Sign in to follow this  
Followers 0
water

Active Directory UDF - Help & Support

782 posts in this topic

For documentation purpose:

To use the AD UDF with Windows PE a guy who asked on the german forum had to do the following:

I had to add the following to the WIN-PE.WIM:

1. Dism.exe /image:c:\winpe_x86\mount /add-driver /driver:.\ADSI_X86\ADSIx86.inf /forceunsigned

2. Dism /image:C:\winpe_x86\mount /Add-Package /PackagePath:.\PETools\x86\WinPE_FPs\winpe-hta.cab

Dism /image:C:\winpe_x86\mount /Add-Package /PackagePath:.\PETools\x86\WinPE_FPs\winpe-mdac.cab

Some more details can be found here.

HTH

Water


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites



#262 ·  Posted (edited)

does _AD_IsMemberOf support checking for nested sub groups?

if not, is there a way you can recommend doing it?

thanks for such a great UDF and all the work you've put into this.

Edited by gcue

Share this post


Link to post
Share on other sites

No.

_AD_IsMemberOf "Returns 1 if the object (user, group, computer) is an immediate member of the group."

But you can recursively query the groups the user is a member of using _AD_RecursiveGetMemberOf and check if the group in question is contained in the result.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#264 ·  Posted (edited)

i used your example

; Open Connection to the Active Directory
_AD_Open()

; Returns a recursively searched list of groups the currently logged on user is a member of
Global $aUser = _AD_RecursiveGetMemberOf(@UserName, 10, 1)
If @error > 0 Then
    MsgBox(64, "Active Directory Functions - Example 1", "User '" & @UserName & "' has not been assigned to any group")
Else
    ; For groups that are inherited, the return is the FQDN of the group or user, and the FQDN(s) of the group(s) it
    ; was inherited from, seperated by '|'
    _ArrayDisplay($aUser, "Active Directory Functions - Example 1 - Group names user '" & @UserName & "' is a member of")
EndIf

; Close Connection to the Active Directory
_AD_Close()

and after some time i am getting this error, any ideas?

U:\scripts\#Tech#\Dashboard\AD.au3 (1005) : ==> Recursion level has been exceeded - AutoIt will quit to prevent stack overflow.:

If _AD_ObjectExists($sAD_Object) = 0 Then Return SetError(1, 0, "")

Edited by gcue

Share this post


Link to post
Share on other sites

What version of the UDF do you use? Line 1005 is in the middle of a comments block in the most current version 1.0.0.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#266 ·  Posted (edited)

sorry i just updated it. still getting the same error

U:\scripts\#Tech#\Dashboard\AD.au3 (1054) : ==> Recursion level has been exceeded - AutoIt will quit to prevent stack overflow.:

If _AD_ObjectExists($sAD_Object) = 0 Then Return SetError(1, 0, "")

Edited by gcue

Share this post


Link to post
Share on other sites

There might be a loop in your group membership definitions. Let's say group A is a member of group B which is a member of group A. The loop is closed and function _AD_RecursiveGetMemberOf loops and loops and loops because it doesn't correctly check the nesting level (default = 10).

As a quick and dirty solution could you please insert the following line as the first statement in function_AD_RecursiveGetMemberOf and post the results?

Local $aAD_Nested[1] = [0]
If $iAD_Depth = 0 then return $aAD_Nested

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#268 ·  Posted (edited)

that worked! =)

thanks for the quick solution.

Edited by gcue

Share this post


Link to post
Share on other sites

I will check the solution and update the UDF to remove the bug.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

cool thanks again.

Share this post


Link to post
Share on other sites

#271 ·  Posted (edited)

Added a new script to the Example Script thread. Lets you display the OUs in your AD as a TreeView.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#272 ·  Posted (edited)

Hello,

What I am looking to do is query all the SubOus of a container. Is _AD_GetObjectsInOU the function im looking for? Most of the examples I see are for user info, I only want to get organizationalUnit list of SubOUs on a given container. Can someone help me out in the right direction?

Thanks,

EDIT: I apologize, I did not see _AD_GetAllOUs. I was able to get what I needed. Thanks,

Edited by gr1fter

Share this post


Link to post
Share on other sites

I just added a new example script in the Active Directy Example Scripts thread (for download please see my signature).

This lets you display the OU hierarchy in a TreeView.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

water or anyone

is it possible to exclude the root directory from the _AD_GetAllOUs array?

example script:

