Sign in to follow this  
Followers 0
shngrhm

_ADGetGroupMembers function from ADFunctions.au3

6 posts in this topic

I'm found these awesome functions in ADFunctions.au3, and I'm trying to use the _ADGetGroupMembers function to list members of groups for some audit reports. It doesn't seem to be returning the correct info. Here is my script:

; program name - Audit Reports
#include <Date.au3>
#include <ADFunctions.au3>

dim $members[999]

$lgfile = "L:\audit reports\audit report log.txt"
$tdate = _Date_Time_GetSystemTime()
$rdate = @MON & "-" & @MDAY & "-" & @YEAR
$arfolder = "L:\audit reports\"
$group1 = "aex-ou-admins"
$dgroup1 = _ADSamAccountNameToFQDN($group1)


;log start time
FileOpen($lgfile, 1)
FileWrite($lgfile, "Started -  " & _Date_Time_SystemTimeToDateStr($tdate) & "  " & _Date_Time_SystemTimeToTimeStr($tdate) & @CRLF)
FileClose($lgfile)

;create directory
$arfolder = $arfolder & $rdate
DirCreate($arfolder)

;add report name and blank line
FileOpen($arfolder & "\" & $rdate & " Audit Reports.txt", 1)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "[" & $rdate & " Audit Reports]" & @CRLF)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", @CRLF)

;add section name
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "[C2122 - " & $group1 & " members]" & @CRLF)
_ADGetGroupMembers($members, $dgroup1)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", $dgroup1 & @CRLF)
For $m = 1 to $members[0]
    FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", $m & $members[$m] & @CRLF)
Next

And here is what it dumps to the report text file:

[09-16-2009 Audit Reports]

[C2122 - aex-ou-admins members]

CN=aex-ou-admins,OU=Security Groups,OU=Groups,OU=AEX1,OU=FSPR,DC=corp,DC=dresser,DC=com

1CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

2CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

3CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

4CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

It's pulling the domain correctly, but not the actual users. Any ideas?

Share this post


Link to post
Share on other sites



Not familiar with the UDF, but are you sure that $members[0] contains the size of the array?

In my experience with UDF's, they usually store data in 0.

Try using

For $m = 0 to (Ubound($members) - 1)

Share this post


Link to post
Share on other sites

No, $members[0] should work fine. See the description in the UDF for function _ADGetGroupMembers:

; Returns an array to $members where $members[0] will be the number of users in the group and

; $members[1] to $members[$members[0]] are the distinguished names of the users

Could you please add the following lines to your script and post the results?
_ADGetGroupMembers($members, $dgroup1)              ; your code
ConsoleWrite("Array: " & IsArray($members) & @CRLF) ; new code
ConsoleWrite("Count: " & $members[0] & @CRLF)       ; new code

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I added your code but changed it slightly to output to my text file:

; program name - Audit Reports
#include <Date.au3>
#include <ADFunctions.au3>

dim $members[999]

$lgfile = "L:\audit reports\audit report log.txt"
$tdate = _Date_Time_GetSystemTime()
$rdate = @MON & "-" & @MDAY & "-" & @YEAR
$arfolder = "L:\audit reports\"
$group1 = "aex-ou-admins"
$dgroup1 = _ADSamAccountNameToFQDN($group1)


;log start time
FileOpen($lgfile, 1)
FileWrite($lgfile, "Started -  " & _Date_Time_SystemTimeToDateStr($tdate) & "  " & _Date_Time_SystemTimeToTimeStr($tdate) & @CRLF)
FileClose($lgfile)

;create directory
$arfolder = $arfolder & $rdate
DirCreate($arfolder)

;add report name and blank line
FileOpen($arfolder & "\" & $rdate & " Audit Reports.txt", 1)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "[" & $rdate & " Audit Reports]" & @CRLF)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", @CRLF)

;add section name
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "[C2122 - " & $group1 & " members]" & @CRLF)
_ADGetGroupMembers($members, $dgroup1)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "Array: " & IsArray($members) & @CRLF)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "Count: " & $members[0] & @CRLF) 
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", $dgroup1 & @CRLF)
For $m = 1 to $members[0]
    FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", $m & $members[$m] & @CRLF)
Next

This is what it outputs:

[09-17-2009 Audit Reports]

[C2122 - aex-ou-admins members]

Array: 1

Count: 4

CN=aex-ou-admins,OU=Security Groups,OU=Groups,OU=AEX1,OU=FSPR,DC=corp,DC=dresser,DC=com

1CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

2CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

3CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

4CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

What version of adfunctions.au3 do you run? I use 3.1.6 and the top of the file looks like this:

; Author : Jonthan Clelland

; Email : jclelland@statestreet.com

; Version : 3.1.6

;Version History -- Starting from v3.1

; 3.1 -- First released version

; 3.1.1 -- Bugfix to _ADGetObjectsInOU, default $filter value caused errors. Has been changed.

; 3.1.2 -- Corrections made to comments, replaced occurrences of 'Samaccountname' with 'Full Distringuished Name' where this had changed ibn the code.

; 3.1.2 -- Change to '_ADUserCreateMailbox', added '$emaildomain' and removed the hard-coded Email Domain name.

; 3.1.3 -- Change to '_ADCreateUser', added .Put("userPrincipalName", $user & "@" & $domainext), where $domainext is the Domain in the form 'domain.mydomain.com'

; 3.1.4 -- Added _ADComputerExists($object) checks if a computer account exists in the active directory (_ADObjectExist does not work for this)

; 3.1.5 -- (Revision by KenE) Added: _ADDisableAccountExpire, _ADDisablePasswordExpire, _ADEnablePasswordChange, _ADDisablePasswordChange

; 3.1.6 -- (Revision by KenE) Added: _ADSetAccountExpire, _ADSetPassword

Another test. Could you please download Sysinternals Active Directory Explorer and see what's really in your group? No installation required, just run the EXE.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I'm using version 3.3 of ADFunction.au3.

I believe I found the problem.

On line 674:

;$members[$i][1] = $objRecordSet.Fields("objectCategory" ).Value

I had removed the ; trying to troubleshoot another issue where the arrays had an extra dimension in lines 665 thru 670.

I readded the ; and removed the [0] and [1] and everything seems to work fine.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0