water

Active Directory UDF

1,359 posts in this topic

#41 ·  Posted

Thank you for this helpful link... :D

That's the way it seems to be... :huggles:

Share this post


Link to post
Share on other sites



#42 ·  Posted

Why do you query this group? What information do you want to get?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2015-10-12 - Version 1.4.3.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-01-07 - Version 1.1.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

Share this post


Link to post
Share on other sites

#43 ·  Posted

Nothing very special...

First, it was a bit strange and confusing to me:

Querying group members for "Domain Users" = empty,

querying member's groups = "Domain Users" present.

Second, the function I used before lists all group members for "Domain Users".

But as the linked forum post explained: This is normal... :D

Share this post


Link to post
Share on other sites

#44 ·  Posted

Hi Water,

can you provide me the modified _AD_GetObjectProperties()-function

which returns readable GUIDs and SIDs?

Greets,

-supersonic.

Share this post


Link to post
Share on other sites

#45 ·  Posted

You've done a brilliant job on this sir, thanks for the effort!

Share this post


Link to post
Share on other sites

#46 ·  Posted (edited)

I'm glad you like it!

But it mainly the effort of Jonathan Clelland. I just brushed it up and extended it a bit.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2015-10-12 - Version 1.4.3.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-01-07 - Version 1.1.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

Share this post


Link to post
Share on other sites

#47 ·  Posted

It's still hugely impressive - many thanks to you and Jonathan Clelland for all the work.

I've just been raking through the list of examples and they all work beautifully. I've got a big project away to start which will require a lot of AD integration and querying so this just saved me a huge chunk of time.

Nice one fella. :D

Share this post


Link to post
Share on other sites

#48 ·  Posted

Hi JonnyThunder,

please wait a few minutes before you start with your project.

There might be some script breaking changes in the next version. Some functions use "ByRef" to return data but most of the functions don't.

I think about removing the "ByRef" so the calls to the functions might change.

I'm going to do some performance checks and if there is little difference then I'm going to change it.

I'll keep you informed.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2015-10-12 - Version 1.4.3.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-01-07 - Version 1.1.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

Share this post


Link to post
Share on other sites

#49 ·  Posted

Hi Water,

thank you for V0.34. Good job! :D

When I query 300+ users by _AD_GetObjectProperties() the script stops with an:

!>17:17:07 AutoIT3.exe ended.rc:-1073741819

... error. Without _AD_GetObjectProperties() the scripts runs fine.

Maybe it is the user count; querying 10-20 works without errors...

Putting Sleep(0100) somewhere between doesn't help...

Any ideas about this?

Greets,

-supersonic.

Share this post


Link to post
Share on other sites

#50 ·  Posted

That's quite odd - we have 6000 or so users and it works fine for me.

Water : nice one, I'll keep an eye on this page for updates!

Share this post


Link to post
Share on other sites

#51 ·  Posted (edited)

JonnyThunder,

if it works fine for you... Maybe you - or somebody else - can help me or give me a clue:

At first I run a query like this to get all users (and some of their attributes):

_AD_GetObjectsInOU($aTmp1, $GUICtrlRead, "(&(objectCategory=user))", 2, _ArrayToString($aADQAttributes, ",", 1, 0), "")

After that I would like to get some "encoded" attributes of each user:

