antmar904

Also, when I use powershell "Get-Aduser username -pr *" the CN attribute retuned is the whole users display name BUT the CanonicalName attribute returns what I want to search for in my script...

Yes, the DC holds more accounts with either "consultants" or "contractor" in their cn. I modified to connect to GC on port 3269 and still only returned one results.

Here is the quick test script: #include <AD.au3> #include <MsgBoxConstants.au3> _AD_Open() If @error Then Exit MsgBox("", "", "Active Directory Error. Function _AD_Open encountered a problem. Error: " & @error & " extended error: " & @extended) $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(cn=*Contractor*))", 2, "sAMAccountName,Name") ;Debug _ArrayDisplay($aUserObjects) _AD_Close() Exit I'm using AD.au3 version 1.6.1.0

More

This is returning one user account in the array who's cn is "mydomain.internal/Users/Service Contractor" $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(cn=*Contractor*))", 2, "sAMAccountName,Name") This is the only thing it's returning to be clear. I have many other accounts that have "contractor" in their cn.

This returns nothing: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(canonicalname=*Contractor*))", 2, "sAMAccountName,Name")

For which line? Sorry

Test 1 example 2: It successfully returns the: sAMAccountName, CN, Name

I'm having more issues with this. I was also trying to connect to GC so I can also query users in our sub-domains but now it's only returning the sAMAccountName and Name. The accountExpires is missing only when connecting to Global Catalog.

Even using the following returns nothing. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(canonicalname=*Contractor*))", 2, "sAMAccountName,accountExpires,Name")

This not returning anything and no errors: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(cn=*Contractor*))", 2, "sAMAccountName,accountExpires,Name")

Ok, just a fyi this has been working for me all along: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*))))", 2, "sAMAccountName,accountExpires,Name") It's when I add the two CN filters at the end that's when it does not work: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*)(cn=*contractor*)(cn=*consultant*))))", 2, "sAMAccountName,accountExpires,Name") to answer your question this does work: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(description=*contractor*))", 2, "sAMAccountName,accountExpires,Name") and this works also: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(description=*Contractor*))", 2, "sAMAccountName,accountExpires,Name")

Hi This is not working, no errors produced it's just not returning my test account which has "Consultants" in the CN. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*)(cn=*contractor*)(cn=*consultant*))))", 2, "sAMAccountName,accountExpires,Name")

Hi. I am having issues filtering accounts by CanonicalName. I'd like to add to my current filter any user object that has the word "consultant" or "contractor" in their CN. I think I have to loop through the array $aUserObjects and search for this and I might not be able to by using _AD_GetObjectsInOU, is that correct? $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(cn=*contractor*)(cn=*consultant*))))", 2, "sAMAccountName,accountExpires,Name)

Hi I have a script that was piecemealed together and is working but I know it can be better. I'm looking for some help on improving it while helping add one additional functionality to it. This script will check all user objects in AD that are none-FTE (contractors/consultants) and check if they have NO expire date, send this to an array, convert the array to a string and email the results. This is working but the email is not formatted in a nice way like I would prefer. The added functionality that I would like to add is to check if these accounts do have a expire date GREATER than 30 days and if so then add them to the array and email also in the same report. I'm also going to implement this UDF so I can email the list to more than one user: #include <AD.au3> #include <AD.au3> #include <File.au3> #include <Inet.au3> #include <Date.au3> Global $logFile = @ScriptDir & "\non-FTE out of compliance log.log", $hFile = FileOpen($logFile, 1) _GetUsers() Func _GetUsers() _FileWriteLog($hFile, "Started") _AD_Open() If @error Then Exit _FileWriteLog($hFile, "Active Directory Error. Function _AD_Open encountered a problem. Error: " & @error & " extended error: " & @extended) ; Search all of AD for contractors and exclude _DT accounts. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*))))", 2, "sAMAccountName,accountExpires,Name") For $i = 0 To UBound($aUserObjects) -1 If IsObj($aUserObjects[$i][1]) Then $aUserObjects[$i][1] = _GetADDateTime($aUserObjects[$i][1], 1) Next ;Debug ;_ArrayDisplay($aUserObjects, "All contractors") Local $NewArray[1][2] For $x = 0 to UBound($aUserObjects) -1 If $aUserObjects[$x][1] = 0 Then _ArrayAdd($NewArray, $aUserObjects[$x][0]) _ArrayAdd($NewArray, $aUserObjects[$x][2]) EndIf Next ;Debug ;_ArrayDisplay($NewArray) _AD_Close() ;Convert array to string so I can email Global $BadUsers = _ArrayToString($NewArray, " ") ;Email list of out of compliance users _SendEmail($BadUsers) EndFunc ;==>_GetUsers Func _GetADDateTime($_oADObject, $_iFlag = 0) Local $sAD_DTStruct, $sTemp3 If $_iFlag = 1 Then If $_oADObject.LowPart = -1 Then Return 0 If $_oADObject.LowPart > 0 And $_oADObject.HighPart > 0 Then $sAD_DTStruct = DllStructCreate("dword low;dword high") DllStructSetData($sAD_DTStruct, "Low", $_oADObject.LowPart) DllStructSetData($sAD_DTStruct, "High", $_oADObject.HighPart) $sAD_Temp = _Date_Time_FileTimeToSystemTime(DllStructGetPtr($sAD_DTStruct)) $sTemp3 = _Date_Time_SystemTimeToTzSpecificLocalTime(DllStructGetPtr($sAD_Temp)) Return _Date_Time_SystemTimeToDateTimeStr($sTemp3, 1) EndIf EndIf ; Convert IADsLargeInteger parts to 100ns count $iLowPart = $_oADObject.LowPart $iHighPart = $_oADObject.HighPart If $iLowPart < 0 Then $iHighPart += 1; Compensate for IADsLargeInteger interface error $iDateParts= $iHighPart * 2 ^ 32 $iDateParts+= $iLowPart ; Check if user ever logged in If $iDateParts= 0 Then Return "n/a" Else ; Convert 100ns count to integer seconds $iSeconds = Floor($iDateParts/ 10000000) ; Convert seconds since 12:00AM January 01, 1601 to date string $sDateTime = _DateAdd("S", $iSeconds, "1601/01/01 00:00:00") ; Display result Return $sDateTime EndIf EndFunc Func _SendEmail($List) Local $s_SmtpServer = "removed" Local $s_FromName = "removed" Local $s_FromAddress = "removed" Local $s_ToAddress = "removed" Local $s_Subject = "test report" Local $as_Body[3] $as_Body[0] = "Here is a list of contractor out of compliance." $as_Body[1] = $List $as_Body[2] = @CRLF & @CRLF & @CRLF & @CRLF & @CRLF & @CRLF & "Report created on: " & _NowDate() & " " & _NowTime() & " " & "on server: " & @ComputerName Local $iResponse = _INetSmtpMail($s_SmtpServer, $s_FromName, $s_FromAddress, $s_ToAddress, $s_Subject, $as_Body) Local $iErr = @error If $iResponse = 1 Then _FileWriteLog($hFile, "List: " & $List) _FileWriteLog($hFile, "Mail sent") Else _FileWriteLog($hFile, "Error! " & "Mail failed with error code " & @error & "extended error: " & @extended) EndIf EndFunc

