Active Directory UDF

[water]

Hi supersonic,

thanks for the information.

If you like you can delete the data now.

Searching the internet I now know that encryption was working here "by accident". I have posted my findings on the first page of this thread in the "Known bugs" section.

I will ask the forum if anyone needs the encryption feature - if not I will remove it in the upcoming version.

Thanks a lot

water

[water]

Poll

Does anyone need encryption/SSL with the AD UDF?

It's now implemented "by accident". But I'm not sure if I should remove it or implement it in a clean and save way.

Please respond so I have something to make up my mind.

[SpinningCone]

Hi SpinningCone,

I think _AD_DeleteMailbox has the same prerequisites as _AD_CreateMailbox: The Exchange administration tools have to be installed on the machine running the AutoIt script.

Is this true for your environment?

Regards

water

i do have the MMC tools installed. i use ADUC (active directory users and computers) and adsi edit all the time. i also have the Exchange Management Console installed. do you need the exchange plug-in for ADUC for this to work? i don't have that plug-in anymore since it's obsolete and doesn't like x64 win7

[water]

After googling a while I understand that the currently used method with CDOEXM no longer works for Exchange 2007 and later.

At the moment I'm not sure if the Exchange related APIs can be used by AutoIt any longer.

I'll keep on searching and report what I've found.

[supersonic]

I would like to see the security feature implemented - as an additional function parameter.

But only if there is a fallback routine - in case of a processing failure.

Without such an automatic fallback the feature should be removed due to its script breaking behavior.

[SpinningCone]

After googling a while I understand that the currently used method with CDOEXM no longer works for Exchange 2007 and later.

At the moment I'm not sure if the Exchange related APIs can be used by AutoIt any longer.

I'll keep on searching and report what I've found.

rats :-/ i'll have to see what can be done. like i said this is hte last line that needs to be fixed. all the other cleanup is functional. guess i can try to get autoit to fire off a powershell script. though i was hoping to avoid that since it complicates things (back to scripting) plus powershell is a severe resource hog.

[Steve26]

Hello All,

As a whole this entire package has been very useful to me. However, I'm trying to use the Modify attribute function to modify the jpegPhoto attribute of my active directory, but there seems to be an issue with the way I am doing it.

I use _StringtoHex to to transforms the local image into hex, (Example:FF D8 FF E0 00 10 4A 46 49 46 00 01 01 01 00 60 00 60 00 00 FF DB 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0A ). I then use _AD_ModifyAttribute($username, "jpegPhoto", $hex) to modify the attribute in my AD. The attribute is successfully modified. However, In the list of attributes window it will show me, "jpegPhoto | FF D8 FF E0 00 10 4A 46 49 46 00 01 01 01 00 60 00 60 00 00 FF DB 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0A". But when i open it up to view more information it seems to remove some of the text, turning it into it, 46 44 46 34 23 54 etc etc.

Does anyone have any advice on this? is this an issue with the way the ModifyAttribute works or the way i'm trying to convert the image?

Thank you very much for your help.

[water]

I think you have to pass the jpeg as an array of bytes. use fileread to read the jpeg into a string and them stringsplit to create the array.

[Steve26]

I think you have to pass the jpeg as an array of bytes. use fileread to read the jpeg into a string and them stringsplit to create the array.

Thanks for the fast response, any idea what I would use as a delimiter when I split the string? As of now I have

$data = FileRead(@ScriptDir & "/1_Name.jpg")

and that when I put $data into a message box to see it's output I get 4, very weird looking characters

Edit:

I have also tried to use

$data = _FileReadToArray(@ScriptDir & "/1_Name.jpg", $arraylist)

But that leaves me with two rows with 1 column, the first being a '1' the second being the same weird 4 characters from before.

Edited January 6, 2011 by Steve26

[water]

simply use stringsplit without a delimiter to get a byte array.

[Steve26]

Does this look like the sort of array I should be getting?

Edited January 6, 2011 by Steve26

[water]

Exactly.

[cherdeg]

Hi!

Fantastic work, water: Thank you so much!!!

One question: I need to access an MS-DNS and alter / create / delete DNS Records. Any clues?

Best Regards,

Chris

[water]

Haven't looked into DNS and AutoIt yet.

Please search the forum for DNS. Select "advanced search" and mark "Search titles only ".

Maybe someone has already done what you need.

Good luck!

[ptrex]

@cherdeg

A good start would be to start reading MSDN here :

(There are method describe to do updates as well)

; http://msdn.microsoft.com/en-us/library/ms682132(v=VS.85).aspx

$strComputer = "."
$objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & _
                        "\root\MicrosoftDNS")

$colItems = $objWMIService.ExecQuery("Select * from MicrosoftDNS_Cache")

For $objItem in $colItems
    ConsoleWrite( "Name: " & $objItem.Name & @CRLF)
    ConsoleWrite( "Container Name: " & $objItem.ContainerName & @CRLF)
    ConsoleWrite( "DNS Server Name: " & $objItem.DNSServerName & @CRLF)
    ConsoleWrite(@CRLF)
Next

Hope this gets you going.