Local aADQAttributes ; An one-based array of attributes. If there is a match, the value will be returned to $aTmp2.
Local $aTmp2
_AD_InjectObjectProperties($aTmp2, $aADQAttributes, _AD_FQDNToSamAccountName($aTmp1[$i][1]))
.
.
.
Func _AD_InjectObjectProperties(ByRef $iArr1, ByRef Const $iArr2, $iStr = "")
    Local $aAttr[7] = ["accountExpires", "badPasswordTime", "lastLogon", "lastLogonTimestamp", "objectGUID", "objectSID", "pwdLastSet"]
    Local $aProp    = _AD_GetObjectProperties($iStr)
    If @error <> 1 Then
        For $i = 0 To UBound($aAttr) - 1 Step 1
            Local $vTmp1 = _ArraySearch($iArr2, $aAttr[$i], 1, 0, 0, 0, 1, 0)
            If $vTmp1 > 0 Then
                Local $vTmp2 = _ArraySearch($aProp, $aAttr[$i], 1, 0, 0, 0, 1, 0)
                If $vTmp2 > 0 Then
                    $iArr1[$vTmp1 - 2] = $aProp[$vTmp2][1] ; Less array index and hidden/invisible attribute. "Something" special; please ignore...
                EndIf
            EndIf
        Next
    EndIf
EndFunc

Maybe the code isn't very good!? Could someone provide a better example?

Greets,

-supersonic.

Edited by supersonic

Share this post


Link to post
Share on other sites

#52 ·  Posted (edited)

Sounds strange: If I convert your returncode to hex I get 0xC0000005. Google returns some very strange results on that.

Where (is the line number in your script or somewhere in the AD UDF) do you get this error?

I've modified _AD_GetObjectProperties so you can specify which attributes to return in a comma seprated list.

So

$aProperties = _AD_GetObjectProperties(@UserName,"accountExpires, badPasswordTime, lastLogon, lastLogonTimestamp, objectGUID, objectSID, pwdLastSet")
should do the trick.

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_GetObjectProperties
; Description ...: Returns a two-dimensional array with all properties and their values of an object in readable form.
; Syntax.........: _AD_GetObjectProperties([$sAD_Object = @UserName[, $sAD_Attributes = ""]])
; Parameters ....: $sAD_Object - Optional: SamAccountName or FQDN of the object to get the attributes from (e.g. computer, user, group ...) (default = @Username)
;   $sAD_Attributes - Optional: Comma separated list of attributes to return (default = "" = return all attributes)
; Return values .: Success - Returns a two-dimensional array with all properties and their values of an object in readable form
;   Failure - 0 or property name, sets @error to:
;   |1 - $sAD_Object could not be found
;   |2 - No attributes for the specified property. The property is returned as the functions result
; Author ........: Sundance
; Modified.......: Thomas Rupp
; Remarks .......: Dates are returned in format: YYYY/MM/DD HH:MM:SS
;   NT Security Descriptors are returned as: Control:nn, Group:Domain\Group, Owner:Domain\Group, Revision:nn
;   No error is returned if there are attributes in $sAD_Attributes that are not available for the selected object
; Related .......:
; Link ..........: http://www.autoitscript.com/forum/index.php?showtopic=49627&view=findpost&p=422402, http://msdn.microsoft.com/en-us/library/ms675090(VS.85).aspx
; Example .......: Yes
; ===============================================================================================================================
Func _AD_GetObjectProperties($sAD_Object = @UserName, $sAD_Attributes = "")

