Jump to content
water

Active Directory UDF

Recommended Posts

water

I've finished to implement the read-only functions (see previous post).

Before I start with the write-functions I need a volunteer to help me test this functions as I don't have write access to an Active Directory.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
rogerd2u

Just wanted to say that you've done an awesome job thus far!!! I look forward to using this UDF!!!

I'm converting Jonathan Clelland adfunctions.au3 to a full AutoiIt UDF including help file, examples, ScITE integration etc.

In a first step the readonly functions will be converted.

In a second step all other functions will follow.


Roger O."When people show you who they are, believe them.” --Mark Twain

Share this post


Link to post
Share on other sites
water

Anyone willing to run the example scripts and report errors/problems?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
FractalReactor

hi,

Sorry for my bad English, I speak Spanish.

I can test functions. I have an AD, in which test some of the functions read-only of your library.

I leave my mail marianilucas@gmail.com

greetings

Edited by FractalReactor

Share this post


Link to post
Share on other sites
water

More then 50 downloads and still no error reports? ;)

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
stamandster

More then 50 downloads and still no error reports? ;)

Working great Water! I'm currently using it in production.

I've adapted the example to my environment, it will check for FQDN group if you want but you can change it to general

Func _AD_UserInGroup($ADusername,$ADGroupName,$FQDN = 0)
    ; Open Connection to the Active Directory
    local $founduser
    _AD_Open()

    ; Get an array of group names (FQDN) that the current user is immediately a member of
    _AD_GetUserGroups($aUser, $ADusername)

    IF $FQDN = 0 Then 
        $ADGroupName = "CN=" & $ADGroupName & ","
    Endif
    
    For $each in $aUser
        IF StringinStr($each,$ADGroupName) Then
            _AD_Close()
            Return 1
        Endif
    Next

    _AD_Close()
    
    Return 0
    
EndFunc
Edited by kickarse

Share this post


Link to post
Share on other sites
someone

@Water,

I'll do my best to check things out and test..I have access to an AD environment. If there is anything specific you want tested please let me know otherwise I'll just go through as best I can. Regardless though I want to say thanks for heading up this UDF project.... I used adfunctions.au3 pretty recently to make an easy add/remove groups interface for myself.


While ProcessExists('Andrews bad day.exe')
	BlockInput(1)
	SoundPlay('Music.wav')
	SoundSetWaveVolume('Louder')
WEnd

Share this post


Link to post
Share on other sites
water

Working great Water! I'm currently using it in production.

I've adapted the example to my environment, it will check for FQDN group if you want but you can change it to general

Hi kickarse,

I think the function you have written (test if a user is a member of a specific group) is already available as "_AD_IsMemberOf($sAD_Group, $sAD_User)"

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
Yorn

water,

Thank you very much for working on this. I'm going to have to revise/revisit most of my scripts because of what you're doing, but it'll be well worth it. I'm very thankful for Johnny having made the original as well! This is probably my most-used UDF.

Share this post


Link to post
Share on other sites
water

Glad to hear that it's of use for someone ;)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
Talder

Hi,

First off all, great job and very useful UDF! ;)

For those who are interested on making connection to a domain controller from a pc that is not registered into any domain, i had to change one line

Local $oAD_RootDSE = ObjGet("LDAP://RootDSE")

into

Local $oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServerParam & "/RootDSE")

and i was able to connect and query the domain controller. (of course you have to provide all necessary parameters to _ad_open())

Without this change you get a COM error.

Bye,

Tim

Share this post


Link to post
Share on other sites
EndFunc

I've been using the other adfuctions.au3 and I have to admit that there should have been examples because some of the functions were a little hard to get working.

I had trouble with several that I ended up just finding vbscripts and converting them to autoit. Example I could never get the list domains controllers to work with the one in that UDF, but I found a vbscript that did the same thing and converted it to autoit. I have also since made several other custom AD functions not included in the adfuntions. I would love to see this as an official UDF so that it shows up in Scite and in the help file with usage examples.

Thanks for taking this one as it has been needed for a long time.

Edited by EndFunc

EndFuncAutoIt is the shiznit. I love it.

Share this post


Link to post
Share on other sites
water

@EndFunc

If there are any functions you want to see in the UDF which are not yet implemented in adfunctions.au3 or AD.au3 please just drop me a note and I will do my very best.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
EndFunc

@EndFunc

If there are any functions you want to see in the UDF which are not yet implemented in adfunctions.au3 or AD.au3 please just drop me a note and I will do my very best.