Rgds

ptrex

[EndFunc]

Hi EndFunc,

I did check out this site (http://www.rlmueller.net/freecode6.htm). Here are my findings:

• Search for Common Name: Use _AD_GetObjectsInOU
• Duplicate Display Names: _AD_GetObjectsInOU with sort parameter "displayname" and then check the resulting array
• Enumerate DC's: I've modified _AD_ListDomainControllers and incorporated the code from this script
• Enumerate Servers: Use _AD_GetObjectsInOU
• Document Forest: Use multiple calls to _AD_GetObjectsInOU
• Create User List: Use _AD_GetObjectsInOU
• Move Old Computers: _AD_GetPasswordInfo, _AD_DisableObject and _AD_MoveObject
• Computer Roles: Uses WMI which is outside the scope of the AD UDF
• Inventory Computers: Use _AD_GetObjectsInOU and the Excel UDF
• Document Organization: Not yet implemented in the AD UDF. Will be implemented if enough users have a need for it
• Unique Computer SIDs: Uses WINNT:// which is outside the scope of the AD UDF
• Local Admin Passwords: Uses WINNT:// which is outside the scope of the AD UDF
• Generic ADO Searches: Use _AD_GetObjectsInOU

If there are any functions you would like to see in the AD UDF please drop me a note.

Great Water.

Sorry I've been away for so long. I remember asking about how to do a search to match usernames via wild cards. I can't seem to find that thread that I asked in.

I use this code to pull up the account attributes. What I want to do is if the username matches other in AD for it to popup a choice to chose from.

This is part of a UI I have. Not sure how to get actual matches, present it in a select box and then proceed.

$objTrans = ObjCreate("NameTranslate")
                    $objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
                    $objTrans.Set ($ADS_NAME_TYPE_1779, @LogonDomain)
                    $objTrans.Set ($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & GUICtrlRead($UserID))
                    $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
                    $UserObj = ObjGet("LDAP://" & $Server & "/" & $strUserDN)
                    If @error Then
                        GUICtrlSetState($LocateBtn, $GUI_ENABLE)
                        MsgBox(16, $AppName, 'Username does not exist or not able to communicate with ' & @LogonDomain, 8)
                        GUICtrlSetData($Status, "Ready")
                        ExitLoop
                    EndIf

Edit: Nevermind you already answered my question. "Use _AD_GetObjectsInOU"

Thanks a bunch.

Edited January 26, 2011 by EndFunc

[water]

If you just want to know if a user already exists you can use _AD_ObjectExists($sUserName).

Another nice feature of AD is the ANR (Ambigous Name Resolution).

Given "ANR=name" it searches multiple attributes for "name" (GivenName, Surname, displayName, LegacyExchangeDN, msExchMailNickname, RDN, physicalDeliveryOfficeName, proxyAddress, sAMAccountName).

Please see the example script for _AD_ObjectExists (Example 3) or M$.

Edited January 27, 2011 by water

[RogFleming]

Example script simple enough, the lastLogonTimestamp comes back blank, I trying to get this down with one pull.

_AD_OPEN()
$tstoumembers = _AD_GetObjectsInOU("OU=Common Desktop ARL,OU=ARL,OU=THR Workstations,DC=txhealth,DC=org", "(&(objectcategory=computer)(objectclass=computer))", 2, "distinguishedName,lastLogonTimestamp"); searches the OU PCs
_AD_CLOSE()
_Arraydisplay($tstoumembers)
Exit

Reviewing the _AD_GETObjectProperties function seems this is where you are handling the time/date stuff.

If $oAD_Item.Name = "pwdLastSet" Or $oAD_Item.Name = "accountExpires" Or $oAD_Item.Name = "lastLogonTimestamp" Or $oAD_Item.Name = "badPasswordTime" Or $oAD_Item.Name = "lastLogon" Or $oAD_Item.Name = "lockoutTime" Then
If $vAD_PropertyValue.LargeInteger.LowPart = 0 And $vAD_PropertyValue.LargeInteger.HighPart = 0 Then
$aAD_ObjectProperties[$iCount3][1] = "1601/01/01 00:00:00"
Else
Local $sAD_Temp = DllStructCreate("dword low;dword high")
DllStructSetData($sAD_Temp, "Low", $vAD_PropertyValue.LargeInteger.LowPart)
DllStructSetData($sAD_Temp, "High", $vAD_PropertyValue.LargeInteger.HighPart)
Local $sAD_Temp2 = _Date_Time_FileTimeToSystemTime(DllStructGetPtr($sAD_Temp))
Local $sAD_Temp3 = _Date_Time_SystemTimeToTzSpecificLocalTime(DllStructGetPtr($sAD_Temp2))
$aAD_ObjectProperties[$iCount3][1] = _Date_Time_SystemTimeToDateTimeStr($sAD_Temp3, 1)
EndIf

[water]

No function of the AD UDF does any "decoding" of the data - except _AD_GetObjectProperties.

The LastLogon property is returned as "a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC)".

The LastLogonTimeStamp is similar. A good description of both can be found her.

The best way to get an accurate information about the last logon is to use function _AD_GetLastLoginDate.

[FernandG]

Hi all,

I can't use the command _AD_DeleteObject in :

- "CN=Builtin," & $sAD_DNSDomain Or

- "CN=Users," & $sAD_DNSDomain

I have the @error "-2147352567" ? Why ? CN=(Builtin|Users) ?

Elsewhere, i have no problem. Example :

- "OU=Temp," & $sAD_DNSDomain

Thanks.

P.S. : Last version of AD.au3 & AutoIt

Edited February 9, 2011 by FernandG