    Local $aAD_ObjectProperties[1][2]
    Local $sAD_Query, $oAD_Item, $oAD_PropertyEntry, $oAD_Value, $iCount3, $xAD_Dummy
    ; Data Type Mapping between Active Directory and LDAP
    ; http://msdn.microsoft.com/en-us/library/aa772375(VS.85).aspx
    Local Const $ADSTYPE_DN_STRING = 1
    Local Const $ADSTYPE_CASE_IGNORE_STRING = 3
    Local Const $ADSTYPE_BOOLEAN = 6
    Local Const $ADSTYPE_INTEGER = 7
    Local Const $ADSTYPE_OCTET_STRING = 8
    Local Const $ADSTYPE_UTC_TIME = 9
    Local Const $ADSTYPE_LARGE_INTEGER = 10
    Local Const $ADSTYPE_NT_SECURITY_DESCRIPTOR = 25
    Local Const $ADSTYPE_UNKNOWN = 26
    Local $aAD_SAMAccountType[12][2] = [["DOMAIN_OBJECT", 0x0],["GROUP_OBJECT", 0x10000000],["NON_SECURITY_GROUP_OBJECT", 0x10000001], _
            ["ALIAS_OBJECT", 0x20000000],["NON_SECURITY_ALIAS_OBJECT", 0x20000001],["USER_OBJECT", 0x30000000],["NORMAL_USER_ACCOUNT", 0x30000000], _
            ["MACHINE_ACCOUNT", 0x30000001],["TRUST_ACCOUNT", 0x30000002],["APP_BASIC_GROUP", 0x40000000],["APP_QUERY_GROUP", 0x40000001], _
            ["ACCOUNT_TYPE_MAX", 0x7fffffff]]
    Local $aAD_UAC[21][2] = [[0x00000001, "SCRIPT"],[0x00000002, "ACCOUNTDISABLE"],[0x00000008, "HOMEDIR_REQUIRED"],[0x00000010, "LOCKOUT"],[0x00000020, "PASSWD_NOTREQD"], _
            [0x00000040, "PASSWD_CANT_CHANGE"],[0x00000080, "ENCRYPTED_TEXT_PASSWORD_ALLOWED"],[0x00000100, "TEMP_DUPLICATE_ACCOUNT"],[0x00000200, "NORMAL_ACCOUNT"], _
            [0x00000800, "INTERDOMAIN_TRUST_ACCOUNT"],[0x00001000, "WORKSTATION_TRUST_ACCOUNT"],[0x00002000, "SERVER_TRUST_ACCOUNT"],[0x00010000, "DONT_EXPIRE_PASSWD"], _
            [0x00020000, "MNS_LOGON_ACCOUNT"],[0x00040000, "SMARTCARD_REQUIRED"],[0x00080000, "TRUSTED_FOR_DELEGATION"],[0x00100000, "NOT_DELEGATED"], _
            [0x00200000, "USE_DES_KEY_ONLY"],[0x00400000, "DONT_REQUIRE_PREAUTH"],[0x00800000, "PASSWORD_EXPIRED"],[0x01000000, "TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION"]]

    If _AD_ObjectExists($sAD_Object) = 0 Then Return SetError(1, 0, 0)
    $sAD_Attributes = "," & StringReplace($sAD_Attributes, " ", "" ) & ","
    Local $sAD_Property = "sAMAccountName"
    If StringMid($sAD_Object, 3, 1) = "=" Then $sAD_Property = "distinguishedName"; FQDN provided
    $sAD_Query = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(" & $sAD_Property & "=" & $sAD_Object & ");ADsPath;subtree"
    Local $oAD_RecordSet = $oAD_Connection.Execute($sAD_Query) ; Retrieve the FQDN for the object
    Local $sAD_LDAPEntry = $oAD_RecordSet.fields(0).value
    Local $oAD_Object = _AD_ObjGet($sAD_LDAPEntry) ; Retrieve the COM Object
    $oAD_Object.GetInfo()
    Local $iCount1 = $oAD_Object.PropertyCount()
    For $iCount2 = 0 To $iCount1 - 1
        $oAD_Item = $oAD_Object.Item($iCount2)
        ; Falls der Wert in der AttributListe vorkommt, dann weiterverarbeiten, sonst ContinueLoop
        If Not ($sAD_Attributes = ",," Or StringInStr($sAD_Attributes,"," & $oAD_Item.Name & ",") > 0) Then ContinueLoop
        $oAD_PropertyEntry = $oAD_Object.GetPropertyItem($oAD_Item.Name, $ADSTYPE_UNKNOWN)
        If IsObj($oAD_PropertyEntry) = 0 Then
            Return SetError (2, 0, $oAD_Item.Name)
        Else
            For $vAD_PropertyValue In $oAD_PropertyEntry.Values
                ReDim $aAD_ObjectProperties[UBound($aAD_ObjectProperties, 1) + 1][2]
                $iCount3 = UBound($aAD_ObjectProperties, 1) - 1
                $aAD_ObjectProperties[$iCount3][0] = $oAD_Item.Name
                If $oAD_Item.ADsType = $ADSTYPE_CASE_IGNORE_STRING Then
                    $aAD_ObjectProperties[$iCount3][1] = $vAD_PropertyValue.CaseIgnoreString
                ElseIf $oAD_Item.ADsType = $ADSTYPE_INTEGER Then
                    If $oAD_Item.Name = "sAMAccountType" Then
                        For $iCount4 = 0 To 11
                            If $vAD_PropertyValue.Integer = $aAD_SAMAccountType[$iCount4][1] Then
                                $aAD_ObjectProperties[$iCount3][1] = $aAD_SAMAccountType[$iCount4][0]
                                ExitLoop
                            EndIf
                        Next
                    ElseIf $oAD_Item.Name = "userAccountControl" Then
                        $aAD_ObjectProperties[$iCount3][1] = $vAD_PropertyValue.Integer & " = "
                        For $iCount4 = 0 To 20
                            If BitAND($vAD_PropertyValue.Integer, $aAD_UAC[$iCount4][0]) = $aAD_UAC[$iCount4][0] Then
                                $aAD_ObjectProperties[$iCount3][1] &= $aAD_UAC[$iCount4][1] & " - "
                            EndIf
                        Next
                        If StringRight($aAD_ObjectProperties[$iCount3][1], 3) = " - " Then $aAD_ObjectProperties[$iCount3][1] = StringTrimRight($aAD_ObjectProperties[$iCount3][1], 3)
                    Else
                        $aAD_ObjectProperties[$iCount3][1] = $vAD_PropertyValue.Integer
                    EndIf
                ElseIf $oAD_Item.ADsType = $ADSTYPE_LARGE_INTEGER Then
                    If $oAD_Item.Name = "pwdLastSet" Or $oAD_Item.Name = "accountExpires" Or $oAD_Item.Name = "lastLogonTimestamp" Or $oAD_Item.Name = "badPasswordTime" Or $oAD_Item.Name = "lastLogon" Then
                        $aAD_ObjectProperties[$iCount3][1] = _DateAdd("s", Int(_AD_LargeInt2Double($vAD_PropertyValue.LargeInteger.LowPart, $vAD_PropertyValue.LargeInteger.HighPart) / (10000000)), "1601/01/01 00:00:00")
                    Else
                        $aAD_ObjectProperties[$iCount3][1] = _AD_LargeInt2Double($vAD_PropertyValue.LargeInteger.LowPart, $vAD_PropertyValue.LargeInteger.HighPart)
                    EndIf
                ElseIf $oAD_Item.ADsType = $ADSTYPE_OCTET_STRING Then
                    $xAD_Dummy = DllStructCreate("byte[56]")
                    DllStructSetData($xAD_Dummy, 1, $vAD_PropertyValue.OctetString)
                    ; objectSID etc. See: http://msdn.microsoft.com/en-us/library/aa379597(VS.85).aspx
                    ; objectGUID etc. See: http://www.autoitscript.com/forum/index.php?showtopic=106163&view=findpost&p=767558
                    If _Security__IsValidSid(DllStructGetPtr($xAD_Dummy)) Then
                        $aAD_ObjectProperties[$iCount3][1] = _Security__SidToStringSid(DllStructGetPtr($xAD_Dummy)) ; SID
                    Else
                        $aAD_ObjectProperties[$iCount3][1] = _WinAPI_StringFromGUID(DllStructGetPtr($xAD_Dummy)) ; GUID
                    EndIf
                ElseIf $oAD_Item.ADsType = $ADSTYPE_DN_STRING Then
                    $aAD_ObjectProperties[$iCount3][1] = $vAD_PropertyValue.DNString
                ElseIf $oAD_Item.ADsType = $ADSTYPE_UTC_TIME Then
                    Local $iAD_DateTime = $vAD_PropertyValue.UTCTime
                    $aAD_ObjectProperties[$iCount3][1] = StringLeft($iAD_DateTime, 4) & "/" & StringMid($iAD_DateTime, 5, 2) & "/" & StringMid($iAD_DateTime, 7, 2) & _
                            " " & StringMid($iAD_DateTime, 9, 2) & ":" & StringMid($iAD_DateTime, 11, 2) & ":" & StringMid($iAD_DateTime, 13, 2)
                ElseIf $oAD_Item.ADsType = $ADSTYPE_BOOLEAN Then
                    If $vAD_PropertyValue.Boolean = 0 Then
                        $aAD_ObjectProperties[$iCount3][1] = "False"
                    Else
                        $aAD_ObjectProperties[$iCount3][1] = "True"
                    EndIf
                ElseIf $oAD_Item.ADsType = $ADSTYPE_NT_SECURITY_DESCRIPTOR Then
                    $oAD_Value = $vAD_PropertyValue.SecurityDescriptor
                    $aAD_ObjectProperties[$iCount3][1] = "Control:" & $oAD_Value.Control & ", " & _
                            "Group:" & $oAD_Value.Group & ", " & _
                            "Owner:" & $oAD_Value.Owner & ", " & _
                            "Revision:" & $oAD_Value.Revision
                Else
                    $aAD_ObjectProperties[$iCount3][1] = "Has the unknown Type: " & $oAD_Item.ADsType
                EndIf
            Next
        EndIf
    Next
    $aAD_ObjectProperties[0][0] = UBound($aAD_ObjectProperties, 1) - 1
    _ArraySort($aAD_ObjectProperties, 0, 1)
    Return $aAD_ObjectProperties

