Jump to content

AD - Active Directory UDF

   (2 reviews)

1 Screenshot

About This File

Extensive library to control and manipulate Microsoft Active Directory.

Threads: Development - General Help & Support - Example Scripts - Wiki

Previous downloads: 30467


Known Bugs: (last changed: 2018-06-01)

  • None


Things to come: (last changed: 2018-06-01)

  • None

BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort :)

What's New in Version



  • UDF WinAPIConv.au3 is now included. Is needed for AutoIt >= as some WinAPI functions have moved to this UDF


  • _AD_GetObjectProperties: Correctly calculates property MSDS-UserPasswordExpiryTimeComputed


  • _AD_GetObjectProperties: Now handles up to 10000 properties. 1000 wasn't enough ;)
  • _AD_GetPasswordInfo: Returns the calculated password expiration date/time. Identical with element 9 of this array.
    Returns a value even when fine grained password policy is in use; which means that most of the other elements of this array are blank or 0.


  • _AD_DeleteSubTree: Deletes the specified object including all child objects of this object.
    Be careful when using this function - use in test environment to verify it works as expected!!


  • Fixed some documentation bugs
  • Enhanced documentation
  • Like 40

User Feedback

You may only provide a review once you have downloaded the file.


   2 of 2 members found this review helpful 2 / 2 members

Extremely useful for Sys admins or even just an engineer to manipulate AD data or Data Collections.

Tests are simple and code is simple to read and modify. If you work with anyone who doesn't know much about AD building a GUI with this UDF is very helpful.

Great Job @water

  • Like 2

Share this review

Link to review

   1 of 1 member found this review helpful 1 / 1 member

This is one of my three top used UDFs at the office, and has GREATLY simplified data gathering for some very complex reports, as well as automating several tasks.  I have even been able to free up one admin completely from our annual security audit process (for which he is also very grateful) thanks to the use of your UDF!

  • Like 1

Share this review

Link to review
  • Similar Content

    • Trinnon
      By Trinnon
      I have a question about the @error logging features in _AD_CreateUser.  Hopefully I am just missing something obvious.
      In my app I am creating a user if it does not exist then manipulating some attributes. 
      If the user does exist I would then call another function to remove groups from the user and modify some attributes.
      My question is...
      If the user already Exists, the _AD_CreateUser option gives $iValue = 0 and @error = 0.
      How can @error = 1 for the condition that the user already exists?
      I copied a small ship of the code in question along with my full .au3. 
      I am using AD UDF (Water, thanks for the awesome work on this!!!).
      $iValue = _AD_CreateUser ($sOU, $sUser, $sCN)
      If $iValue = 1 Then
            _FileWriteLog ($Log, "Func UserCheck() - User '" & $sUser & "' successfully created ==> Calling UserAttribsNewUser Function.")
            Call ("NewUser")
      ElseIf @error = 1 Then
            _FileWriteLog ($Log, $sUser & " already exists ==> Calling UserAttribsExistingUser Function.")
            Call ("ExistingUser")
    • water
      By water
      ADAT is a tool to simplify common AD administration tasks. Every administration task has its own tab. It is easy to add new functions (tabs) to the tool. Some often used functions are already available: list users, computers, OUs. File ADAT.ini can be customized to hold the AD logon information if necessary.
      Known Bugs:
      2018-03-07: If the Script started from SciTE works but the "Process" button in the compiled exe does not do anything then please add the following line at the top of your script:
        BTW: If you like this tool please click the "I like this" button. This tells me where to next put my development effort
    • bouzzi
      By bouzzi
      Hi guys,
      I'm trying to make a script that could tell me, from a username list file,  if the username is active, inactive or not existant  in a multi-domain Active Directory....
      I found a few scripts giving me hints but I found nothing to help me to accomplish this task...
      Do you have any ideas !
    • water
      By water
      On one/multiple big sheet(s) you get users (columns) and groups (rows). The list is sorted descending by number of members so you get the users with most groups and the groups with most members on top of the page. You can filter by (multiple) samaccountname(s), department or you can create your own LDAP query filter. You can filter the resulting list of groups using a Regular Expression.
      Version 2.0 uses maps so at the moment it requires the latest beta version of AutoIt!
      BTW: If you like this tool please click the "I like this" button. This tells me where to next put my development effort
    • squirrelc0de
      By squirrelc0de
      Hi there, 

      I have a question about persistent drives and AD. 
      I am playing around with a script but I'm missing something. What i want to do is if a user is part of an OU, it will map a network drive and be persistent. However if a user is moved out of that OU, they will need to have the persistent drive removed. 

      I'm using the ad plugin script, and i can map the drives if a user is in a specific ou, but i cannot seem to delete the drive if the user is out of the OU. 

      Here's an example of code I'm using: 

      #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Compression=4 #AutoIt3Wrapper_Res_Fileversion=1.0.0 #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #include <AD\AD.au3> func MapDrives() _AD_Open() if _AD_RecursiveIsMemberOf(OU) Then Mapdrive1() Elseif _AD_RecursiveIsMemberOf(different ou) drivemapdel EndIf _AD_Close() EndFunc Func MapDrive1() Drivemapdel ("Z:") DriveMapAdd ("Z:"."\\server\share",$DMA_PERSISTENT,0) EndFunc