water

Active Directory UDF

1,433 posts in this topic

Thank you for this helpful link... :D

That's the way it seems to be... :huggles:

Share this post


Link to post
Share on other sites



Why do you query this group? What information do you want to get?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Nothing very special...

First, it was a bit strange and confusing to me:

Querying group members for "Domain Users" = empty,

querying member's groups = "Domain Users" present.

Second, the function I used before lists all group members for "Domain Users".

But as the linked forum post explained: This is normal... :D

Share this post


Link to post
Share on other sites

Hi Water,

can you provide me the modified _AD_GetObjectProperties()-function

which returns readable GUIDs and SIDs?

Greets,

-supersonic.

Share this post


Link to post
Share on other sites

You've done a brilliant job on this sir, thanks for the effort!

Share this post


Link to post
Share on other sites

#46 ·  Posted (edited)

I'm glad you like it!

But it mainly the effort of Jonathan Clelland. I just brushed it up and extended it a bit.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

It's still hugely impressive - many thanks to you and Jonathan Clelland for all the work.

I've just been raking through the list of examples and they all work beautifully. I've got a big project away to start which will require a lot of AD integration and querying so this just saved me a huge chunk of time.

Nice one fella. :D

Share this post


Link to post
Share on other sites

Hi JonnyThunder,

please wait a few minutes before you start with your project.

There might be some script breaking changes in the next version. Some functions use "ByRef" to return data but most of the functions don't.

I think about removing the "ByRef" so the calls to the functions might change.

I'm going to do some performance checks and if there is little difference then I'm going to change it.

I'll keep you informed.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi Water,

thank you for V0.34. Good job! :D

When I query 300+ users by _AD_GetObjectProperties() the script stops with an:

!>17:17:07 AutoIT3.exe ended.rc:-1073741819

... error. Without _AD_GetObjectProperties() the scripts runs fine.

Maybe it is the user count; querying 10-20 works without errors...

Putting Sleep(0100) somewhere between doesn't help...

Any ideas about this?

Greets,

-supersonic.

Share this post


Link to post
Share on other sites

That's quite odd - we have 6000 or so users and it works fine for me.

Water : nice one, I'll keep an eye on this page for updates!

Share this post


Link to post
Share on other sites

#51 ·  Posted (edited)

JonnyThunder,

if it works fine for you... Maybe you - or somebody else - can help me or give me a clue:

At first I run a query like this to get all users (and some of their attributes):

_AD_GetObjectsInOU($aTmp1, $GUICtrlRead, "(&(objectCategory=user))", 2, _ArrayToString($aADQAttributes, ",", 1, 0), "")

After that I would like to get some "encoded" attributes of each user:

Local aADQAttributes ; An one-based array of attributes. If there is a match, the value will be returned to $aTmp2.
Local $aTmp2
_AD_InjectObjectProperties($aTmp2, $aADQAttributes, _AD_FQDNToSamAccountName($aTmp1[$i][1]))
.
.
.
Func _AD_InjectObjectProperties(ByRef $iArr1, ByRef Const $iArr2, $iStr = "")
    Local $aAttr[7] = ["accountExpires", "badPasswordTime", "lastLogon", "lastLogonTimestamp", "objectGUID", "objectSID", "pwdLastSet"]
    Local $aProp    = _AD_GetObjectProperties($iStr)
    If @error <> 1 Then
        For $i = 0 To UBound($aAttr) - 1 Step 1
            Local $vTmp1 = _ArraySearch($iArr2, $aAttr[$i], 1, 0, 0, 0, 1, 0)
            If $vTmp1 > 0 Then
                Local $vTmp2 = _ArraySearch($aProp, $aAttr[$i], 1, 0, 0, 0, 1, 0)
                If $vTmp2 > 0 Then
                    $iArr1[$vTmp1 - 2] = $aProp[$vTmp2][1] ; Less array index and hidden/invisible attribute. "Something" special; please ignore...
                EndIf
            EndIf
        Next
    EndIf
EndFunc

Maybe the code isn't very good!? Could someone provide a better example?

Greets,

-supersonic.

Edited by supersonic

Share this post


Link to post
Share on other sites

#52 ·  Posted (edited)

Sounds strange: If I convert your returncode to hex I get 0xC0000005. Google returns some very strange results on that.

Where (is the line number in your script or somewhere in the AD UDF) do you get this error?

I've modified _AD_GetObjectProperties so you can specify which attributes to return in a comma seprated list.

