Joe2010

Thanks! I see. The problem was my windows xp operating system. I have only Terminal Services rights on a windows server 2003 machine.

Hi, I'm trying to build a script that will create new users in our AD, includiung the creation of Home-Directory etc... The only thing is the Terminalserver Attributes Problem: http://gallery.technet.microsoft.com/ScriptCenter/en-us/9ecb867c-1856-444f-8345-004d1f35f753 When I try to use TerminalServicesProfilePath a DCOM failure 000000A9 will pop up. _AD_GetObjectsInOU($accountants,"dc=test,dc=local","(name=narf*)","2","TerminalServicesProfilePath") Is there a way to manipulate the TerminalServer Attributes with this UDF? Greetings Joe

Hi Water, please add this function (useful to reverse the settings from _AD_DisablePasswordExpire() after a certain time without changing the user password at next logon): Func _AD_EnablePasswordExpire($sAD_Object) If Not _AD_ObjectExists($sAD_Object) Then Return SetError(1, 0, 0) If StringMid($sAD_Object, 3, 1) <> "=" Then $sAD_Object = _AD_SamAccountNameToFQDN($sAD_Object) ; sAMAccountName provided Local $oAD_Object = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_Object) Local $iAD_UAC = $oAD_Object.Get("userAccountControl") $oAD_Object.Put("userAccountControl", BitAND($iAD_UAC, BitNOT($ADS_UF_DONT_EXPIRE_PASSWD))) $oAD_Object.SetInfo If @error <> 0 Then Return SetError(@error, 0, 0) Return 1 EndFunc ;==>_AD_EnablePasswordExpire

@Erlend #include <AD.au3> #include <Array.au3> ;Full Name: John Doe ;UserAccount: JD ;Password: 1234 ; Open Connection to the Active Directory _AD_Open("JD", "1234") If @error = 0 Then MsgBox(64, "Active Directory Functions", "We didn't receive a COM error - the logon was succcessful!") ;This comes everytime because @error is always 0. A COM error comes below in example 1. Else MsgBox(16, "Active Directory Functions", "The logon was not succcessful!" & @CRLF & @CRLF & "@error: " & @error & ", @extended: " & @extended) EndIf ; ***************************************************************************** ; Example 1 ; Get a list of all Domain Controllers in the Active Directory ; ***************************************************************************** Global $aDC $aDC = _AD_ListDomainControllers() _ArrayDisplay($aDC, "Active Directory Functions - Example 1 - All Domain Controllers, distinguished name, DNS host name, and the site name") ; ***************************************************************************** ; Example 2 ; Get a list of all Sites Names ; ***************************************************************************** Global $aSite _ArraySort($aDC, 0, 1, 0, 3) $aSite = _ArrayUnique($aDC, 4, 1) _ArrayDisplay($aSite, "Active Directory Functions - Example 2 - All Site Names") ; Close Connection to the Active Directory _AD_Close()

In the meanwhile I think it's absolutely enough to use the second code line: ;AD BUG: Declare wrong given slashs "/" from AD as special character "\/" $sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/")

