Sign in to follow this  
Followers 0
gcue

$objConnection.Open("Active Directory Provider")

24 posts in this topic

i am using the adfunctions.au3 udf - works great! except today i have a user who crashes at this line:

$objConnection.Open("Active Directory Provider")

how can i check if the session has been established or not?

i know IsObj is used to check a valid object is there something for session checking?

Share this post


Link to post
Share on other sites



You could try AD.au3 - the successor of adfunctions.au3.

It comes with a lot of examples, help file, ScITE integration, better error checking ...

For download please see my signature.

The main difference for coders is that the function names changed from _AD* to _AD_*.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

i tried it but got an error with the function that worked with adfunctions so i sorta gave up =)

(372) : ==> Variable must be of type "Object".:

Local $oAD_RecordSet = $oAD_Connection.Execute($sAD_Query)

Local $oAD_RecordSet = $oAD_Connection^ ERROR

#include "AD.au3"

    $selection_text = "Drive Lock Exception Policy"
    $asset = "d0929111"

;~  If $domain_disconnected = True Then
;~      MsgBox(262144, $selection_text, "Not connected to domain.")
;~      Return
;~  EndIf

    $group = "GPO_Clients_RME_DriveLock_Policy"
    $groupdn = _AD_SamAccountNameToFQDN($group)


    $assetdn = _AD_SamAccountNameToFQDN($asset & "$")

            If _AD_IsMemberOf($groupdn, $assetdn) = 1 Then
                MsgBox(262144, $selection_text, $asset & " is part of the Drive Lock Exception Policy.")
            Else
                MsgBox(262144, $selection_text, $asset & " is NOT part of the Drive Lock Exception Policy.")
            EndIf

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Hi,

before you can use _AD* functions, call _ad_open() before and _ad_close () after your function calls.

Water might correct my statement.....

#include "AD.au3"

$selection_text = "Drive Lock Exception Policy"
$asset = "d0929111"

;~  If $domain_disconnected = True Then
;~      MsgBox(262144, $selection_text, "Not connected to domain.")
;~      Return
;~  EndIf
_ad_open ()

$group = "GPO_Clients_RME_DriveLock_Policy"
$groupdn = _AD_SamAccountNameToFQDN($group)

$assetdn = _AD_SamAccountNameToFQDN($asset & "$")
If _AD_IsMemberOf($groupdn, $assetdn) = 1 Then
    MsgBox(262144, $selection_text, $asset & " is part of the Drive Lock Exception Policy.")
Else
    MsgBox(262144, $selection_text, $asset & " is NOT part of the Drive Lock Exception Policy.")
EndIf
_ad_close ()

;-))

Stefan

Edited by 99ojo

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

oooo thats why then! haha didnt think of it because the adfunctions didnt require that.

is there a way to detect if the connection fails to connect to the domain? (either when the udf loads or within the script)

id like to be able to accurately get this working:

;~ If $domain_disconnected = True Then

;~ MsgBox(262144, $selection_text, "Not connected to domain.")

;~ Return

;~ EndIf

great work water!

thanks 99ojo =)

Edited by gcue

Share this post


Link to post
Share on other sites

Hi,

since _ad_open () has no return value, i have no guess howto check.

Maybe like you get the (372) : ==> Variable must be of type "Object".:

error, there is no connection.

Maybe @water knows. He might also change the function to implement a return value.

;-))

Stefan

Share this post


Link to post
Share on other sites

Not that I know.

If anyone has an idea I will be glad to implement it.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

so what will happen if we try to make a query and theres no AD connection?

Share this post


Link to post
Share on other sites

I will post a modified version of _AD_Open.

This will check for "IsObject" and @error after each COM related operation.

This might lead to some error codes that can be checked when calling _AD_Open().


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

all i include is ad.au3.. will i need to include _ad_open

or were you talking about just the function being modified?

thanks water!

ps just let us know how to test for ad connection if you can =)

thanks again

Share this post


Link to post
Share on other sites

I will modify the _AD_Open() for a test script and run it on a computer without network connection. Then I will see where it "crashes".

When I have a version with "proper" error handling I will post it here for you to test.

Please be patient, I'm sure it will take a few days.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

cool np..

thank you very much!

Share this post


Link to post
Share on other sites

Quick and dirty! What do you get when you run this script and have no connection to a domain?