So

$aProperties = _AD_GetObjectProperties(@UserName,"accountExpires, badPasswordTime, lastLogon, lastLogonTimestamp, objectGUID, objectSID, pwdLastSet")
should do the trick.

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_GetObjectProperties
; Description ...: Returns a two-dimensional array with all properties and their values of an object in readable form.
; Syntax.........: _AD_GetObjectProperties([$sAD_Object = @UserName[, $sAD_Attributes = ""]])
; Parameters ....: $sAD_Object - Optional: SamAccountName or FQDN of the object to get the attributes from (e.g. computer, user, group ...) (default = @Username)
;   $sAD_Attributes - Optional: Comma separated list of attributes to return (default = "" = return all attributes)
; Return values .: Success - Returns a two-dimensional array with all properties and their values of an object in readable form
;   Failure - 0 or property name, sets @error to:
;   |1 - $sAD_Object could not be found
;   |2 - No attributes for the specified property. The property is returned as the functions result
; Author ........: Sundance
; Modified.......: Thomas Rupp
; Remarks .......: Dates are returned in format: YYYY/MM/DD HH:MM:SS
;   NT Security Descriptors are returned as: Control:nn, Group:Domain\Group, Owner:Domain\Group, Revision:nn
;   No error is returned if there are attributes in $sAD_Attributes that are not available for the selected object
; Related .......:
; Link ..........: http://www.autoitscript.com/forum/index.php?showtopic=49627&view=findpost&p=422402, http://msdn.microsoft.com/en-us/library/ms675090(VS.85).aspx
; Example .......: Yes
; ===============================================================================================================================
Func _AD_GetObjectProperties($sAD_Object = @UserName, $sAD_Attributes = "")

    Local $aAD_ObjectProperties[1][2]
    Local $sAD_Query, $oAD_Item, $oAD_PropertyEntry, $oAD_Value, $iCount3, $xAD_Dummy
    ; Data Type Mapping between Active Directory and LDAP
    ; http://msdn.microsoft.com/en-us/library/aa772375(VS.85).aspx
    Local Const $ADSTYPE_DN_STRING = 1
    Local Const $ADSTYPE_CASE_IGNORE_STRING = 3
    Local Const $ADSTYPE_BOOLEAN = 6
    Local Const $ADSTYPE_INTEGER = 7
    Local Const $ADSTYPE_OCTET_STRING = 8
    Local Const $ADSTYPE_UTC_TIME = 9
    Local Const $ADSTYPE_LARGE_INTEGER = 10
    Local Const $ADSTYPE_NT_SECURITY_DESCRIPTOR = 25
    Local Const $ADSTYPE_UNKNOWN = 26
    Local $aAD_SAMAccountType[12][2] = [["DOMAIN_OBJECT", 0x0],["GROUP_OBJECT", 0x10000000],["NON_SECURITY_GROUP_OBJECT", 0x10000001], _
            ["ALIAS_OBJECT", 0x20000000],["NON_SECURITY_ALIAS_OBJECT", 0x20000001],["USER_OBJECT", 0x30000000],["NORMAL_USER_ACCOUNT", 0x30000000], _
            ["MACHINE_ACCOUNT", 0x30000001],["TRUST_ACCOUNT", 0x30000002],["APP_BASIC_GROUP", 0x40000000],["APP_QUERY_GROUP", 0x40000001], _
            ["ACCOUNT_TYPE_MAX", 0x7fffffff]]
    Local $aAD_UAC[21][2] = [[0x00000001, "SCRIPT"],[0x00000002, "ACCOUNTDISABLE"],[0x00000008, "HOMEDIR_REQUIRED"],[0x00000010, "LOCKOUT"],[0x00000020, "PASSWD_NOTREQD"], _
            [0x00000040, "PASSWD_CANT_CHANGE"],[0x00000080, "ENCRYPTED_TEXT_PASSWORD_ALLOWED"],[0x00000100, "TEMP_DUPLICATE_ACCOUNT"],[0x00000200, "NORMAL_ACCOUNT"], _
            [0x00000800, "INTERDOMAIN_TRUST_ACCOUNT"],[0x00001000, "WORKSTATION_TRUST_ACCOUNT"],[0x00002000, "SERVER_TRUST_ACCOUNT"],[0x00010000, "DONT_EXPIRE_PASSWD"], _
            [0x00020000, "MNS_LOGON_ACCOUNT"],[0x00040000, "SMARTCARD_REQUIRED"],[0x00080000, "TRUSTED_FOR_DELEGATION"],[0x00100000, "NOT_DELEGATED"], _
            [0x00200000, "USE_DES_KEY_ONLY"],[0x00400000, "DONT_REQUIRE_PREAUTH"],[0x00800000, "PASSWORD_EXPIRED"],[0x01000000, "TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION"]]