Well something that would be a awesome function is searchable usernames. Just like the find in ADUC. I can pull up info based on a username but if it isn't exact then you get the error. What would be nice is that if finds names that match or are close and give you a choice. I've been trying to look at that but so far no go.

This guy's site has some very good vbscripts for many things. I've used a few of them in AutoIt. Some were difficult to convert because of not knowning the AutoIt equivalent. Anyway check out this site. Lots of good stuff for functions. That's just for seaching stuff, he has much more code on his site for other things.

http://www.rlmueller.net/freecode6.htm

Edited by EndFunc

EndFuncAutoIt is the shiznit. I love it.

Share this post


Link to post
Share on other sites
EndFunc

Known bugs:

  • _AD_Open: Still does not work when you connect from a PC that is no domain member. Is solved in the next version
  • _AD_ListRoleOwners: Gives "Object referenced outside a "With" statement." in some environments
  • _AD_ListSites: Gives a COM error in some environments
  • _AD_MoveObject: Wrong syntax. Will be changed in next version
  • _AD_EnablePasswordChange and _AD_DisablePasswordChange: Do not work at all. We investigate the situation - I think we will have to rewrite the code

These original functions in adfunctions.au3 work fine for me, so why not use it as it is, just updating the vars?

_ADEnablePasswordChange and _ADDisablePasswordChange

Edited by EndFunc

EndFuncAutoIt is the shiznit. I love it.

Share this post


Link to post
Share on other sites
water

Hi EndFunc,

thanks for your reply!

  • All readonly functions work fine in my environment (have only readonly access to an AD). The "known bugs" section lists some errors another user gets when he uses AD.au3 from a PC which is not a member of a domain.
  • I will have a look at the suggested site. Are there any functions you would like to see in AD.au3?
  • To search for a user name (full or partial) you can use something like: _AD_GetObjectsInOU($asUser, $sOU, "(&(objectCategory=user)(name="*water*))", 2, "department,cn,distinguishedName,sAMAccountName")

    This will return department, full name, FQDN and sAMAccountname for all users in the specified OU that have "water" somewhere in the field "name".

  • _ADEnablePasswordChange and _ADDisablePasswordChange: As I understand the ACEs have to be sorted (according to KB269159) to make sure they work in all situations. The following scripts give an example. Do they work for you?

    http://www.wisesoft.co.uk/scripts/vbscri...disable_user_cannot_change_password.aspx

    http://www.rlmueller.net/Cannot%20Change%20PW.htm

I hope I will soon release a new version. Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

Hi EndFunc,

I did check out this site (http://www.rlmueller.net/freecode6.htm). Here are my findings:

  • Search for Common Name: Use _AD_GetObjectsInOU
  • Duplicate Display Names: _AD_GetObjectsInOU with sort parameter "displayname" and then check the resulting array
  • Enumerate DC's: I've modified _AD_ListDomainControllers and incorporated the code from this script
  • Enumerate Servers: Use _AD_GetObjectsInOU
  • Document Forest: Use multiple calls to _AD_GetObjectsInOU
  • Create User List: Use _AD_GetObjectsInOU
  • Move Old Computers: _AD_GetPasswordInfo, _AD_DisableObject and _AD_MoveObject
  • Computer Roles: Uses WMI which is outside the scope of the AD UDF
  • Inventory Computers: Use _AD_GetObjectsInOU and the Excel UDF
  • Document Organization: Not yet implemented in the AD UDF. Will be implemented if enough users have a need for it
  • Unique Computer SIDs: Uses WINNT:// which is outside the scope of the AD UDF
  • Local Admin Passwords: Uses WINNT:// which is outside the scope of the AD UDF
  • Generic ADO Searches: Use _AD_GetObjectsInOU
If there are any functions you would like to see in the AD UDF please drop me a note. Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
bavery

First off, great work. Your AD functions are fantastic.

I have a bug/issue to report:

I noticed when I installed version 3.3.4.0 of AutoIt the _AD_IsMemberOf() function no longer works (i was using ad.au3 v0.33). It simply returns a -1. I rolled back to 3.3.0.0 and everything works fine. However, other functions such as _AD_GetUserGroups work with the new version. I also tried the original adfunctions.au3 file, and it also returns -1.

Share this post


Link to post
Share on other sites
water

Hi,

I think we got hit by bug #1068: Binary to Int. This was fixed in 3.3.2.0

I was always wondering why the function returned a negative value because IsMember only returns 0x0 or 0x1.

I changed the code to return an absolute value so the function returns a valid result for every AutoIt version.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • water
      By water
      Extensive library to control and manipulate Microsoft Active Directory.

