Active Directory UDF

PeterAtkin · February 9, 2010

I have a little issue I am trying to mimic the ifmember function that Microsoft has made available by using the _AD_IsMemberOf() function suppled with your UDF, as an example:

If _CMD(@LogonServer & '\netlogon\ifmember Domain Admins') Then mapdrive("s:", $source & "\source")EndIf

The code that has been suppled as an example seems not to work..

#include <AD.au3>

Global $aUser, $sFQDN_Group

; Open Connection to the Active Directory
_AD_Open()

; Get the Fully Qualified Domain Name (FQDN) for the current user
$sFQDN_User = _AD_SamAccountNameToFQDN()

; Get an array of group names (FQDN) that the current user is immediately a member of
_AD_GetUserGroups($aUser, @UserName)
$sFQDN_Group = $aUser[1]

; Check the group membership of the specified user for the specified group
$iResult = _AD_IsMemberOf($sFQDN_Group, $sFQDN_User)
Select
    Case $iResult = 1
        MsgBox(64, "Active Directory Functions", _
                "User: " & $sFQDN_User & @CRLF & _
                "Group: " & $sFQDN_Group & @CRLF & _
                "User is a member of the specified group!")
    Case ($iResult = 0 And @error = 1)
        MsgBox(64, "Active Directory Functions", _
                "User: " & $sFQDN_User & @CRLF & _
                "Group: " & $sFQDN_Group & @CRLF & _
                "Group does not exist!")
    Case ($iResult = 0 And @error = 2)
        MsgBox(64, "Active Directory Functions", _
                "User: " & $sFQDN_User & @CRLF & _
                "Group: " & $sFQDN_Group & @CRLF & _
                "User does not exist!")
    Case ($iResult = 0)
        MsgBox(64, "Active Directory Functions", _
                "User: " & $sFQDN_User & @CRLF & _
                "Group: " & $sFQDN_Group & @CRLF & _
                "User is a not member of the specified group!")
EndSelect

; Close Connection to the Active Directory
_AD_Close()

Error I get is;

D:\addons\autoit\Logon Script\ad_test.au3 (13) : ==> Subscript used with non-Array variable.:

$sFQDN_Group = $aUser[1]

$sFQDN_Group = $aUser^ ERROR

unfortunately I am not too clear on the logic of this example.

Is it possible to show an example of how this code would be implemented for my case or show me where the above code went wrong.

Edited February 9, 2010 by PeterAtkin

water · February 9, 2010

My bad. That's an error introduced by removing "ByRef".

Please change line

_AD_GetUserGroups($aUser, @UserName)

to

$aUser = _AD_GetUserGroups(@UserName)

and everything works fine.

In your case you want to check the membership of the currentuser in a specific group. So I would code:

if _AD_isMemberOf("groupname",@Username) Then <Do what has to be done when the user is a member of group "groupname">

You can specify "groupname" as samaccountname (blabla) or FQDN (CN=blabla,OU=blabla,DC=blabla).

PeterAtkin · February 9, 2010

Wow that was fast, but seems still some very odd issues the first _AD_isMemberOf("Domain Users", @UserName) dos not get reconised at all

AD_Open()
If _AD_isMemberOf("Domain Users", @UserName) Then
RunAsWait("Administrator", "cfu", "password", 4, "net time " & @LogonServer & " /SET /Y", @SW_HIDE)
ProgressSet(10, "Removing old network shares please wait...")
If $number_of_network_drives > 1 Then
  _deldrive("*")
Else
  ;MsgBox(16, "Total Number of network drives", " number of network drives :" & $number_of_network_drives)
EndIf
ProgressSet(15, "Adding default shares")
_mapdrive("h:", $homebase & "\user$\" & @UserName)
_mapdrive("p:", $public & "\public")
ProgressSet(25, "Domain Users home share")
ProgressSet(35, "Setting up network printers")
_add_network_printers()
EndIf

If _AD_isMemberOf("Domain Admins", @UserName) Then
_mapdrive("s:", $source & "\source")
ProgressSet(40, "Setup admin shares")
EndIf
If _AD_isMemberOf("quoteworks", @UserName) Then
_mapdrive("w:", $accounts & "\quotewerks")
ProgressSet(50, "Setup quoteworks share")
EndIf

If _AD_isMemberOf("core", @UserName) Then
_mapdrive("x:", $accounts & "\core$")
_mapdrive("q:", $accounts & "\quickbooks$")
_mapdrive("t:", $accounts & "\clients$")
_mapdrive("u:", $accounts & "\suppliers$")
ProgressSet(70, "Setup core shares")
EndIf

If _AD_isMemberOf("Engineers", @UserName) Then
_mapdrive("s:", $source & "\source")
ProgressSet(80, "Setup engineer share")
EndIf
_AD_Close()

The others work fine, however now also my delete function no longer works?