EndFunc ;==>_AD_GetObjectProperties

BTW: Could we move discussions of errors in user scripts to the "General help and Support" forum? I've opened a thread there.

This thread I would like to reserve for announcements and discussions of new functions.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2015-10-12 - Version 1.4.3.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-01-07 - Version 1.1.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

Share this post


Link to post
Share on other sites

#53 ·  Posted

Hi Water,

I've switched over to the "General Help and Support" thread... :D

Greets,

-supersonic.

Share this post


Link to post
Share on other sites

#54 ·  Posted

Hi Water,

AD.au3 uses the functions _Security__IsValidSid(), _Security__SidToStringSid() and _WinAPI_StringFromGUID().

They are part of Security.au3 and WinAPI.au3. Make it sense to you to #include them in AD.au3?

Greets,

-supersonic.

Share this post


Link to post
Share on other sites

#55 ·  Posted

Hi supersonic,

this is already included via date.au3.

I was wondering how the example scripts would have been working otherwise.

water


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2015-10-12 - Version 1.4.3.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-01-07 - Version 1.1.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

Share this post


Link to post
Share on other sites

#56 ·  Posted

I Can say one thing:

THANKS for this great UDF!

PS: I recommend this to add to the "included with installation" UDF

Tom


[font="Comic Sans MS"][size="4"]My UDF's:[/size]1. _ChooseIconAnd this is just the beginning[/font]

Share this post


Link to post
Share on other sites

#57 ·  Posted

Hi TomV,

glad you like the UDF.

I try to get it included with the standard AutoIt installation as soon as we've reached version 1.0.

That means function freeze and some successful tests of people who have write access to their AD. Some Exchange related functions will come in the next few weeks.

I've already tried to contact the maintainer of the UDFs but didn't get any response 'til now.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2015-10-12 - Version 1.4.3.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-01-07 - Version 1.1.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

Share this post


Link to post
Share on other sites

#58 ·  Posted

Ok, what do you need to have for that, i'll test it.

Any screenshots? Vids?

