_ADGetGroupMembers function from ADFunctions.au3

shngrhm · September 16, 2009

I'm found these awesome functions in ADFunctions.au3, and I'm trying to use the _ADGetGroupMembers function to list members of groups for some audit reports. It doesn't seem to be returning the correct info. Here is my script:

; program name - Audit Reports
#include <Date.au3>
#include <ADFunctions.au3>

dim $members[999]

$lgfile = "L:\audit reports\audit report log.txt"
$tdate = _Date_Time_GetSystemTime()
$rdate = @MON & "-" & @MDAY & "-" & @YEAR
$arfolder = "L:\audit reports\"
$group1 = "aex-ou-admins"
$dgroup1 = _ADSamAccountNameToFQDN($group1)


;log start time
FileOpen($lgfile, 1)
FileWrite($lgfile, "Started -  " & _Date_Time_SystemTimeToDateStr($tdate) & "  " & _Date_Time_SystemTimeToTimeStr($tdate) & @CRLF)
FileClose($lgfile)

;create directory
$arfolder = $arfolder & $rdate
DirCreate($arfolder)

;add report name and blank line
FileOpen($arfolder & "\" & $rdate & " Audit Reports.txt", 1)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "[" & $rdate & " Audit Reports]" & @CRLF)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", @CRLF)

;add section name
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "[C2122 - " & $group1 & " members]" & @CRLF)
_ADGetGroupMembers($members, $dgroup1)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", $dgroup1 & @CRLF)
For $m = 1 to $members[0]
    FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", $m & $members[$m] & @CRLF)
Next

And here is what it dumps to the report text file:

[09-16-2009 Audit Reports]

[C2122 - aex-ou-admins members]

CN=aex-ou-admins,OU=Security Groups,OU=Groups,OU=AEX1,OU=FSPR,DC=corp,DC=dresser,DC=com

1CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

2CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

3CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

4CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

It's pulling the domain correctly, but not the actual users. Any ideas?

Cheez · September 17, 2009

Not familiar with the UDF, but are you sure that $members[0] contains the size of the array?

In my experience with UDF's, they usually store data in 0.

Try using

For $m = 0 to (Ubound($members) - 1)

water · September 17, 2009

No, $members[0] should work fine. See the description in the UDF for function _ADGetGroupMembers:

; Returns an array to $members where $members[0] will be the number of users in the group and
; $members[1] to $members[$members[0]] are the distinguished names of the users

Could you please add the following lines to your script and post the results?

_ADGetGroupMembers($members, $dgroup1)              ; your code
ConsoleWrite("Array: " & IsArray($members) & @CRLF) ; new code
ConsoleWrite("Count: " & $members[0] & @CRLF)       ; new code

shngrhm · September 17, 2009

I added your code but changed it slightly to output to my text file:

; program name - Audit Reports
#include <Date.au3>
#include <ADFunctions.au3>

dim $members[999]

$lgfile = "L:\audit reports\audit report log.txt"
$tdate = _Date_Time_GetSystemTime()
$rdate = @MON & "-" & @MDAY & "-" & @YEAR
$arfolder = "L:\audit reports\"
$group1 = "aex-ou-admins"
$dgroup1 = _ADSamAccountNameToFQDN($group1)


;log start time
FileOpen($lgfile, 1)
FileWrite($lgfile, "Started -  " & _Date_Time_SystemTimeToDateStr($tdate) & "  " & _Date_Time_SystemTimeToTimeStr($tdate) & @CRLF)
FileClose($lgfile)

;create directory
$arfolder = $arfolder & $rdate
DirCreate($arfolder)

;add report name and blank line
FileOpen($arfolder & "\" & $rdate & " Audit Reports.txt", 1)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "[" & $rdate & " Audit Reports]" & @CRLF)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", @CRLF)

;add section name
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "[C2122 - " & $group1 & " members]" & @CRLF)
_ADGetGroupMembers($members, $dgroup1)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "Array: " & IsArray($members) & @CRLF)
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", "Count: " & $members[0] & @CRLF) 
FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", $dgroup1 & @CRLF)
For $m = 1 to $members[0]
    FileWrite($arfolder & "\" & $rdate & " Audit Reports.txt", $m & $members[$m] & @CRLF)
Next

This is what it outputs:

[09-17-2009 Audit Reports]

[C2122 - aex-ou-admins members]

Array: 1

Count: 4

CN=aex-ou-admins,OU=Security Groups,OU=Groups,OU=AEX1,OU=FSPR,DC=corp,DC=dresser,DC=com

1CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

2CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

3CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

4CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=dresser,DC=com

water · September 18, 2009

What version of adfunctions.au3 do you run? I use 3.1.6 and the top of the file looks like this:

; Author : Jonthan Clelland
; Email : jclelland@statestreet.com
; Version : 3.1.6
;Version History -- Starting from v3.1
; 3.1 -- First released version
; 3.1.1 -- Bugfix to _ADGetObjectsInOU, default $filter value caused errors. Has been changed.
; 3.1.2 -- Corrections made to comments, replaced occurrences of 'Samaccountname' with 'Full Distringuished Name' where this had changed ibn the code.
; 3.1.2 -- Change to '_ADUserCreateMailbox', added '$emaildomain' and removed the hard-coded Email Domain name.
; 3.1.3 -- Change to '_ADCreateUser', added .Put("userPrincipalName", $user & "@" & $domainext), where $domainext is the Domain in the form 'domain.mydomain.com'
; 3.1.4 -- Added _ADComputerExists($object) checks if a computer account exists in the active directory (_ADObjectExist does not work for this)
; 3.1.5 -- (Revision by KenE) Added: _ADDisableAccountExpire, _ADDisablePasswordExpire, _ADEnablePasswordChange, _ADDisablePasswordChange
; 3.1.6 -- (Revision by KenE) Added: _ADSetAccountExpire, _ADSetPassword

Another test. Could you please download Sysinternals Active Directory Explorer and see what's really in your group? No installation required, just run the EXE.

Edited September 18, 2009 by water

shngrhm · September 23, 2009

I'm using version 3.3 of ADFunction.au3.

I believe I found the problem.

On line 674:

;$members[$i][1] = $objRecordSet.Fields("objectCategory" ).Value

I had removed the ; trying to troubleshoot another issue where the arrays had an extra dimension in lines 665 thru 670.

I readded the ; and removed the [0] and [1] and everything seems to work fine.

Sign In

_ADGetGroupMembers function from ADFunctions.au3

Recommended Posts

shngrhm

Link to comment

Share on other sites

Cheez

Link to comment

Share on other sites

water

Link to comment

Share on other sites

shngrhm

Link to comment

Share on other sites

water

Link to comment

Share on other sites

shngrhm

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta