest account but most installations disable the Guest account for security reasons ... SciTE4AutoIt3 Full installer Download page  - Beta files    Read before posting   How to post scriptsource   Forum etiquette Forum Rules  Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
redfive19 Posted April 5, 2007 Author Share Posted April 5, 2007 Yeah you know it's weird, I'm going to need to run this from a PE environment so I will not be logged on an account that will have domain admin rights. EndFunc's previous post mentioned that he tried the RunAsSet to no avail. Does anyone know if you can login to an account that has rights to run the entire script? Link to comment Share on other sites More sharing options...
Developers Jos Posted April 5, 2007 Developers Share Posted April 5, 2007 Yeah you know it's weird, I'm going to need to run this from a PE environment so I will not be logged on an account that will have domain admin rights. EndFunc's previous post mentioned that he tried the RunAsSet to no avail. Does anyone know if you can login to an account that has rights to run the entire script?How was that tried ? Restart the script with Admin credential using RunAsSet() And Run() ? SciTE4AutoIt3 Full installer Download page  - Beta files    Read before posting   How to post scriptsource   Forum etiquette Forum Rules  Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
redfive19 Posted April 5, 2007 Author Share Posted April 5, 2007 I'm unsure. I hope EndFunc can shed some light on how he ran it. I'm still waiting for QA domain access to test it in my script. Link to comment Share on other sites More sharing options...
VeeDub Posted April 6, 2007 Share Posted April 6, 2007 You're right and I asked this question along time ago, but never got an answer. Some of these functions will work with out authentication but usually to modify or create something you need authentication. So right now to me it's only usually for tasks that I have access to. But if running from another computer there seems to be no way to authenticate without logging in as yourself. I would sure like that added myself.This may help http://www.autoitscript.com/forum/index.ph...st&p=314230If not I need to do some work with AD and I'll need to authenticate, but I have other tasks that I need to complete before hand, so I may not get to look at this for a while yet.Certainly with authentication in a "work" environment aufunctions.au3 offers many possibilities to automate tasks but unfortunately without authentication it's use is somewhat more limited.VW Link to comment Share on other sites More sharing options...
redfive19 Posted April 13, 2007 Author Share Posted April 13, 2007 Okay I've made some progress on this....I'm still trying to figure out how to remove a group from a computer object. Here's my code: $legcompname='CN=TESTBOX1,OU=Computers,OU=Corporate,OU=HomeOffice,DC=test,DC=test,DC=com' IniWrite('c:\distribution\exe\legsysinfo.ini', 'GROUPS', 'OUPATH', $legcompname) $strComputerPath = "LDAP://" & $legcompname $objComputer = ObjGet($strComputerPath) $x=1 For $strGroup in $objComputer.MemberOf () $strGroupPath = "LDAP://" & $strGroup $objGroup = ObjGet($strGroupPath) IniWrite('c:\distribution\exe\legsysinfo.ini', 'GROUPS', 'OldGroupName' & $x, $objGroup.CN); Writes group name(s) to legsysinfo.ini in format GroupName1, GroupName2, GroupName3, etc. If IniRead('c:\distribution\exe\GroupINFO.ini', 'OLDGROUP', $objGroup.CN, '') = 'FALSE' Then IniWrite('c:\distribution\exe\legsysinfo.ini', 'GROUPS', 'OldGroupName' & $x & '_DEL', 'TRUE') IniWrite('c:\distribution\exe\legsysinfo.ini', 'GROUPS', 'NewGroupName' & $x, 'NA') ElseIf IniRead('c:\distribution\exe\GroupINFO.ini', 'OLDGROUP', $objGroup.CN, '') = 'TRUE' Then IniWrite('c:\distribution\exe\legsysinfo.ini', 'GROUPS', 'OldGroupName' & $x & '_DEL', 'FALSE') ElseIf IniRead('c:\distribution\exe\GroupINFO.ini', 'OLDGROUP', $objGroup.CN, '') = 'NEWGROUP' Then IniWrite('c:\distribution\exe\legsysinfo.ini', 'GROUPS', 'OldGroupName' & $x & '_DEL', 'TRUE') $newgroup = IniRead('c:\distribution\exe\GroupINFO.ini', 'NEWGROUP', 'NEWGROUP.' & $objGroup.CN, '') IniWrite('c:\distribution\exe\legsysinfo.ini', 'GROUPS', 'NewGroupName' & $x, $newgroup) EndIf $x = $x + 1 Next What I'm trying to do is, if an old group does not exist in the new domain structure, to remove that group from the computer object. Furthermore, if an old group is being replaced by a new group, to remove that group from the computer object and add the computer object to the group that it replaces. I'm logging all of this activity in a .INI file as you can see. Any help would be greatly appreciated! Thank you! Link to comment Share on other sites More sharing options...
redfive19 Posted April 16, 2007 Author Share Posted April 16, 2007 /bump Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now