    If _AD_ObjectExists($sAD_Object) = 0 Then Return SetError(1, 0, 0)
    $sAD_Attributes = "," & StringReplace($sAD_Attributes, " ", "" ) & ","
    Local $sAD_Property = "sAMAccountName"
    If StringMid($sAD_Object, 3, 1) = "=" Then $sAD_Property = "distinguishedName"; FQDN provided
    $sAD_Query = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(" & $sAD_Property & "=" & $sAD_Object & ");ADsPath;subtree"
    Local $oAD_RecordSet = $oAD_Connection.Execute($sAD_Query) ; Retrieve the FQDN for the object
    Local $sAD_LDAPEntry = $oAD_RecordSet.fields(0).value
    Local $oAD_Object = _AD_ObjGet($sAD_LDAPEntry) ; Retrieve the COM Object
    $oAD_Object.GetInfo()
    Local $iCount1 = $oAD_Object.PropertyCount()
    For $iCount2 = 0 To $iCount1 - 1
        $oAD_Item = $oAD_Object.Item($iCount2)
        ; Falls der Wert in der AttributListe vorkommt, dann weiterverarbeiten, sonst ContinueLoop
        If Not ($sAD_Attributes = ",," Or StringInStr($sAD_Attributes,"," & $oAD_Item.Name & ",") > 0) Then ContinueLoop
        $oAD_PropertyEntry = $oAD_Object.GetPropertyItem($oAD_Item.Name, $ADSTYPE_UNKNOWN)
        If IsObj($oAD_PropertyEntry) = 0 Then
            Return SetError (2, 0, $oAD_Item.Name)
        Else
            For $vAD_PropertyValue In $oAD_PropertyEntry.Values
                ReDim $aAD_ObjectProperties[UBound($aAD_ObjectProperties, 1) + 1][2]
                $iCount3 = UBound($aAD_ObjectProperties, 1) - 1
                $aAD_ObjectProperties[$iCount3][0] = $oAD_Item.Name
                If $oAD_Item.ADsType = $ADSTYPE_CASE_IGNORE_STRING Then
                    $aAD_ObjectProperties[$iCount3][1] = $vAD_PropertyValue.CaseIgnoreString
                ElseIf $oAD_Item.ADsType = $ADSTYPE_INTEGER Then
                    If $oAD_Item.Name = "sAMAccountType" Then
                        For $iCount4 = 0 To 11
                            If $vAD_PropertyValue.Integer = $aAD_SAMAccountType[$iCount4][1] Then
                                $aAD_ObjectProperties[$iCount3][1] = $aAD_SAMAccountType[$iCount4][0]
                                ExitLoop
                            EndIf
                        Next
                    ElseIf $oAD_Item.Name = "userAccountControl" Then
                        $aAD_ObjectProperties[$iCount3][1] = $vAD_PropertyValue.Integer & " = "
                        For $iCount4 = 0 To 20
                            If BitAND($vAD_PropertyValue.Integer, $aAD_UAC[$iCount4][0]) = $aAD_UAC[$iCount4][0] Then
                                $aAD_ObjectProperties[$iCount3][1] &= $aAD_UAC[$iCount4][1] & " - "
                            EndIf
                        Next
                        If StringRight($aAD_ObjectProperties[$iCount3][1], 3) = " - " Then $aAD_ObjectProperties[$iCount3][1] = StringTrimRight($aAD_ObjectProperties[$iCount3][1], 3)
                    Else
                        $aAD_ObjectProperties[$iCount3][1] = $vAD_PropertyValue.Integer
                    EndIf
                ElseIf $oAD_Item.ADsType = $ADSTYPE_LARGE_INTEGER Then
