Jump to content

Active Directory UDF


water
 Share

Recommended Posts

Thanks a lot for the info.

I will incorporate the changes in the next version. The original UDF by John Clelland already has a function _AD_FixSpecialChars to insert or remove special characters. So I will use this in version 0.38.

BTW: Do you think your code will work? I didn't test it but I think it will change "\/" to "/" and in the next statement back to "\/" again.

; added by Joe2010
;AD BUG: In case the bug is fixed declare right given slashs "wrong"
$sAD_FQDN = StringReplace($sAD_FQDN, "\/", "/")
;AD BUG: Declare wrong given slashs "/" from AD as special character "\/"
$sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/")
; added by Joe2010

In the meanwhile I think it's absolutely enough to use the second code line:

;AD BUG: Declare wrong given slashs "/" from AD as special character "\/"
$sAD_FQDN = StringReplace($sAD_FQDN, "/", "\/")
Edited by Joe2010
Link to comment
Share on other sites

Hello, is it possible to specify a username and password when connecting to AD?

can AdOpen be used with, $sAD_UserIdParam and $sAD_PasswordParam?

but what is the correct way to use them?

Thanks for any help :(

Edited by Erlend
Link to comment
Share on other sites

Hello, is it possible to specify a username and password when connecting to AD?

can AdOpen be used with, $sAD_UserIdParam and $sAD_PasswordParam?

but what is the correct way to use them?

Thanks for any help :(

Moved your question to the "help and support thread"

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Version 0.38 has been released.

For download please see signature.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Hi to all, is there a quick way with this UDF to change in AD the computer description?

Thanks to all for your great help.

Gian72

You can use something like this:

#include AD.au3
$iResult = _AD_Open()
if $iResult <> 1 Then "Your error handling"
$iResult = _AD_ModifyAttribute(@Computername & "$","description","new description")
if $iResult <> 1 Then "Your error handling"
_AD_Close()

If you specify the computer as SamAccountName then you have to append a "$".

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Hi everybody and sorry by advance for my bad english

The function _AD_GetObjectsLocked() doesn't work for me.

I have a locked user account on Active Directory (2008) and i test the function with the simple script :

_AD_Open()
$aLocked = _AD_GetObjectsLocked()
If @error > 0 Then
MsgBox(64, "Result", "No locked user accounts have been found")
Else
_ArrayDisplay($aLocked, "Result")
EndIf
_AD_Close()

But script return "No locked user accounts have been found".

I test with an operational user admin account.

I saw in the first post > _AD_GetObjectsLocked(): Doesn't return a correct value when the lockouttime hasn't expired. The function has to be rewritten

is it the reason that the return is wrong ?

Thanks for response

Link to comment
Share on other sites

I saw in the first post > _AD_GetObjectsLocked(): Doesn't return a correct value when the lockouttime hasn't expired. The function has to be rewritten

is it the reason that the return is wrong ?

That's true. _AD_GetObjectsLocked() uses an approach that doesn't work (it simply checks UAC - user account control). Here you'll find a VBS that does what you need.

I'll have to translate it to AutoIt - as soon as I find some spare time :(

If you know which user is locked you can use _AD_IsObjectLocked(). If your country uses DST then please insert the lines as specified in the "Known Bugs" section to handle Daylight Savings Time correctly.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I wait for the update in autoit (tomorrow ? :( )

Don't think so. It will take 3-4 weeks because I'm on vacation next week and then - as usual after vacations - I will be very busy.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

@all

Maybe this can get you started.

; List userAccountControl Values for an Active Directory User Account

$objHash = ObjCreate("Scripting.Dictionary")
 
$objHash.Add ("ADS_UF_SMARTCARD_REQUIRED", 0x40000) 
$objHash.Add ("ADS_UF_TRUSTED_FOR_DELEGATION", 0x80000) 
$objHash.Add ("ADS_UF_NOT_DELEGATED", 0x100000) 
$objHash.Add ("ADS_UF_USE_DES_KEY_ONLY", 0x200000) 
$objHash.Add ("ADS_UF_DONT_REQUIRE_PREAUTH", 0x400000) 
 
$objUser = ObjGet ("LDAP://CN=User,OU=Dept,DC=Company,DC=com")
$intUAC = $objUser.Get("userAccountControl")
 
If $objUser.IsAccountLocked = True Then
    ConsoleWrite( "ADS_UF_LOCKOUT is enabled" & @CRLF)
Else
    ConsoleWrite( "ADS_UF_LOCKOUT is disabled" & @CRLF)
EndIf
ConsoleWrite( @CRLF )
 
For $Key In $objHash.Keys
    If $objHash($Key) And $intUAC Then 
        ConsoleWrite( $Key & " is enabled" & @CRLF)
    Else
        ConsoleWrite( $Key & " is disabled" & @CRLF)
  EndIf
Next

Rgds

ptrex

Edited by ptrex
Link to comment
Share on other sites

I have a quick question - how long after you unlock an account should you see it unlock?