      Threads: Development - General Help & Support - Example Scripts - Wiki
      Previous downloads: 30467
       
      Known Bugs: (last changed: 2018-12-03)
      None
        Things to come: (last changed: 2018-12-03)
      None
      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
    • antmar904
      By antmar904
      I'm trying to read all cells used in column "C" in excel to an array but not sure how.
       
      Local $NameArray = _Excel_RangeRead($oWorkbook, $oWorkbook.Activesheet, $oWorkbook.Range["C"].End)  
    • Blois
      By Blois
      Hey Guys,
      Good?
      I'm ned help to consult in other domain. My three domain contains any domains.
      How do I get this query done?
       
      Tks for the Help!
       
    • water
      By water
      Hello all!
      As I have just read access to my companies Active Directory I need some users willing to test the rewritten _AD_ModifyAttribute function.
      My goal is to have the function handle single and multi value attributes the same way and support CLEAR, UPDATE, APPEND and DELETE for the attributes.
      First step is to test how the function handles single value attributes:
      Please modify the following script to specify the object (I suggest a dummy user in your test AD environment - the function might still be buggy).
      Then please run the script and post the restults!
      If everything works as expected we will test multi value attributes. AD attributes: http://www.rlmueller.net/UserAttributes.htm
      #include <AD.au3> _AD_Open() $sObject = "user-to-modify" ; <== NEEDS TO BE CHANGED BY YOU! $sAttribute = "Description" ; CLEAR - single value attribute _AD_ModifyAttribute($sObject, $sAttribute, "Original value", 2) ; Set the original value If @error Then Exit MsgBox(0, "Single value - Error!", "CLEAR: Set original value returned @error = " & @error & ", @extended = " & @extended) _AD_ModifyAttributeEX($sObject, $sAttribute, "", 1) If @error Then Exit MsgBox(0, "Single value - Error!", "CLEAR returned @error = " & @error & ", @extended = " & @extended) $sReturnValue = _AD_GetObjectAttribute($sObject, $sAttribute) If @error Then Exit MsgBox(0, "Single value - Error!", "CLEAR: Query new value returned @error = " & @error & ", @extended = " & @extended) MsgBox(0, "Success!", "Value after CLEAR: " & $sReturnValue & @CRLF & "Expected value: ''") ; UPDATE - single value attribute _AD_ModifyAttribute($sObject, $sAttribute, "Original value", 2) ; Set the original value If @error Then Exit MsgBox(0, "Single value - Error!", "UPDATE: Set original value returned @error = " & @error & ", @extended = " & @extended) _AD_ModifyAttributeEX($sObject, $sAttribute, "UPDATE", 2) If @error Then Exit MsgBox(0, "Single value - Error!", "UPDATE returned @error = " & @error & ", @extended = " & @extended) $sReturnValue = _AD_GetObjectAttribute($sObject, $sAttribute) If @error Then Exit MsgBox(0, "Single value - Error!", "UPDATE: Query new value returned @error = " & @error & ", @extended = " & @extended) MsgBox(0, "Success!", "Value after UPDATE: " & $sReturnValue & @CRLF & "Expected value: 'UPDATE'") ; APPEND - single value attribute - APPEND should work the same way as UPDATE _AD_ModifyAttribute($sObject, $sAttribute, "Original value", 2) ; Set the original value _AD_ModifyAttributeEX($sObject, $sAttribute, "APPEND", 3) $sReturnValue = _AD_GetObjectAttribute($sObject, $sAttribute) If @error Then Exit MsgBox(0, "Single value - Error!", "APPEND returned @error = " & @error & ", @extended = " & @extended) MsgBox(0, "Success!", "Value after APPEND: " & $sReturnValue & @CRLF & "Expected value: 'APPEND'") ; DELETE - single value attribute - DELETE should work the same way as CLEAR _AD_ModifyAttribute($sObject, $sAttribute, "Original value", 2) ; Set the original value _AD_ModifyAttributeEX($sObject, $sAttribute, "DELETE", 4) $sReturnValue = _AD_GetObjectAttribute($sObject, $sAttribute) If @error Then Exit MsgBox(0, "Single value - Error!", "DELETE returned @error = " & @error & ", @extended = " & @extended) MsgBox(0, "Success!", "Value after DELETE: " & $sReturnValue & @CRLF & "Expected value: ''") _AD_Close() Exit ; #FUNCTION# ==================================================================================================================== ; Name...........: _AD_ModifyAttribute ; Description ...: Modifies an attribute of the given object to the value specified. ; Syntax.........: _AD_ModifyAttribute($sObject, $sAttribute[, $vValue = ""[, $iOption = 1]]) ; Parameters ....: $sObject - Object (user, group ...) to add/delete/modify an attribute (sAMAccountName or FQDN) ; $sAttribute - Attribute to add/delete/modify ; $vValue - Optional: Value(s) to modify the attribute with. Use a blank string ("") to remove all values (default). ; +$vValue can be a single value (as a string) or a multi-value (as a zero-based one-dimensional array) ; $iOption - Optional: Indicates the mode of modification: Clear, Update, Append, Delete. ; |1 - CLEAR: remove all value(s) from the attribute (default when $vValue = "" or Default) ; |2 - UPDATE: replace the current value(s) with the specified value(s) ; |3 - APPEND: append the specified value(s) to the existing values(s) ; |4 - DELETE: delete the specified value(s) from the object ; Return values .: Success - 1 ; Failure - 0, sets @error to: ; |1 - $sObject does not exist ; |2 - Parameter $iOption is invalid. needs to be in the range1 to 4. ; |x - Error returned by SetInfo method (Missing permission etc.) ; Author ........: Jonathan Clelland ; Modified.......: water ; Remarks .......: ; Related .......: _AD_GetObjectAttribute, _AD_GetObjectProperties, _AD_AddEmailAddress ; Link ..........: http://msdn.microsoft.com/en-us/library/aa746353(VS.85).aspx (ADS_PROPERTY_OPERATION_ENUM Enumeration) ; Example .......: Yes ; =============================================================================================================================== Func _AD_ModifyAttributeEX($sObject, $sAttribute, $vValue = "", $iOption = 1) Local $aValue[1] If $vValue = Default Then $vValue = "" If IsArray($vValue) Then $aValue = $vValue Else ; Move the string value to the array $aValue[0] = $vValue EndIf If $iOption = Default Then $iOption = 1 If $iOption < 1 Or $iOption > 4 Then Return SetError(2, 0, 0) If Not _AD_ObjectExists($sObject) Then Return SetError(1, 0, 0) Local $sProperty = "sAMAccountName" If StringMid($sObject, 3, 1) = "=" Then $sProperty = "distinguishedName" ; FQDN provided $__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(" & $sProperty & "=" & $sObject & ");ADsPath;subtree" Local $oRecordSet = $__oAD_Command.Execute ; Retrieve the ADsPath for the object Local $sLDAPEntry = $oRecordSet.fields(0).Value Local $oObject = __AD_ObjGet($sLDAPEntry) ; Retrieve the COM Object for the object $oObject.GetInfo Switch $iOption Case 1 $oObject.PutEx(1, $sAttribute, 0) ; CLEAR: remove all the property value(s) from the object Case 2 $oObject.PutEx(2, $sAttribute, $aValue) ; UPDATE: replace the current value(s) with the specified value(s) Case 3 $oObject.PutEx(3, $sAttribute, $aValue) ; APPEND: append the specified value(s) to the existing values(s) Case 4 $oObject.PutEx(4, $sAttribute, $aValue) ; DELETE: delete the specified value(s) from the object EndSwitch $oObject.SetInfo If @error Then Return SetError(@error, 0, 0) Return 1 EndFunc ;==>_AD_ModifyAttributeEX  
    • Trinnon
      By Trinnon
      I have a question about the @error logging features in _AD_CreateUser.  Hopefully I am just missing something obvious.
      In my app I am creating a user if it does not exist then manipulating some attributes. 
      If the user does exist I would then call another function to remove groups from the user and modify some attributes.
      My question is...
      If the user already Exists, the _AD_CreateUser option gives $iValue = 0 and @error = 0.
      How can @error = 1 for the condition that the user already exists?
       
      I copied a small ship of the code in question along with my full .au3. 
      I am using AD UDF 1.4.9.0 (Water, thanks for the awesome work on this!!!).
      $iValue = _AD_CreateUser ($sOU, $sUser, $sCN)
      If $iValue = 1 Then
            _FileWriteLog ($Log, "Func UserCheck() - User '" & $sUser & "' successfully created ==> Calling UserAttribsNewUser Function.")
            Call ("NewUser")
      ElseIf @error = 1 Then
            _FileWriteLog ($Log, $sUser & " already exists ==> Calling UserAttribsExistingUser Function.")
            Call ("ExistingUser")
       
      AccountSettingConfigurations-Test1.au3
       
×