                    If $oAD_Item.Name = "pwdLastSet" Or $oAD_Item.Name = "accountExpires" Or $oAD_Item.Name = "lastLogonTimestamp" Or $oAD_Item.Name = "badPasswordTime" Or $oAD_Item.Name = "lastLogon" Then
                        $aAD_ObjectProperties[$iCount3][1] = _DateAdd("s", Int(_AD_LargeInt2Double($vAD_PropertyValue.LargeInteger.LowPart, $vAD_PropertyValue.LargeInteger.HighPart) / (10000000)), "1601/01/01 00:00:00")
                    Else
                        $aAD_ObjectProperties[$iCount3][1] = _AD_LargeInt2Double($vAD_PropertyValue.LargeInteger.LowPart, $vAD_PropertyValue.LargeInteger.HighPart)
                    EndIf
                ElseIf $oAD_Item.ADsType = $ADSTYPE_OCTET_STRING Then
                    $xAD_Dummy = DllStructCreate("byte[56]")
                    DllStructSetData($xAD_Dummy, 1, $vAD_PropertyValue.OctetString)
                    ; objectSID etc. See: http://msdn.microsoft.com/en-us/library/aa379597(VS.85).aspx
                    ; objectGUID etc. See: http://www.autoitscript.com/forum/index.php?showtopic=106163&view=findpost&p=767558
                    If _Security__IsValidSid(DllStructGetPtr($xAD_Dummy)) Then
                        $aAD_ObjectProperties[$iCount3][1] = _Security__SidToStringSid(DllStructGetPtr($xAD_Dummy)) ; SID
                    Else
                        $aAD_ObjectProperties[$iCount3][1] = _WinAPI_StringFromGUID(DllStructGetPtr($xAD_Dummy)) ; GUID
                    EndIf
                ElseIf $oAD_Item.ADsType = $ADSTYPE_DN_STRING Then
                    $aAD_ObjectProperties[$iCount3][1] = $vAD_PropertyValue.DNString
                ElseIf $oAD_Item.ADsType = $ADSTYPE_UTC_TIME Then
                    Local $iAD_DateTime = $vAD_PropertyValue.UTCTime
                    $aAD_ObjectProperties[$iCount3][1] = StringLeft($iAD_DateTime, 4) & "/" & StringMid($iAD_DateTime, 5, 2) & "/" & StringMid($iAD_DateTime, 7, 2) & _
                            " " & StringMid($iAD_DateTime, 9, 2) & ":" & StringMid($iAD_DateTime, 11, 2) & ":" & StringMid($iAD_DateTime, 13, 2)
                ElseIf $oAD_Item.ADsType = $ADSTYPE_BOOLEAN Then
                    If $vAD_PropertyValue.Boolean = 0 Then
                        $aAD_ObjectProperties[$iCount3][1] = "False"
                    Else
                        $aAD_ObjectProperties[$iCount3][1] = "True"
                    EndIf
                ElseIf $oAD_Item.ADsType = $ADSTYPE_NT_SECURITY_DESCRIPTOR Then
                    $oAD_Value = $vAD_PropertyValue.SecurityDescriptor
                    $aAD_ObjectProperties[$iCount3][1] = "Control:" & $oAD_Value.Control & ", " & _
                            "Group:" & $oAD_Value.Group & ", " & _
                            "Owner:" & $oAD_Value.Owner & ", " & _
                            "Revision:" & $oAD_Value.Revision
                Else
                    $aAD_ObjectProperties[$iCount3][1] = "Has the unknown Type: " & $oAD_Item.ADsType
                EndIf
            Next
        EndIf
    Next
    $aAD_ObjectProperties[0][0] = UBound($aAD_ObjectProperties, 1) - 1
    _ArraySort($aAD_ObjectProperties, 0, 1)
    Return $aAD_ObjectProperties