Hi Water, on the subject of >>can't handle OrganizationalUnits with a slash in the name (for example: "Accounts/Controlling")<<, I found some other affected functions. Additionally I added the code lines below in case the bug would be fixed @Server2008 for example (it should be ). Func _AD_FQDNToSamAccountName($sAD_FQDN) ; added by Joe2010 ;AD BUG: In case the bug is fixed declare right given slashs "wrong" $sAD_FQDN = StringReplace($sAD_FQDN, "\/", "/") ;AD BUG: Declare wrong given slashs "/" from AD as special character "\/" (normaly it's job of Active Directory for example the special character: comma) $sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/") ; added by Joe2010 Local $oAD_Object = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_FQDN) If $oAD_Object = 0 Then Return SetError(1, 0, "") Local $sAD_Result = $oAD_Object.sAMAccountName Return $sAD_Result EndFunc ;==>_AD_FQDNToSamAccountName Func _AD_FQDNToDisplayname($sAD_FQDN) ; added by Joe2010 ;AD BUG: In case the bug is fixed declare right given slashs "wrong" $sAD_FQDN = StringReplace($sAD_FQDN, "\/", "/") ;AD BUG: Declare wrong given slashs "/" from AD as special character "\/" (normaly it's job of Active Directory for example the special character: comma) $sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/") ; added by Joe2010 Local $oAD_Item = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_FQDN) If IsObj($oAD_Item) Then Local $sAD_Name = $oAD_Item.name $sAD_Name = StringTrimLeft($sAD_Name, 3) $sAD_Name = StringReplace($sAD_Name, "\,", ",") Return $sAD_Name Else Return SetError(1, 0, "") EndIf EndFunc ;==>_AD_FQDNToDisplayname Func _AD_GetPasswordInfo($sAD_Object = @UserName) If _AD_ObjectExists($sAD_Object) = 0 Then Return SetError(1, 0, "") ; changed by Joe2010 If StringMid($sAD_Object, 3, 1) <> "=" Then $sAD_Object = _AD_SamAccountNameToFQDN($sAD_Object) ; sAMAccountName provided Else ; added by Joe2010 ;AD BUG: In case the bug is fixed declare right given slashs "wrong" $sAD_Object = StringReplace($sAD_Object, "\/", "/") ;AD BUG: Declare wrong given slashs "/" from AD as special character "\/" (normaly it's job of Active Directory for example the special character: comma) $sAD_Object = StringReplace($sAD_Object, "/", "\/") ; added by Joe2010 EndIf ; by Joe2010 Local $sAD_PwdLastChanged Local $iAD_Error = 0 Local $aAD_PwdInfo[10] = [9] Local $oAD_Object = ObjGet("LDAP://" & $sAD_DNSDomain) $aAD_PwdInfo[1] = Int(_AD_Int8ToSec($oAD_Object.Get("maxPwdAge"))) / 86400 ; Convert to Days $aAD_PwdInfo[2] = _AD_Int8ToSec($oAD_Object.Get("minPwdAge")) / 86400 ; Convert to Days $aAD_PwdInfo[3] = $oAD_Object.Get("pwdHistoryLength") $aAD_PwdInfo[4] = $oAD_Object.Get("minPwdLength") $aAD_PwdInfo[5] = _AD_Int8ToSec($oAD_Object.Get("lockoutDuration")) / 60 ; Convert to Minutes $aAD_PwdInfo[6] = $oAD_Object.Get("lockoutThreshold") $aAD_PwdInfo[7] = _AD_Int8ToSec($oAD_Object.Get("lockoutObservationWindow")) / 60 ; Convert to Minutes Local $oAD_User = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_Object) ; Is user account password set to expire Local $iAD_UAC = $oAD_User.userAccountControl If BitAND($iAD_UAC, $ADS_UF_DONT_EXPIRE_PASSWD) = $ADS_UF_DONT_EXPIRE_PASSWD Then $aAD_PwdInfo[9] = "Password does not expire" $iAD_Error = 2 Else ; Has user account password been changed before $sAD_PwdLastChanged = $oAD_User.PasswordLastChanged If $iAD_COMError = 3 Then $aAD_PwdInfo[8] = "Password has never been set" $iAD_Error = 3 Else $aAD_PwdInfo[8] = StringLeft($sAD_PwdLastChanged, 4) & "/" & StringMid($sAD_PwdLastChanged, 5, 2) & "/" & StringMid($sAD_PwdLastChanged, 7, 2) & _ " " & StringMid($sAD_PwdLastChanged, 9, 2) & ":" & StringMid($sAD_PwdLastChanged, 11, 2) & ":" & StringMid($sAD_PwdLastChanged, 13, 2) $aAD_PwdInfo[9] = _DateAdd("d", $aAD_PwdInfo[1], $aAD_PwdInfo[8]) EndIf EndIf Return SetError($iAD_Error, 0, $aAD_PwdInfo) EndFunc ;==>_AD_GetPasswordInfo Greetings and thanks a lot for your nice work!

