Active Directory UDF

[water]

What error message do you get? What's the value of @error?

[HaeMHuK]

What error message do you get? What's the value of @error?

Numberhex = 80072032

Number = -2147016654

Windescription = An invalid dn syntax has been specified

Edited April 28, 2011 by HaeMHuK

[water]

Numberhex = 80072032

Number = -2147016654

Windescription = An invalid dn syntax has been specified

This means the specified FQDN is invalid. This is often caused by special characters like ,# \ etc.

Maybe the FQDN ($sObject) you specify in

_AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject))

is invalid.

Can you please post the FQDN?

Edited April 28, 2011 by water

[HaeMHuK]

This means the specified FQDN is invalid. This is often caused by special characters like ,# \ etc.

Maybe the FQDN ($sObject) you specify in

_AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject))

is invalid.

Can you please post the FQDN?

OU=Workstations,OU=NBD,OU=All Computers,DC=sinders,DC=com

[water]

Your example is an OU!

Therefore you get the error because an OU has no SamAccountName. So _AD_FQDNToSamAccountName($sObject) returns nothing and in the next step _AD_GetObjectClass is called with an empty (invalid) parameter.

[HaeMHuK]

I'm sorry.

aaaa.bbbb

abbbb-pc

[water]

aaaa.bbbb

abbbb-pc

I'm sorry but I don't understand.

Might be a lack of coffee ...

[HaeMHuK]

dc-loc1-1.sidners.com

[kabar]

Water YOU Rock. Thank you for your AD UDF.

Question: Is is possible to enable and configure AD users for "Office Communications Server". We need to enable OCS assign a Server and Policy.

Is this possible?

[water]

If the "Office Communications Server" is installed the AD schema is extended by the installation.

Please run function _AD_ListSchemaVersions to check if it is installed and what version you run.

#include 
_AD_Open()
Global $aResult = _AD_ListSchemaVersions()
ConsoleWrite($aResult[4])
_AD_Close()

Following values could be returned.

1006 - LCS 2005 SP1

1007 - OCS 2007

1008 - OCS 2007 R2

1100 - Lync Server 2010

I'm not familiar with the "Office Communications Server" so I don't know what additional properties are available after installation.

For the Lync Server 2010 you may find some info about the schema extension here.

Edited May 11, 2011 by water

[water]

dc-loc1-1.sidners.com

To make

$aResult = _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject))

run (in your case) $sObject has to be a computername. This can bei either a samaccountname (e.g @ComputerName & "$") or the FDQN (e.g. CN=Computer1,OU=Workstations,OU=NBD,OU=All Computers,DC=sinders,DC=com).

As _AD_GetobjectClass accepts samaccountname or FQDN this should work for the current cumputer as well:

$aResult = _AD_GetObjectClass(@ComputerName & "$")

[HaeMHuK]

To make

$aResult = _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject))

run (in your case) $sObject has to be a computername. This can bei either a samaccountname (e.g @ComputerName & "$") or the FDQN (e.g. CN=Computer1,OU=Workstations,OU=NBD,OU=All Computers,DC=sinders,DC=com).

As _AD_GetobjectClass accepts samaccountname or FQDN this should work for the current cumputer as well:

$aResult = _AD_GetObjectClass(@ComputerName & "$")

; Delete object
Global $iValue = _AD_DeleteObject($sObject, _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject)))

I have abbb-pc in AD.

Your script deletes this pc only through "CN=abbb-pc,OU=Workstations,OU=NBD,OU=All Computers,DC=sinders,DC=com"

If I type abbb-pc or abbb-pc$ it shows the error I've already mentioned.

After changing the line from FQDNToSamAccountName($sObject) to SamAccountNameToFQDN($sObject) this pc can be deleted by name but not with "CN=abbb-pc,OU=Workstations,OU=NBD,OU=All Computers,DC=sinders,DC=com"

There is a problem in script or everyone should use _AD_DeleteObject($sObject, "computer") despite _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject))?

Edited May 12, 2011 by HaeMHuK

[water]

Now I see the problem - just got the right amount of coffee

• _AD_DeleteObject($sObject, "computer") works for $sObject being a SamAccountName or a FQDN
• _AD_DeleteObject($sObject, _AD_GetObjectClass($sObject)) works for $sObject being a SamAccountName or a FQDN
• _AD_DeleteObject($sObject, _AD_GetObjectClass(_AD_SamAccountNameToFQDN($sObject))) only works when $sObject is written as SamAccountName
• _AD_DeleteObject($sObject, _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject))) only works when $sObject is written as FQDN

Number 3 and 4 are no longer needed to transform $sObject to a SamAccountName or FQDN as this is handled by functions _AD_DeleteObject or _AD_GetObjectClass and so on.

I will change functions _AD_FQDNToSamAccountName and _AD_SamAccountNameToFQDN to return a valid string even when the passed string is already in the correct format.

So now only example 1 and 2 give a correct result. After my changes example 3 and 4 will work as well.

Edited May 12, 2011 by water

[HaeMHuK]

Thank you very much. That's exactly I wanted to know.

Edited May 12, 2011 by HaeMHuK

[HaeMHuK]

Hi again.

Could you please correct me if there are any mistakes.

Func _AD_CreateContact($sAD_OU, $sAD_CN)

    If _AD_ObjectExists($sAD_CN) Then Return SetError(1, 0, 0)
    If Not _AD_ObjectExists($sAD_OU, "distinguishedName") Then Return SetError(2, 0, 0)
    If $sAD_CN = "" Then Return SetError(3, 0, 0)
    ;If $sAD_User = "" Then Return SetError(4, 0, 0)
    Local $oAD_OU = _AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_OU)
    Local $oAD_User = $oAD_OU.Create("Contact", "CN=" & $sAD_CN)
    $oAD_User.SetInfo
    If @error <> 0 Then Return SetError(@error, 0, 0)
    Return 1

EndFunc

[water]

Looks quite good.

Just one thing. You can't use _AD_ObjectExists with $sAD_CN because the _AD_ObjectExists function only allows SamAccountName or FQDN as parameter.

You could create the FQDN with $sAD_OU and $sAD_CN and test with this string.

Please have a look at _AD_CreateGroup which is similar to what you try to do.

Edited May 22, 2011 by water

[water]

I had a discussion today on the german AutoIt forum. The user wanted to search not only the domain but the complete forest.

After playing around and tweaking the function _AD_GetObjectsInOU a bit it was possible to search the whole AD forest.

Anyone interested in such a global search function? If yes, any other functions needed to work on the whole forest?

[supersonic]

Hi water,

I'm very interested in searching the whole AD forest. This would be a greate enhancement!

How far the UDF parameters would change? Please, can you give an example?

Greets,

-supersonic.

Edited June 1, 2011 by supersonic

[water]

Hi supersonic,

still some investigation is needed before I can implement new functions or change existing ones.

There might be two solutions to this:

• Access the global catalog using the GC provider. Now the LDAP provider is used for all queries
• Change _AD_Open so it connects to the global catalog and uses the rootDomainNamingContext. Now the defaultNamingContext is used

I will do some testing and let you know when I need some assistance (no big forest here, just a single domain).

[supersonic]

Hi water,

that sounds good. If you need assistance or just someone for testing... Just let me know.

It would be greate if using GC provider and rootDomainNamingContext could be optional or - if they become the default -

it should be possible to switch back to LDAP provider and defaultNamingContext. In other words: Could the changes be script breaking?

Greets,

-supersonic.