Func _deldrive($drived)
Local $i = $number_of_network_drives
If $drived = "*" Then
  Do
   DriveMapDel($network_drives[$i] & ":")
   Sleep(500)
   $i = $i - 1
  Until $i = 0
Else
  DriveMapDel($drived)
  Switch @error
   Case 0
    ;MsgBox(16, "Error", "An unknown error occured trying to delete local drive :" & $network_drives[$i] & ":")
   Case Else
    ;MsgBox(64, "Completed!", "Deleted " & $network_drives[$i])
  EndSwitch
EndIf
EndFunc   ;==>_deldrive

I when back to using the normal ifmember code

[font="Verdana"]If _CMD(@LogonServer & '\netlogon\ifmember Domain Admins') Then mapdrive("s:", $source & "\source")EndIf

and all worked just fine?

Any Ideas that all seems a bit odd to me maybe I am doing somtheing wrong..

I have attached the full working script, checked and rechecked just in case.

logon.au3

Edited February 9, 2010 by PeterAtkin

PeterAtkin · February 9, 2010

Sorry incorrect file attached the previous working version before I added _AD_isMemberOf("Domain Users", @UserName) is attached here.. Sorry

logon.au3

Edited February 9, 2010 by PeterAtkin

water · February 9, 2010

The problem is, that the group "Domain Users" never seems to have any members (here it's empty as well) - would be too many entries. If you run

#include <AD.au3>
_AD_Open()
$R = _AD_IsMemberOf("Domain Users",@UserName)
ConsoleWrite($R & "-" & @error & @CRLF)
$R = _AD_GetUserPrimaryGroup(@UserName)
ConsoleWrite($R & "-" & @error & @CRLF)
_AD_Close()

you will get "0-0" as the first result. The second result will return the primary group which - in most cases - is "Domain Users".

Maybe this approach helps.

BTW: Could we move problems with the UDF to the "General help and Support" thread (see my signature)? Here I would like to discuss suggestions, tests etc. regarding the functions of the UDF.

Edited August 21, 2010 by water

PeterAtkin · February 9, 2010

Hi Water, I just seen your support tread http://www.autoitscript.com/forum/index.php?showtopic=109251 do you want me to move this topic there!

water · February 9, 2010

No, just for future problems.

To get a good overview what's in your AD and whats not you could download "ADExplorer" from Sysinternals (now M$). No installation required, just run the program.

The group "Domain Users" can be found under "System_Groups". You will notice that the group has no members.

Edited February 9, 2010 by water

PeterAtkin · February 9, 2010

Thanks I solved the issues of domain user by just making a new group and putting the users in. worked a bit clumsy but I do understand why the issue in the first place and not so much of an effort really for me.

I still have an issue with it seems a conflict with my deldrive function

Func _deldrive($dddrive)
 Local $id = $number_of_network_drives
 If $dddrive = "*" Then
  Do
   DriveMapDel($network_drives[$id] & ":")
   Sleep(500)
   $id = $id - 1
   MsgBox(64, "Completed!", "Deleted " & $network_drives[$id])
  Until $id = 0
 Else
  DriveMapDel($dddrive)
  Switch @error
   Case 0
    ;MsgBox(16, "Error", "An unknown error occured trying to delete local drive :" & $network_drives[$id] & ":")
   Case Else
    ;MsgBox(64, "Completed!", "Deleted " & $network_drives[$id])
  EndSwitch
 EndIf
EndFunc   ;==>_deldrive

which makes no sense at all, I tried everything from renaming variables to forcing the script to run its a no go this is really peplexing as its clearly linked with the the AD.AU3 UDF but how I have no idea.

Any clues?

PeterAtkin · February 9, 2010

I really do not understand but all seems to be working now!

Func _delmappeddrive($drived)
 Local $i = $number_of_network_drives
 If $drived = "*" Then
  Do
   DriveMapDel($network_drives[$i] & ":")
   Sleep(500)
   $i = $i - 1
  Until $i = 0
 Else
  DriveMapDel($drived)
  Switch @error
   Case 0
    ;MsgBox(16, "Error", "An unknown error occured trying to delete local drive :" & $network_drives[$i] & ":")
   Case Else
    ;MsgBox(64, "Completed!", "Deleted " & $network_drives[$i])
  EndSwitch
 EndIf
EndFunc   ;==>_delmappeddrive

Func _EnumerateDrives()
 Local $x = 1
 Local $y = 1
 For $dl = 72 To 89 ; (H-Y)
  $network_drives[$x] = Chr($dl)
  $drive = Chr($dl) & ":\"
  $drive_letter = Chr($dl)
  DriveGetFileSystem($drive)
  If @error = 0 Then
   ;MsgBox(16, "Network Drive", "Drive in Use " & $drive & @CRLF & @CRLF & " Array Varible :" & $network_drives[$x])
   $x = $x + 1
  Else
   ;MsgBox(16,"New Drive " & $network_drives[$y], "Free Drive " & $drive_letter)
   $y = $y + 1
  EndIf
 Next
 $number_of_network_drives = $x - 1
 Return $number_of_network_drives
 ;MsgBox(16, "Drives", "Number of network drives in use are " & $number_of_network_drives)
EndFunc   ;==>_EnumerateDrives

I just used the original working script and changed the name of the function and hay it works..