[__CODE_PROTECTED]PGJyIC8+CjxiciAvPgo7IE9wZW4gQ29ubmVjdGlvbiB0byB0aGUgQWN0aXZlIERpcmVjdG9yeTxiciAvPgpfQURfT3BlbigpPGJyIC8+CjxiciAvPgpHbG9iYWwgJiMwMzY7c3VPVT0gJnF1b3Q7b3U9Y29tcHV0ZXJzLG91PWRlc3NlcnQsZGM9ZWFzdCxkYz1taWNyb3NvZnQsZGM9Y29tJnF1b3Q7PGJyIC8+Ckdsb2JhbCAmIzAzNjtpSW5kZXg8YnIgLz4KR2xvYmFsICYjMDM2O2FkT1UgPSBfQURfR2V0QWxsT1VzKCYjMDM2O3N1T1UpPGJyIC8+CklmIEBlcnJvciAmZ3Q7IDAgVGhlbjxiciAvPgoJTXNnQm94KDY0LCAmcXVvdDtBY3RpdmUgRGlyZWN0b3J5IEZ1bmN0aW9ucyAtIEV4YW1wbGUgMSZxdW90OywgJnF1b3Q7Tm8gT1VzIGNvdWxkIGJlIGZvdW5kJnF1b3Q7KTxiciAvPgpFbHNlPGJyIC8+CjxiciAvPgoJRm9yICYjMDM2O2lJbmRleCA9IDEgVG8gJiMwMzY7YWRPVVswXVswXTxiciAvPgoJCSYjMDM2O3NPVSA9ICYjMDM2O2FkT1VbJiMwMzY7aUluZGV4XVsxXTxiciAvPgoJCSYjMDM2O3N0cnZhbCA9IFN0cmluZ1JlZ0V4cCgmIzAzNjtzT1UsICZxdW90Oyg/VSkoPzpPVT0pKC4rKSg/OiwpJnF1b3Q7LCAzKTxiciAvPgoJCSYjMDM2O3N1Ym91ID0gJiMwMzY7c3RydmFsWzJdICZhbXA7ICZxdW90OyYjMDkyOyZxdW90OyAmYW1wOyAmIzAzNjtzdHJ2YWxbMV0gJmFtcDsgJnF1b3Q7JiMwOTI7JnF1b3Q7ICZhbXA7ICYjMDM2O3N0cnZhbFswXTxiciAvPgoJCU1zZ0JveCAoNDgsJnF1b3Q7JnF1b3Q7LCYjMDM2O3N1Ym91KTxiciAvPgoJTmV4dDxiciAvPgo8YnIgLz4KRW5kSWY8YnIgLz4KPGJyIC8+CjsgQ2xvc2UgQ29ubmVjdGlvbiB0byB0aGUgQWN0aXZlIERpcmVjdG9yeTxiciAvPgpfQURfQ2xvc2UoKXM=[/__CODE_PROTECTED]

If i cycle through the message boxes, i dont want the first one to be shown which is the root. Thanks,

Share this post


Link to post
Share on other sites

How to check a sub-domain for the computer info?

The way the domain I'm on is setup, the user accounts are on the main level domain (sub.domain.com) and the computers are in a sub-domain of that (sub2.sub.domain.com). When I run _AD_GetObjectProperties(), I get the user account info fine, but the computer gives an error of 1, and doesn't return anything. Any ideas on how to switch to the sub-domain? I've tried the FQDN of "computer$.sub2.sub.domain.com" already.

Share this post


Link to post
Share on other sites

#276 ·  Posted (edited)

If you specify the computername as SamAccountName you have to append a dollar sign.

$aProperties = _AD_GetObjectProperties(@Computername & "$", "..properties...")
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

If you specify the computername as SamAccountName you have to append a dollar sign.

$aProperties = _AD_GetObjectProperties(@Computername & "$", "..properties...")

I was doing it with the dollar sign, and didn't have any luck.

Share this post


Link to post
Share on other sites

The Active Directory can only connect to one domain at a time.

So if your computers are in a different domain you can either:

  • Close the connection to domain sub.domain.com using _AD_Close() and then connect to domain sub2.sub.domain.comspecifying the necessary parameters for _AD_Open
  • Connect to the global catalog (GC). So you can query all properties that are replicated to the global catalog. The GC is read-only.
BTW:

I've tried the FQDN of "computer$.sub2.sub.domain.com" already.

This is not a valid FQDN.

Run the _AD_GetObjectProperties.au3 example script and see what you get in example 3 - properties for your computer. distinguishedName the FQDN of your computer.

Can you please post the code you use to query the computer properties?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

@gr1fter

Your example crashes here with error:

H:\tools\AutoIt3\AD\AD_Test.au3 (17) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:

$subou = $strval[2] & "\" & $strval[1] & "\" & $strval[0]

$subou = ^ ERROR

Can you post an example how the desired result should look like?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2016-08-18 - Version 1.4.6.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2016-05-09 - Version 1.2.0.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

The Active Directory can only connect to one domain at a time.

So if your computers are in a different domain you can either:

  • Close the connection to domain sub.domain.com using _AD_Close() and then connect to domain sub2.sub.domain.comspecifying the necessary parameters for _AD_Open
  • Connect to the global catalog (GC). So you can query all properties that are replicated to the global catalog. The GC is read-only.
BTW:

This is not a valid FQDN.

Run the _AD_GetObjectProperties.au3 example script and see what you get in example 3 - properties for your computer. distinguishedName the FQDN of your computer.

Can you please post the code you use to query the computer properties?

After some tweaking, I got it to work now. Below is my code, but why I wanted to do this, is I was looking at grabbing the description. For my test computer the description is 5th in the array, but it might not always be that way, so how can I have the message box show only the description field, instead of hard-coding 5 in it? I tried putting "description" in it, but it errors out. Any way to do that with out loops looking at what each value is?

Func _GetAD($stComp)
    _AD_Open()
    $SConfiguration = $sAD_Configuration
    _AD_Close()
    $SDNSDomain = "DC=sub2,DC=sub1,DC=domain,DC=com"
    $SHostServer = "server.sub2.sub1.domain.com"
    _AD_Open("", "", $SDNSDomain, $SHostServer, $SConfiguration)
    ConsoleWrite("Starting with the computer: '" & $stComp & "$" & "'" & @CRLF)
    $aProperties = _AD_GetObjectProperties($stComp & "$")
    If @error = 0 Then
        ConsoleWrite("Diplaying array" & @CRLF)
        _ArrayDisplay($aProperties, $stComp)
        MsgBox(0, "Description", $aProperties[5][2])
    Else
        ConsoleWrite("Error code: " & @error & @CRLF & "Extended: " & @extended & @CRLF)
    EndIf
    ConsoleWrite("Finished" & @CRLF)
    
    _AD_Close()
EndFunc   ;==> _GetAD

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0