I have 10 DC - so is it possible to goto the main DC and unlock the account?

All by me:

"Sometimes you have to go back to where you started, to get to where you want to go." 

"Everybody catches up with everyone, eventually" 

"As you teach others, you are really teaching yourself."

From my dad

"Do not worry about yesterday, as the only thing that you can control is tomorrow."

 

WindowsError.gif

WIKI | Tabs; | Arrays; | Strings | Wiki Arrays | How to ask a Question | Forum Search | FAQ | Tutorials | Original FAQ | ONLINE HELP | UDF's Wiki | AutoIt PDF

AutoIt Snippets | Multple Guis | Interrupting a running function | Another Send

StringRegExp | StringRegExp Help | RegEXTester | REG TUTOR | Reg TUTOT 2

AutoItSetOption | Macros | AutoIt Snippets | Wrapper | Autoit  Docs

SCITE | SciteJump | BB | MyTopics | Programming | UDFs | AutoIt 123 | UDFs Form | UDF

Learning to script | Tutorials | Documentation | IE.AU3 | Games? | FreeSoftware | Path_Online | Core Language

Programming Tips

Excel Changes

ControlHover.UDF

GDI_Plus

Draw_On_Screen

GDI Basics

GDI_More_Basics

GDI Rotate

GDI Graph

GDI  CheckExistingItems

GDI Trajectory

Replace $ghGDIPDll with $__g_hGDIPDll

DLL 101?

Array via Object

GDI Swimlane

GDI Plus French 101 Site

GDI Examples UEZ

GDI Basic Clock

GDI Detection

Ternary operator

Link to comment
Share on other sites

Regarding the problems with _AD_IsObjectLocked and _AD_GetObjectsLocked

I have to admit: I don't fully understand how Windows works in this area!

Let's assume there are two Domain Controllers (A and B. The user tries to logon using DC A and is locked on this DC. Now I have the following questions:

  • Does Windows replicate some information to every DC or is there a central role (Domains PDC Emulator?) in the domain that stores this information?
  • What information is replicated from DC A to DC B or the central role?

    - BadPasswordTime

    - BadPWDCount

    - IsAccountLocked Property

    - User Account Control (UAC)

    - LockoutTime

  • How long does it take for this information to get replicated?
  • How can I access this information? What provider (LDAP or WINNT) do I have to use to get correct information?
I will piece together as much information as I can get and put in some links so we can very this.

All the example scripts I've seen on the Internet don't return the correct information as soon as there is more than one DC on the domain.

Here and here I've found the best information so far.

Any additional insight information is greatly appreciated!

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

@Water

Does Windows replicate some information to every DC or is there a central role (Domains PDC Emulator?) in the domain that stores this information?

-> If the DC's are part of the same Domain, yes this will be replicated. Under the condition that the servers are domain servers and replication partners. If not they have seperate AD structures, and you have to set up trust relationships.

What information is replicated from DC A to DC B or the central role?

- BadPasswordTime

- BadPWDCount

- IsAccountLocked Property

- User Account Control (UAC)

- LockoutTime

-> All of the changes in the User Account information is replicated in the same domain.

How long does it take for this information to get replicated?

->This depends on the AD load of the servers. If they are not heavily used it's nearly instantaniously.

How can I access this information? What provider (LDAP or WINNT) do I have to use to get correct information?

-> The real pro scripts are very hard to find. I am setting up a website where I am publishing a few hundreds of the Admin Script for managing Exchange Servers / MSSQL / AD / Terminal Servers / Virtual Servers, etc.

I will keep you informed.

rgds,

patrick

Link to comment
Share on other sites

This site makes me feel that the PDC emulator should be the one to query: "Account lockout is processed on the PDC emulator."

So if I query the PDC emulator (which can be queried using _AD_ListRoleOwners) I should be able to see which users are locked and calculate the status and the end of the lockout. Right?

After my vacation I'm going to test this and post the results.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

@Water

You have to query the FSMO roles forest wide.

But again when you have a network where there's no overload on AD traffic.

It will be a matter of milliseconds the PDC will replicate the status information.

Fore more information http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm

rgds

ptrex

Edited by ptrex
Link to comment
Share on other sites

From what I remember, if I understood correctly, there are tasks which is handled exclusively by the PDC, such as password changes and time synchronization between DCs.

As for logon authentication, a workstation first looks for a DC within its defined site. When a DC receives the authentication request, it finds a Global Catalog within its site which then determines whether the user should be authenticated. A ticket is generated and given to the DC which then passes it on to the workstation. Of course, if no DC or Global Catalog is available in the site, then it gets a list of all the DCs in the domain then tries elsewhere.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...