Jump to content
Sign in to follow this  
water

Active Directory UDF - Help & Support

Recommended Posts

Works fine for me on locked objects.

Did you try the example script for _AD_IsObjectLocked? It first gets a list of locked objects and then uses _AD_IsObjectLocked on the first found object.

Or run _AD_GetObjectsLocked.au3 to get a list of all locked objects and check if your object is included.

Did you test the @error returned by _AD_IsObjectLocked in your script?

; Return values .: Success - 1, Specified object is locked
;   Failure - 0, sets @error to:
;   |0 - $sAD_Object is not locked
;   |1 - $sAD_Object could not be found

If you check a computer remember to append a "$" to the samaccountname - see the remarks in the helpfile for _AD_IsObjectLocked.

Hello water,

yes i tried the expample. It doesn't work.

_AD_GetObjectsLocked.au3 return "no objects locked".

I try this function on user account and it return 0 and @error is always at 0 too whereas the account is really locked.

_AD_UnlockObject works fine.

I don't know where to search.

Thx for your help

Share this post


Link to post
Share on other sites

Hello water,

yes i tried the expample. It doesn't work.

_AD_GetObjectsLocked.au3 return "no objects locked".

I try this function on user account and it return 0 and @error is always at 0 too whereas the account is really locked.

_AD_UnlockObject works fine.

I don't know where to search.

Thx for your help

If _AD_GetObjectsLocked doesn't find any locked objects then there are no locked objects in your AD.:mellow:

What makes you think that the user account is locked?

Could you please try _AD_GetObjectsDisabled? Maybe the user account isn't locked but disabled.

Another try: Download Sysinternals Active Directory Explorer. No installation required, just run the exe. Check if the user account is locked (attribute lockouttime has to be set). If the user account is disabled then the UserAccountControl is set to 514 (= normal account + disabled)

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

The function _AD_IsObjectLocked always return me that the account is not locked. when i verify with dsa.msc, it's really locked.

When i run _AD_UnlockObject on the same account it's working.

I tried adexplorer and userAccountControl is set to 512 and badpasswdcount is set to 3.

No one, had the same problem?

Edited by neric77

Share this post


Link to post
Share on other sites

I tried adexplorer and userAccountControl is set to 512 and badpasswdcount is set to 3.

512 means: Normal account. If it is locked it is BitOred with 0x10. A normal account which is locked hast 512+16 = 528.

If you get 512 as userAccountControl then the user isn't locked.

_AD_UnlockObject doesn't return an error when the object isn't locked before.

What does dsa.msc show (screenshot)? What's the value of userAccountControl? And what is the value of lockouttime?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

512 means: Normal account. If it is locked it is BitOred with 0x10. A normal account which is locked hast 512+16 = 528.

If you get 512 as userAccountControl then the user isn't locked.

_AD_UnlockObject doesn't return an error when the object isn't locked before.

What does dsa.msc show (screenshot)? What's the value of userAccountControl? And what is the value of lockouttime?

dsa.msc

adexplorer

Edited by neric77

Share this post


Link to post
Share on other sites

Oh, I see. I converted this function from a script I found on the internet - but unfortunately it doesn't seem to be so easy!

Can you please run this vbscript and check if it returns a valid result?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Oh, I see. I converted this function from a script I found on the internet - but unfortunately it doesn't seem to be so easy!

Can you please run this vbscript and check if it returns a valid result?

Water

That works.

Share this post


Link to post
Share on other sites

OK, I will have to do some further investigation. The end of the lockout time has to be calculated (and needs a lot more code compared to just query an attribute).

With Windows 2008 it seems to be possible to have more than one password policy. At the moment I'm not sure how to get the correct values to calculate the end of the password time.

I fear you'll have to be patient till I come up with an accurate function :mellow:


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

OK, I will have to do some further investigation. The end of the lockout time has to be calculated (and needs a lot more code compared to just query an attribute).

With Windows 2008 it seems to be possible to have more than one password policy. At the moment I'm not sure how to get the correct values to calculate the end of the password time.

I fear you'll have to be patient till I come up with an accurate function :mellow:

No problem Water.I'll be wait.

Many Thanks.

Share this post


Link to post
Share on other sites

Hi,

how do I get with _AD_GetObjectsInOU() only the pc?

First thing you have to know is that the SamAccountName of a PC (written in Autoit): @Computername & "$".

So the statement should look like:

$sComputer = @ComputerName & "$"
$aObjects = _AD_GetObjectsInOU($sOU, "(&(objectclass=computer)(samaccountname=" & $sComputer & "))" , 2, "sAMAccountName,distinguishedName")
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Not only my pc, i need all objecty from typ PC in the OU but not the usergroups, user, ect..

Edit:

ok, i have it:

$test = _AD_GetObjectsInOU($OU, "(&(objectclass=computer))", 2, "sAMAccountName,distinguishedName")
Edited by chipDE

Share this post


Link to post
Share on other sites

$test = _AD_GetObjectsInOU($OU, "(&(objectclass=computer))", 2, "sAMAccountName,distinguishedName")

You can strip it down to:

$test = _AD_GetObjectsInOU($OU, "(objectclass=computer)", 2, "sAMAccountName,distinguishedName")

BTW: A good place to start with LDAP is this M$ article.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi,

how can I activate/disable a GPO in an OU?

With the AD UDF you can't - at the moment. This would be a complete new area for the UDF - and for me.

To start with such a new task

  • there should be a need for this by many users
  • there should be some users providing examples in visual basic so I can convert them
  • there should be some users willing to test the readonly and the update/change functions
At the moment the Email functions - and debugging - have a higher priority.

@Everyone: Please post here if you'd like to see GPO functions in the AD UDF and what you can contribute.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I have many vbs scripts to manage the GPO, but I can not upload here. Here is the link to the German thread with the examples:

http://autoit.de/index.php?page=Thread&postID=140369#post140369

Edited by chipDE

Share this post


Link to post
Share on other sites

Ok, I will have a look at it.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi chipDE,

I had a look at the GPO scripts. Seems rather complex. I have no knowledge of GPO and the VBScript/Javascript code that is used.

Maybe it's a better idea to check the need for GPO functions first. If enough users need them then convert them to AutoIt.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Version 0.37 has been released. Starting next Monday I will be on vacation for two weeks. Therefore I wanted to release the new version some days in advance.

For download please see signature.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Function _AD_DisablePasswordExpire doesn't work :mellow: Can Somebody fix it ???

Could you please check @error and @extended after the function call:
$Result = _AD_DisablePasswordExpire("SamAccountName or FQDN")
MsgBox(0,"","Result: " & $Result & ", error: " & @error & ", extended: " & @extended)

What do you get?

N.B: Starting Monday I will be on vacation for 2 weeks.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...