Active Directory UDF - Help & Support

ICANSEEYOU7687 · July 1, 2011

Can you post the distinguished name of such an item?

I will do one better,

here is the output of the script,

I have blurred/covered some users names and such, as I dont think my company would like me posting user names on the interwebs.

Haha, as always, thanks!

water · July 1, 2011

Thanks for the screenshot!

If you run example script _AD_GetObjectProperties.au3 you will see all properties for the current user (Example 1). In my case I get

[130]|objectCategory|CN=Person,CN=Schema,CN=Configuration,DC=egv,DC=at
[131]|objectClass|organizationalPerson
[132]|objectClass|user
[133]|objectClass|person
[134]|objectClass|top

for objectCategory and ObjectClass.

Could you please run _AD_GetObjectProperties for one of the distinguished names in your screenshot and post what you get for ObjectClass and ObjectCategory.

If you like, you can delete the screenshot now.

Edited July 1, 2011 by water

ICANSEEYOU7687 · July 1, 2011

Thanks for the screenshot!
If you run example script _AD_GetObjectProperties.au3 you will see all properties for the current user (Example 1). In my case I get
[130]|objectCategory|CN=Person,CN=Schema,CN=Configuration,DC=egv,DC=at
[131]|objectClass|organizationalPerson
[132]|objectClass|user
[133]|objectClass|person
[134]|objectClass|top
for objectCategory and ObjectClass.
Could you please run _AD_GetObjectProperties for one of the distinguished names in your screenshot and post what you get for ObjectClass and ObjectCategory.

If you like, you can delete the screenshot now.

Sure here are the results

For an entry WITH a user name gives me

Objectclass:

Person

user

organizationalPerson

top

objectCategory CN=Person,CN=Schema,CN=Configuration,DC=XXXXXXX,DC=org

For one of the entries Without a username:

objectclass:

top

msExchActiveSyncDevice

Object Category

CN=ms-Exch-Active-Sync-Device,CN=Schema,CN=Configuration,DC=XXXXXXX,DC=org

Edited July 1, 2011 by ICANSEEYOU7687

water · July 1, 2011

If you run

#include <ad.au3>
_AD_Open()
$aResult = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user))", 2, "sAMAccountName,distinguishedName,displayname")
_ArrayDisplay($aResult)

you shouldn't get any of those active-sync etc. entries because their objectcategory and objectclass is different.

Could you please test?

ICANSEEYOU7687 · July 1, 2011

I did, same result, using

$aObjects = _AD_GetObjectsInOU($sOU, "(name=*)", 2, "sAMAccountName,distinguishedName,displayname")
If @error > 0 Then
    MsgBox(64, "Active Directory Functions - Example 1", "No OUs could be found")
Else
    _ArrayDisplay($aObjects, "Active Directory Functions - Example 1 - Objects in OU '" & $sOU & "'")
    $iResult = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user))", 2, "sAMAccountName,distinguishedName,displayname", "displayname", True)
    MsgBox(64, "Active Directory Functions - Example 1", "This example returned " & $iResult & " records")
EndIf
_AD_Close()

Strange, the ones that are not classified as a person, or a user still show up.

water · July 1, 2011

Is there a difference in the number of records if you run this two commands?

#include <ad.au3>
_AD_Open()
$sOU = ""
$aResult = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user))", 2, "sAMAccountName,distinguishedName,displayname")
_ArrayDisplay($aResult)
$iResult = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user))", 2, "sAMAccountName,distinguishedName,displayname", "", True)
Msgbox(0,"","Number of records: " & $iResult)
_AD_Close()

What version of the AD UDF do you run - please check the ; UDF Version ...: 1.0.0 line in AD.au3.

Edited July 1, 2011 by water

ICANSEEYOU7687 · July 1, 2011

Is there a difference in the number of records if you run this two commands?

#include <ad.au3>
_AD_Open()
$sOU = ""
$aResult = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user))", 2, "sAMAccountName,distinguishedName,displayname")
_ArrayDisplay($aResult)
$iResult = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user))", 2, "sAMAccountName,distinguishedName,displayname", "", True)
Msgbox(0,"","Number of records: " & $iResult)
_AD_Close()

What version of the AD UDF do you run - please check the ; UDF Version ...: 1.0.0 line in AD.au3.

Its the latest version 1.0.0

water · July 1, 2011

What are the results if you run the above script? Could you please post the number of records? We once had a problem when the user had a lot of records.

