Active Directory UDF

[araneon]

You simply have to grab those groups you are interested in:

$aGroups = _AD_RecursiveGetMemberOf(@Username, 10, False, False)
For $i = 1 To $aGroups[0]
    If StringLeft($aGroups[$i], 9) = "RND_DB_1C" Then ; Process the group
Next

Thank you very much for your help and for UDP super !!!
I did a search through the regular expressions

$sUser = _AD_RecursiveGetMemberOf(@Username, 10, False, False)
$GR = _ArrayToString($sUser, @lf)
$aRes = StringRegExp($GR, '(RND_DB_1C_[^\n]+)', 3)
If @error Then Exit

 

[water]

[legend]

a simple way to check if a user exists :)?

[water]

_AD_ObjectExists?

[mdwerne]

I'm attempting to set an attribute in AD with the following script. AD returns a '0'...and my data is not written. The attribute already has two other entries, that is why I am trying to append (3) to the attribute. Can anyone see what I may be doing wrong?

expandcollapse popup

#include <AD.au3>

Global $UserName = @UserName, $sAltSecurityIdentities = "Test:username@somedomain.com"
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Query", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

; Checking value before
$aProperties = _AD_GetObjectProperties($UserName, "cn,altSecurityIdentities")
_ArrayDisplay($aProperties, "SRN Active Directory properties for user '" & $UserName & "'")

_AD_ErrorNotify(2)

$iValue = _AD_ModifyAttribute($UserName, "altSecurityIdentities", $sAltSecurityIdentities, 3)
MsgBox(64, "Result", "Error code: '" & @error & "' from Active Directory")

; Name...........: _AD_ModifyAttribute
; Description ...: Modifies an attribute of the given object to the value specified.
; Syntax.........: _AD_ModifyAttribute($sObject, $sAttribute[, $sValue = ""[, $iOption = 1]])
; Parameters ....: $sObject - Object (user, group ...) to add/delete/modify an attribute (sAMAccountName or FQDN)
;                  $sAttribute - Attribute to add/delete/modify
;                  $sValue - Optional: Value to modify the attribute to. Use a blank string ("") to delete the attribute (default).
;                  +$sValue can be a single value (as a string) or a multi-value (as a one-dimensional array)
;                  $iOption - Optional: Indicates the mode of modification: Append, Replace, Remove, and Delete
;                  |1 - CLEAR: remove all the property value(s) from the object (default when $svalue = "")
;                  |2 - UPDATE: replace the current value(s) with the specified value(s)
;                  |3 - APPEND: append the specified value(s) to the existing values(s)
;                  |4 - DELETE: delete the specified value(s) from the object
; Return values .: Success - 1
;                  Failure - 0, sets @error to:
;                  |1 - $sObject does not exist
;                  |x - Error returned by SetInfo method (Missing permission etc.)

; Checking value after
$aProperties = _AD_GetObjectProperties($UserName, "cn,altSecurityIdentities")
_ArrayDisplay($aProperties, "Active Directory Properties for user '" & $UserName & "'")
_AD_Close()

If $iValue = 1 Then
    MsgBox(64, "Result", "altSecurityIdentities for user '" & $UserName & "' was successfully modified!")
ElseIf @error = 1 Then
    MsgBox(64, "Result", "User '" & $UserName & "' does not exist in Active Directory")
Else
    MsgBox(64, "Result", "Error code: '" & @error & "' from Active Directory")
EndIf

Thanks for any suggestions,

-Mike

Edited August 25, 2015 by mdwerne
Modify variable name to minimize confusion...

[water]

Looks like you need to pass an array with all the needed values. Unfortunatley this site is written in German but I think you'll get the message:
http://www.administrator.de/frage/powershell-vbscript-altsecurityidentities-188680.html

[mdwerne]

Thanks water...I'll play with this and see if I can generate a successful "append". This is a bit more complicated than I was hoping for, but at least it's a solution and yesterday I didn't have one.

Also, thanks for hunting down that website, there is no way I would have found it on my own...guess I need to stop filtering out non English websites .

All the best amigo!

-Mike

[water]

I searched MSDN and got this.
Here it says it is a string - so maybe the german link is wrong.
I searched the forum and found this post talking about "altSecurityIdentities". Here it uses an array.