Hi Water, i can't find the function _AD_SetPasswordExpired. There is only _AD_DisablePasswordExpire in AD 0.37. I think an opposite function would be great. But the "pwdLastSet" = 0 - param in the Func _AD_SetPassword makes a lot of sense. For example if an user forget his password and i set it to "1234", the user must promptly change his password at next logon.

Sorry...the value for "user must not change password at next logon" is -1 Func _AD_SetPassword($sAD_User, $sAD_Password = "", $iChangePW = 0) ; changed by Joe2010 If Not _AD_ObjectExists($sAD_User) Then Return SetError(1, 0, 0) If StringMid($sAD_User, 3, 1) <> "=" Then $sAD_User = _AD_SamAccountNameToFQDN($sAD_User) ; sAMACccountName provided Local $oAD_User = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_User) $oAD_User.SetPassword($sAD_Password) ; added by Joe2010 $oAD_User.Put("pwdLastSet", $iChangePW) ; $iChangePW: (0 = User must change password at next logon / -1 = User must not change password at next logon) ;==> added by Joe2010 $oAD_User.SetInfo() If @error <> 0 Then Return SetError(@error, 0, 0) Return 1 EndFunc ;==>_AD_SetPassword

Hi Water, please add the option "User must change password at next logon" to Func _AD_SetPassword. Func _AD_SetPassword($sAD_User, $sAD_Password = "", $iChangePW = 0) ; changed by Joe2010 If Not _AD_ObjectExists($sAD_User) Then Return SetError(1, 0, 0) If StringMid($sAD_User, 3, 1) <> "=" Then $sAD_User = _AD_SamAccountNameToFQDN($sAD_User) ; sAMACccountName provided Local $oAD_User = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_User) $oAD_User.SetPassword($sAD_Password) ; added by Joe2010 $oAD_User.Put("pwdLastSet", $iChangePW) ; $iChangePW: (0 = User must change password at next logon / 1 = User must not change password at next logon) ;==> added by Joe2010 $oAD_User.SetInfo() If @error <> 0 Then Return SetError(@error, 0, 0) Return 1 EndFunc ;==>_AD_SetPassword

Hi jazzyjeff, it's not a bug of AD.au3! -> "General Help and Support Thread" Please use the _AD_Open/_AD_Close - Functions to get access to the Active Directory. Have a look: Case $DA _AD_Open() If _AD_IsMemberOf("domain admins") Then DomainAdmins() _AD_Close() greetings

Hi, I tested a lot of functions and fixed the following bugs (Win2003Server Domain): 1. In the new version AD 0.37 the Func _AD_GetObjectsInOU returns an empty array because of $aAD_DataToRetrieve. Original: Line 1133: $aAD_Objects[$iCount2] = $oAD_RecordSet.Fields($aAD_DataToRetrieve).ValueFixed (like previous versions): Line 1133: $aAD_Objects[$iCount2] = $oAD_RecordSet.Fields($sAD_DataToRetrieve).Value 2. Also in the Func _AD_GetObjectsInOU the "Searchscope property" doesn't work. The last argument ";subtree" is used for this. Line 1098: $oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_OU & ">;" & $sAD_Filter & ";" & $sAD_DataToRetrieve & ";subtree"Possible arguments: ";base" ";onelevel" ";subtree" 3. The Func _AD_FQDNToSamAccountName can't handle OrganizationalUnits with a slash in the name (for example: "Accounts/Controlling"). This is a known Active Directory bug so I declared wrong given slashs "/" from AD as special character "\/" (normaly it's job of Active Directory for example the special character: comma). Func _AD_FQDNToDisplayname($sAD_FQDN) ;AD BUG: Declare wrong given slashs "/" from AD as special character "\/" $sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/") Local $oAD_Item = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_FQDN) If IsObj($oAD_Item) Then Local $sAD_Name = $oAD_Item.name $sAD_Name = StringTrimLeft($sAD_Name, 3) $sAD_Name = StringReplace($sAD_Name, "\,", ",") Return $sAD_Name Else Return SetError(1, 0, "") EndIf EndFunc ;==>_AD_FQDNToDisplayname greetings