Tom


[font="Comic Sans MS"][size="4"]My UDF's:[/size]1. _ChooseIconAnd this is just the beginning[/font]

Share this post


Link to post
Share on other sites

#59 ·  Posted

Hi TomV,

just a bit of testing. I can't test the functions that modify the AD (I onyl have read access). If you like you could run the example scripts that alter the AD and report any problems you see.

Please be careful and use a test environment!

Thanks!

water


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2015-10-12 - Version 1.4.3.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-01-07 - Version 1.1.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

Share this post


Link to post
Share on other sites

#60 ·  Posted

Hi Jaymac,

thanks for your reply!

You don't have to run the AD.au3 :D That's the UDF itself which is called by all the other example scripts.

But I think it's a good idea to add a readme.txt file that explains how to install the UDF and the associated files.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2015-10-12 - Version 1.4.3.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2016-01-07 - Version 1.1.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • Robdog1955
      Stale Computer Search Yields Computers That Do Not Exist In Active Directory
      By Robdog1955
      I have a script to search Active Directory for stale computers within a given OU. The search yields computer names that do not exist in Active Directory. Could mixed mode Active Directory be causing this? I've included a portion of my script to show that it is probably not a problem with the script. However, since I am using AutoIt to do the search I thought I should post my question here.
      _AD_Open() For $iLine_Count = 1 to $iNumber_Of_Lines $sOU = FileReadLine($sOU_List, $iLine_Count) $aComputers = _AD_GetObjectsInOU($sOU, "(objectclass=computer)", 2, "name") For $iCount = 0 To UBound($aComputers, 1) - 1 $sSAM_Account_Name = $aComputers[$iCount] & "$" $sHostName = StringTrimRight($sSAM_Account_Name, 1) $sLast_Logon_Date = _AD_GetLastLoginDate($sSAM_Account_Name) $sYear = StringTrimRight($sLast_Logon_Date, 10) $sMonth = StringMid($sLast_Logon_Date, 5, 2) ; "string", start, count $sDay = StringMid($sLast_Logon_Date, 7, 2) If $sYear < 2015 Then If StringLen($sHostName) > 3 Then FileWriteLine($sStale_Host_List, $sHostName) EndIf Next Next _AD_Close()  
    • water
      ADAT - Active Directory Administration Tool
      By water
      ADAT is a tool to simplify common AD administration tasks. Every administration task has its own tab. It is easy to add new functions (tabs) to the tool. Some often used functions are already available: list users, computers, OUs. File ADAT.ini can be customized to hold the AD logon information if necessary.
    • Quantumation
      [RESOLVED]Can Autoit filter like Powershell?
      By Quantumation
      Is there a way to be able to filter like power can filter?
      Like the way this powershell script filters for instance:
      Import-Module ActiveDirectory
      Get-ADUser -Filter {EmailAddress -eq "$Usersemailaddress"}| Select-Object -ExpandProperty SamAccountName | Out-File C:\Users\"$env:username"\Desktop\email2samconversion.txt
       