I'm a bit confused

[mdwerne]

As the array route seems like a quicker test, I'll give that a shot and post back my results...and just because I neglected to do so before, here is the debug info from the initial failure in case you see something I don't.

---------------------------
Active Directory Functions - Debug Info
---------------------------
COM Error Encountered in X.509Test.au3

AD UDF version = 1.4.2
@AutoItVersion = 3.3.14.1
@AutoItX64 = 0
@Compiled = 0
@OSArch = X64
@OSVersion = WIN_81
Scriptline = 2590
NumberHex = 80020009
Number = -2147352567
WinDescription = Exception occurred.
Description = Unspecified error
Source = Active Directory
HelpFile =
HelpContext = 0
LastDllError = 0

Thanks again,

-Mike

[mdwerne]

WUHOO, SUCCESS!!

Your previous post suggesting an array with an update (2) instead of an append (3) worked perfectly!!

Posted 22 Mar 2013 by water

How about

$aAltSecurityIdentities[3] = ["String1", "String2", "String3"]
_AD_ModifyAttribute($strUsername, "altsecurityidentities", $aAltSecurityIdentities, 2)

Thank you for the suggestion, I am back on track!!

This really is a great UDF, you and Jonathan Clelland did an excellent job...and thank you for taking the time to keep it updated.

All the best,

-Mike

[water]

I'm glad the problem could be solved
Now we have another example of working code if someone else is looking for it in the future!

[Lucid]

I've got a 64-bit Windows PE image (that doesn't have the ADSI plugin installed), and I was wondering if there's an easy way to get Water's UDF to work (version 1.4.2.0) so I can communicate with Active Directory from within it?

The AdFind.exe utility from Joeware works on my 32-bit WinPE image (so I know it's possible to connect to AD), but since that's only 32-bit it's not filling the void for me in my 64-bit WinPE environment. Oh, and my Autoit code works just fine in a full OS of course (or even a WinPE image with the old ADSI plugin) - just not in this slimmed down, ADSI-less, 64-bit WinPE image. Anyone run into this type of scenario and can shed some light on how I can stick with just pure Autoit code?

$iResult = _AD_Open($sAccountName, $sAccountPassword, $sDNSDomain, $sPrimaryDomainControllerFQDN, $sConfiguration, $iUseSSL)
Returns 0
@‌error = 2
@‌extended = -2147221005

Thanks!

P.S. I'm still sort of new to Autoit, so maybe I'm overlooking something obvious...

[water]

@error = 2 means: Creation of the COM object to the AD failed. @extended returns error code from ObjCreate
So I assume some module is missing. I'm not familiar with Windows PE so I only can suggest to install the ADSI plugin. Or is this not a valid option?

[jazzyjeff]

Hey Water,

 

I am trying a very simple script to check group membership and I always get an error when running as non admin users, and only on certain machines. 

This is the script.

#include<AD.au3>
_ad_open()
If _AD_IsMemberOf("AD_Group",@UserName) Then
    MsgBox(0,"Is",@UserName)
Else
    MsgBox(0,"Is NOT",@UserName)
EndIf
_ad_close()

This is the error that I receive.

\\server\share\AutoIt3\Include\AD.au3" (550) : ==> Variable must be of type "Object".:
$__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(" & $sProperty & "=" & $sObject & ");ADsPath;subtree"
$__oAD_Command^ ERROR

 

How can I resolve this?

 

i am running Autoit version: 3.3.14.1

AD UDF version: 1.4.2

 

Thanks,

Jeff

Edited September 16, 2015 by jazzyjeff

[water]

There seems to be a problem with _AD_Open then. Can you check the return value and @error please?

[jazzyjeff]

I get Error: 4

Extended: - 2147024843

I tried running the _AD_Open function with my own credentials (I'm an admin on the domain) and I am still unable to get proper return on the If statement.

 

Thanks

[water]

Ah, error 4.

Most of the time I got this when a compiled script was not run from a "secure location". Copy the file to a location where you usually run your programs from and try again.

[jazzyjeff]

Thanks Water. i saw your message about Secure locations from another post after you sent this. 

I have made the script copy down locally, and this works. Not ideal, but it works.

[water]

You could talk to your admins to make your directory a "secure location".

[water]

Version 1.4.3.0 of the UDF has been released.

Fixed problems with _AD_JoinDomain and _AD_UnJoinDomain! Thanks to user Neutro!

Please test before using in production!

For download please see my signature.