Thanks for all your help in this i'm a happy chappy.. good work..

water · February 9, 2010

What do you mean by "issues"? Any error messages? I can not see a relation to the UDF at the moment. All funktion names start with _AD_ and all global variable names start with AD_ except for some global constants.

PeterAtkin · February 9, 2010

That was the strange thing no error messages at all, it like it just ignored the function completely, I even put an exit in it right at the top of the function to test, it just did not call the function.. I really do not understand or can even guess I checked your AD UDF for a conflict and could not find one that i could see well nothing obvious.

I'm using Windows 7 up till now I have no erratic behavior, but you never know i guess the script seems to be working like a dream now no issues at all, I will be testing over the next few days if any issues I shall report them to you, but really do not expect any my old script was running a few weeks with no issues in quite a diverse OS environment.

I attached the full script working should you need to look at it, you never know maybe I'm doing something i should'nt be.

logon_ad_working.au3

Edited February 9, 2010 by PeterAtkin

supersonic · February 10, 2010

Hi Water,

I have some problems using _AD_IsMemberOf().

In our script some actions will only happen when an user is member of a dedicated group.

Therefore _AD_IsMemberOf() works fine. But some actions apply to all users of the domain

so I use "Domain Users" (= "Domänen-Benutzer") to check for. This is also the primary domain

group for all users.

When I change the primary domain group then _AD_IsMemberOf() works well with "Domain Users",

e. g. _AD_IsMemberOf("Domänen-Benutzer", @Username). When I re-set "Domain Users" as primary

domain group _AD_IsMemberOf() return 0.

Some days ago I described the same behaviour using the function _AD_GetUserGroups().

It is possible - and does it make sense to you (I hope so :huggles: ) - to enhance these

functions also to take notice of the primary domain group the user belongs to?

Sure, I could use _AD_GetUserPrimaryGroup() as a work around. But often this isn't

very practical...

Maybe you can help me out...

Greets,

-supersonic.

water · February 10, 2010

Hi supersonic,

moved your question and my reply to the "General help and Support" thread.

neric77 · February 15, 2010

Hello All,

does anyone has some issue with the function "_AD_IsObjectLocked()" because this function always return 0 for me?

Thx

water · February 15, 2010

Moved your question and my reply to the "General Help and Support Thread".

water · February 15, 2010

Planned changes for the next version:

All functions: They now return "0" in case of an error and set @error accordingly.

I will change that so functions that return a string or an array on success will return "" (empty string) in case of an error and set @error.

Functions that return a numeric result on success will still return 0 in case of an error and set @error accordingly.

What do you think?

Edited February 16, 2010 by water

dot45 · February 16, 2010

Planned changes for the next version:
All functions: They now return "0" in case of an error and set @error accordingly.
I will change that so functions that return a string or an array on success will return "" (empty string) in case of an error and set @error.
Functions that return a numeric result on success will still return 0 in case of an error and set @error accordingly.
What do you think?

Sounds good to me, will be testing the ad_createcomputer function shortly. (Been waiting for that one Posted Image )

Edited February 16, 2010 by dot45

water · February 17, 2010

Hi dot45,

are there any functions still missing?

jwebb · February 18, 2010

Does/can the AD function support secure ldap? I'm using the _AD_ObjectExists to check for existing computer accounts and our security policy requires that port 389 is block at the server level so I need secure ldap. Thanks for all of the work on the AD udf, it rocks!!!

Jim Webb

water · February 19, 2010

Does/can the AD function support secure ldap? I'm using the _AD_ObjectExists to check for existing computer accounts and our security policy requires that port 389 is block at the server level so I need secure ldap. Thanks for all of the work on the AD udf, it rocks!!!
Jim Webb

Hi Jim,

at the moment it doesn't support secure LDAP. Unfortunately I'm not very familiar with all this connection stuff - I simply converted Jonathan Clellands adfunctions.au3 and am learning every day.

If you can tell me what has to be done I will be glad to give it a try. I've searched the Internet but was not successful in finding an AutoIt or Visual Basic example.

Do you have a working example?

Sign In

Active Directory UDF

Recommended Posts

PeterAtkin

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

water

BrewManNH

mnorland

Posted Images

water

PeterAtkin

PeterAtkin

water

PeterAtkin

water

PeterAtkin

PeterAtkin

water

PeterAtkin

supersonic

water

neric77

water

water

dot45

water

jwebb

water

Similar Content

adding a variable inside a PowerShell command

AD - Active Directory UDF

Compare Active Directory Groups

Using the PowerShell Group Policy Module with AutoIt

Active Directory - Need to search where user is/was logged

Browse

AutoIt Resources

Release

Beta