      Goal is trying to get the SamAccountName by filtering with the email address of a user in AD.
      I have the AD.UDF but it only works with the Sam and the FQDN. i've tried running powershell in Autoit, but it takes at least 7 seconds to start Powershell>import the module>create the text file>read the text file>Delete the textfile from desktop>Display in Edit box in GUI. I'm wondering if there is a way to filter the search function of AD through autoit kind of like how Powershell does.
      i've not yet been able to powershell to run properly in Autoit either:
      I tried:
      Run(powershell -Command Import-Module ActiveDirectory | Get-ADUser -Filter {mail -eq "$UserEmail"} | Select-Object -ExpandProperty SamAccountName | Out-File C:\users\$env:username\desktop\SamaccountNametextfile.txt")
      But it keeps failing. I tried using ShellExecute as well and neither of them worked.
    • Quantumation
      [Resolved]How to sort _AD_GetUserGroups to import back into AD
      By Quantumation
      #RequireAdmin #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <AD.au3> #include <Array.au3> #include <GuiButton.au3> #include <String.au3> #Region ### START Koda GUI section ### Form= Global $Form1_1 = GUICreate("Get User Groups", 419, 501, -1, -1) Global $Username = GUICtrlCreateInput("", 176, 80, 121, 21) Global $Button1 = GUICtrlCreateButton("GetGroups", 24, 120, 75, 25) Global $Groups = GUICtrlCreateEdit("", 24, 168, 369, 313, BitOR($ES_AUTOVSCROLL,$ES_AUTOHSCROLL,$ES_WANTRETURN,$WS_VSCROLL)) GUICtrlSetData(-1, "") GUICtrlSetData(-1, "") Global $Label2 = GUICtrlCreateLabel("Copy and paste the text below and add it to the onboarding ticket.", 80, 40, 318, 17) Global $Cancel = GUICtrlCreateButton("Cancel", 312, 120, 75, 25) Global $Disable = GUICtrlCreateButton("Copy", 120, 120, 75, 25) Global $Expire = GUICtrlCreateButton("Expire", 216, 120, 75, 25) Global $Unique = GUICtrlCreateLabel("Unique Username", 56, 80, 89, 25) GUISetState(@SW_SHOW) WinActivate($Form1_1) _GUICtrlButton_Enable($Username) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button1 GroupArray() Case $Disable Copy() Case $Cancel Exit EndSwitch WEnd ;~ Functions Func GroupArray() _AD_Open() Global $Inputbox = GUICtrlRead($Username) If @error Then Exit MsgBox(16, "Active Directory", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended) ; Get a sorted array of group names (FQDN) that the user is immediately a member of Global $aUser = _AD_GetUserGroups($Inputbox) If @error > 0 Then MsgBox(64, "Active Directory Function", "User '" & $Inputbox & "' has not been assigned to any group or cannot be found.") Else _ArraySort($aUser, 0, 1) $sString = _ArrayToString($aUser, "; ") Global $sorted = _StringBetween($sString, "CN=", ",") Global $Format = _ArrayToString($sorted, "; ") Guictrlsetdata($Groups, $Format) EndIf ; Close Connection to the Active Directory _AD_Close() EndFunc ;==>GroupArray Func Copy() $copy = GUICtrlRead($groups) ClipPut($copy) EndFunc I've found this to be very useful but It only shows the names of the groups in FDQN format.
      In order to import multiple groups back into AD The have to be formatted like so:
      Domain users; Finance; Domain Admins;
      This allows you to copy and paste that back into an AD account where you need add multiple groups to one user.
      I've written something to clean it up a bit but i'm new to autoit. I just started like 2 weeks ago and i'm not sure how to sort info. The script i've written allows you to take the appropriate info out but it take a little too much info out. I'm using string between and I'd like to know if there is a way to extract info better from the array used in _AD_GetUserGroups
      I've attached my script and GUI but it pulls too much info due to the _stringbetween function. I just need to know if there is a better way?
       
       
       
      GetGroups.au3
    • Kevin Finnegan
      Get Domain User's full name locally despite being removed from AD?
      By Kevin Finnegan
      Hi all,
      I'm currently writing a backup script to automate the process of storing and compressing data for any member leaving the firm I work at. Ideally I would like to pull the user's display name or full name, for instance, a WMI query selecting FullName WHERE Win32_NetworkLoginProfile Name equals "Domain\kefinnegan" would bring back "Kevin Finnegan" or whatever naming convention your company uses.
      Although this solution seems ideal as long as you log in as a user with privileged access, it won't work if the domain user you wish to backup has been purged from the Active Directory system entirely as the WMIService seems to query it in some shape or form (thousands of members in our firm, need to trim the fat every now and then). I was wondering if it's possible to query an API, service or possibly even scan registry entries stored on the leaver's machine while logged in as the local administrator (can run the script with privileged domain credentials if needs be) that could give me a domain user's full name, who logged onto this machine, without the use of Active Directory?