ICANSEEYOU7687 · July 1, 2011

What are the results if you run the above script? Could you please post the number of records? We once had a problem when the user had a lot of records.

When I close the window the results say 52, and I do have 52 users with actual account names. But the list contains 147 items, with the accuonts with no account names

water · July 2, 2011

I have no idea what the problem might be. I tested here and the result is just fine.

Could you please run this modified script? I now display the objectclass and the name in the array. All records should have objectclass "user".

Row 0, Col 0 should be 52 (= the number of users). The msgbox then should display 52 as well.

#include <ad.au3>
_AD_Open()
$sOU = ""
$aResult = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user)(name=*))", 2, "sAMAccountName,objectclass,name")
_ArrayDisplay($aResult)
$iResult = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user)(name=*))", 2, "sAmaccountName", "", True)
Msgbox(0,"","Number of records: " & $iResult)
_AD_Close()

Edited July 2, 2011 by water

ICANSEEYOU7687 · July 5, 2011

I have no idea what the problem might be. I tested here and the result is just fine.
Could you please run this modified script? I now display the objectclass and the name in the array. All records should have objectclass "user".
Row 0, Col 0 should be 52 (= the number of users). The msgbox then should display 52 as well.
#include <ad.au3>
_AD_Open()
$sOU = ""
$aResult = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user)(name=*))", 2, "sAMAccountName,objectclass,name")
_ArrayDisplay($aResult)
$iResult = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user)(name=*))", 2, "sAmaccountName", "", True)
Msgbox(0,"","Number of records: " & $iResult)
_AD_Close()

That worked!

The strange accounts listed must have had some weird classifications to them... There are in fact 52 entries in the table. Thanks, for all of the followups! Now I gotta read up on exporting this table to a .txt document. Thanks!

water · July 5, 2011

Glad it works now!

Now I gotta read up on exporting this table to a .txt document.

_FileWriteFromArray (unfortunately only works for one-dimensional arrays)

Edit: A function to write 2D-Arrays can be found

Edited July 5, 2011 by water

ICANSEEYOU7687 · July 5, 2011

Glad it works now!
_FileWriteFromArray (unfortunately only works for one-dimensional arrays)
Edit: A function to write 2D-Arrays

I was just about to make a post in general help about that. The 2D array worked perfectly, thanks very much! Extremely helpful as usual!

water · July 5, 2011

turi · July 6, 2011

Hallo Water

I have a Problem with the Function _AD_CreateGroup. I don't know how to use the Parameter "$iAD_Type". I would like to create a LOCAL Group and and not know how to use the variable. What means "Global security must be 'BitOr'ed with a scope."? The explanation of BitOr use only numbers.

Thank you for your help.

Greets

Turi

water · July 6, 2011

Hi Turi,

The default value for $iAD_Type is $ADS_GROUP_TYPE_GLOBAL_SECURITY which is defined as "BitOR($ADS_GROUP_TYPE_GLOBAL_GROUP, $ADS_GROUP_TYPE_SECURITY_ENABLED)".

Maybe the ADS_Group_Type_Enum Enumeration gives you some more information.

I'm not very familiar with the different group types. I've left this function of the original author (John Clelland) nearly untouched.

turi · July 7, 2011

Thank you for the help.

Now i understand my Problem. In your AD.au3 are some Global Const like: Global Const $ADS_GROUP_TYPE_GLOBAL_GROUP = 0x2. But 2 are missing.

Global Const $ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 0x4

Global Const $ADS_GROUP_TYPE_LOCAL_SECURITY = BitOR($ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP, $ADS_GROUP_TYPE_SECURITY_ENABLED)

It would be nice, if in the next version of the AD.au3 they would be.

Greets

Edited July 7, 2011 by turi

water · July 7, 2011

I will include them in the next version.

supersonic · July 8, 2011

Hi water,

how can I retrieve a user or group name from a SID?

I'm looking for something like '_AD_SIDToSamAccountName()'...

Greets,

-supersonic.

Edit:

I've found this solution:

Local $aResult = _AD_GetObjectsInOU("", "(&(objectSid=" & $aST_Text[$i] & "))", 2, "samAccountName", "", False)
ConsoleWrite($aResult[1] & @CRLF)

Is there a more simple way without array?

Edited July 8, 2011 by supersonic

water · July 8, 2011

Hi supersonic,

haven't used it myself but maybe function "_Security__LookupAccountSid" does what you need? This function is part of the AutoIt package - Security Management UDF

Edited July 8, 2011 by water

Active Directory UDF - Help & Support

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

water

Posted Images

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members