EndFunc ;==>_AD_GetObjectProperties

BTW: Could we move discussions of errors in user scripts to the "General help and Support" forum? I've opened a thread there.

This thread I would like to reserve for announcements and discussions of new functions.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi Water,

I've switched over to the "General Help and Support" thread... :D

Greets,

-supersonic.

Share this post


Link to post
Share on other sites

Hi Water,

AD.au3 uses the functions _Security__IsValidSid(), _Security__SidToStringSid() and _WinAPI_StringFromGUID().

They are part of Security.au3 and WinAPI.au3. Make it sense to you to #include them in AD.au3?

Greets,

-supersonic.

Share this post


Link to post
Share on other sites

Hi supersonic,

this is already included via date.au3.

I was wondering how the example scripts would have been working otherwise.

water


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I Can say one thing:

THANKS for this great UDF!

PS: I recommend this to add to the "included with installation" UDF

Tom


[font="Comic Sans MS"][size="4"]My UDF's:[/size]1. _ChooseIconAnd this is just the beginning[/font]

Share this post


Link to post
Share on other sites

Hi TomV,

glad you like the UDF.

I try to get it included with the standard AutoIt installation as soon as we've reached version 1.0.

That means function freeze and some successful tests of people who have write access to their AD. Some Exchange related functions will come in the next few weeks.

I've already tried to contact the maintainer of the UDFs but didn't get any response 'til now.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Ok, what do you need to have for that, i'll test it.

Any screenshots? Vids?

Tom


[font="Comic Sans MS"][size="4"]My UDF's:[/size]1. _ChooseIconAnd this is just the beginning[/font]

Share this post


Link to post
Share on other sites

Hi TomV,

just a bit of testing. I can't test the functions that modify the AD (I onyl have read access). If you like you could run the example scripts that alter the AD and report any problems you see.

Please be careful and use a test environment!

Thanks!

water


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi Jaymac,

thanks for your reply!

You don't have to run the AD.au3 :D That's the UDF itself which is called by all the other example scripts.

But I think it's a good idea to add a readme.txt file that explains how to install the UDF and the associated files.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • water
      ADCU - Active Directory Compare Users
      By water
      ADCU displays two Active Directory users and their group membership in two listviews. You can filter and export the data to Excel, Outlook mail and the clipboard.
      Before running the script you need to change file AD-Tools.ini and function _Check_Access in AD-Tools_User.au3.
      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
      Needs to be run with the latest AutoIt production version (>= 3.3.12.0).
      Needs to be run with the latest version of the AD UDF (>= 1.4.2.0).
    • water
      ADCG - Active Directory Compare Groups
      By water
      ADCG displays two Active Directory groups and their direct members in two listviews. You can filter and export the data to Excel, Outlook mail and the clipboard.
      Before running the script you need to change file AD-Tools.ini and function _Check_Access in AD-Tools_User.au3.
      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
      Needs to be run with the latest AutoIt production version (>= 3.3.12.0).
      Needs to be run with the latest version of the AD UDF (>= 1.4.2.0).
    • DavidLago
      Trying to dev a script to calculate Active Directory Authentication Time
      By DavidLago
      Hello. 
      I have 5 DCs, and I need to create a scheduled task to run a script that will test the authentication time for each one of them, once every minute. (Then I'll use it within a log analyser to create graphics).
      I came up with a script using the great AD UDF (by water). First I tried using "for" and an array, but something was messing up the results, then I went for the dumb old fashioned way:
      #Include <ad.au3> #include <MsgBoxConstants.au3> Global $AdTestTime = "" Global $Timer1, $Timer2, $Timer3, $Timer4, $Timer5 = "" Global $sAD1 = "MYSERVER109" Global $sAD2 = "MYSERVER110" Global $sAD3 = "MYSERVER111" Global $sAD4 = "MYSERVER112" Global $sAD5 = "MYSERVER113" $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2 = Timerinit() _AD_Open("", "", $sAD2) _AD_Close() Local $fDiff2 = TimerDiff($Timer2) $Timer3 = Timerinit() _AD_Open("", "", $sAD3) _AD_Close() Local $fDiff3 = TimerDiff($Timer3) $Timer4 = Timerinit() _AD_Open("", "", $sAD4) _AD_Close() Local $fDiff4 = TimerDiff($Timer4) $Timer5 = Timerinit() _AD_Open("", "", $sAD5) _AD_Close() Local $fDiff5 = TimerDiff($Timer5) MsgBox(0,"", "MYSERVER109=" & $fDiff1) MsgBox(0,"", "MYSERVER110=" & $fDiff2) MsgBox(0,"", "MYSERVER111=" & $fDiff3) MsgBox(0,"", "MYSERVER112=" & $fDiff4) MsgBox(0,"", "MYSERVER113=" & $fDiff5) Still, something is off here. 
      The first AD to be tested is always the slowest one, by far, like 20 times slower. Then I started to suspect that the first one starts the "negotiation", and the following ones ride the gravy train.
      If I repeat the first code twice, All servers seem to have a similar result.
      $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2.... Am I right?
      Also, is there a better way to test the authentication time?
      Thanks for the help.
      - Dave
    • water
      AD - Active Directory UDF
      By water
      Extensive library to control and manipulate Microsoft Active Directory.

      Threads: Development - General Help & Support - Example Scripts - Wiki

      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
    • water
      Active Directory UDF - Help & Support (III)
      By water
      As the Active Directory UDF - Help & Support thread has grown too big, I start a new one.
      The original thread can be found here.