Great thank you ill check that UDF out!

Hi Can you send mail to multiple recipient's using _INetSmtpMail? I'm having trouble with this. I tried adding a semicolon in-between each mail recipient but that is not working.

Hello all. Looking into this once again. So again I'm just trying to query AD for user accounts with the "description" attribute that contains "contractor" or "consultants" and if they have NO expire date then show me in a list or something that I then want to send a report in a email. I'm stuck on going through the array and checking if the expire data is NOT = "0" which means it has no expire data and removing from the array and ultimately showing me just accounts with no expire date. #include <AD.au3> _GetUsers() Func _GetUsers() _AD_Open() If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended) ; Search all of AD for contractors and exclude _DT accounts. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*))))", 2, "sAMAccountName,accountExpires") For $i = 0 To UBound($aUserObjects) - 1 If IsObj($aUserObjects[$i][1]) Then $aUserObjects[$i][1] = _GetADDateTime($aUserObjects[$i][1], 1) If Not $aUserObjects[$i][1] = 0 Then _ArrayDelete($aUserObjects, $aUserObjects[$i]) EndIf Next _ArrayDisplay($aUserObjects) _AD_Close() EndFunc ;==>_GetUsers

Thanks @Subzbut to clean it up can we removed the "whenCreated" attribute? We don't need to collect that data. Just looking for if the contractors expire date is more that 90 days from today (that time the script is being ran). I think the changes you made above worked but it returned more account's than I was expecting so I am still testing it.

@SubzThanks again for your help. The needs have changed. I am trying to check if the account expire date is more than 90 days from todays date (the date and time the script is ran). Any help is always much appreciated.

my ultimate goal for this script is to 1) search all accounts in AD that are contractors 2) check if the contractors accounts have a expire date less than 90 days 3) create a list of contractor accounts that have either no expire date and/or more than 90 days expire date set 4) send list as attachment via email

Hello @Subzjust starting to work on this script again. Can you explain to me what this is doing? (!userAccountControl:1.2.840.113556.1.4.803:=2)

thank you ill check it out. the 7z gui was faster than scripting it with powershell

Hi, Some days I am tasked with unzipping multiple compressed folder which can range from ~500MB - ~3GB of data compressed for each folder. Today I use PowerShell with Expand-Archive but it's slow as hell. Just wondering if AutoIt has anyway to do it faster maybe with multithread or some other way? TIA

Hey @Subz I was originally just trying to use the AD UDFs. I did just test out your script and it worked well (~4 seconds)!. Thank you for your assistance. A couple of things I'm going to try and add is 1) exclude any "Disabled" AD accounts so we don't have to process them 2) my end goal is to only alert/report on any account that does not have a expire date of 90 days from the AD account creation date. Any help is greatly appreciated!