#include <AD.au3>

$Return = _AD_OpenX()
Msgbox(0,"","Finished with @error: " & @error & ", @extended: " & @extended & ", return value: " & $Return)
_AD_Close()

Func _AD_OpenX($sAD_UserIdParam = "", $sAD_PasswordParam = "", $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = "")

    ; A COM error handler will only be set up if there isn't an error handler already active.
    If ObjEvent("AutoIt.Error") = "" Then
        $oAD_MyError = ObjEvent("AutoIt.Error", "_AD_ErrorHandler") ; Install a custom error handler
        If @error <> 0 Then Return SetError(1, @error, 0)
    EndIf
    $oAD_Connection = ObjCreate("ADODB.Connection") ; Create COM object to AD
    If @error <> 0 Then Return SetError(2, @error, 0)
    $oAD_Connection.ConnectionString = "Provider=ADsDSOObject" ; Set Service providertype
    If $sAD_UserIdParam <> "" Then
        $oAD_Connection.Properties("User ID") = $sAD_UserIdParam ; Authenticate User
        $oAD_Connection.Properties("Password") = $sAD_PasswordParam ; Authenticate User
        ; If userid is the Windows login name then set the flag for secure authentifiction
        If StringInStr($sAD_UserIdParam, "\") = 0 And StringInStr($sAD_UserIdParam, "@") = 0 Then
            $oAD_Connection.Properties("ADSI Flag") = $ADS_SECURE_AUTH
        Else
            $oAD_Connection.Properties("ADSI Flag") = 0x0
        EndIf
        $sAD_UserId = $sAD_UserIdParam
        $sAD_Password = $sAD_PasswordParam
    EndIf
    $oAD_Connection.Open("Active Directory Provider") ; Open connection to AD
    ; Connect to another Domain if the Domain parameter is provided
    If $sAD_DNSDomainParam <> "" Then
        $oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServerParam & "/RootDSE")
        If @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $sAD_DNSDomainParam
        $sAD_HostServer = $sAD_HostServerParam
        $sAD_Configuration = $sAD_ConfigurationParam
    Else
        $oAD_RootDSE = ObjGet("LDAP://RootDSE")
        If @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $oAD_RootDSE.Get("defaultNamingContext") ; Retrieve the current AD domain name
        $sAD_HostServer = $oAD_RootDSE.Get("dnsHostName") ; Retrieve the name of the connected DC
        $sAD_Configuration = $oAD_RootDSE.Get("ConfigurationNamingContext") ; Retrieve the Configuration naming context
    EndIf
    $oAD_OpenDS = ObjGet("LDAP:")
    If @error <> 0 Then Return SetError(5, @error, 0)
    Return 1

EndFunc ;==>_AD_OpenX


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

the user is in England and I'm in the US

i'll try when he gets back in the office tomorrow...

thanks!!!

Share this post


Link to post
Share on other sites

pc with domain access:

@error:0

@extended:0

return value:1

domain pc i disconnected network cable from:

COM Error Encountered in test.exe

Scriptline = -1

NumberHex 80070548

Number = -2147023541

WinDescription = The specified domain either does not exist or could not be contacted

Description =

Source =

Helpfile =

HelpContext =

LastDllError = 317

@error: 4

@extended: -2147023541

return value: 0

pc on domain user logged in without query access

@error:0

@extended:0

return value:1

Share this post


Link to post
Share on other sites

#16 ·  Posted (edited)

Hi,

so check beforehand if user has a domain login:

$netbios = "MyDomain"
$domain = EnvGet ("USERDOMAIN")
If $domain <> $netbios Then MsgBox (0,"","Please logon to domain first!")

If you have trusted structure, you check against an array with the netbios names of your trusted domains.

#include <array.au3>
Global $netbios [2]
$netbios [0] = "My1stDomain"
$netbios [1] = "My2ndDomain"
$domain = EnvGet ("USERDOMAIN")
If _ArraySearch ($netbios, $domain) = -1 Then MsgBox (0,"","Please logon to domain first!")

Also you can check with a ping if your domain is reachable.

;-))

Stefan

Edited by 99ojo

Share this post


Link to post
Share on other sites

Hi gcue,

I think I will catch this COM error in the COM error handler. So _AD_Open can return 1 on success and 0 with @error and @extended set on failure.

I will set @extended to the errornumber of the COM error. In this case -2147023541.

What do you think?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

sounds good =)

thanks for your help

Share this post


Link to post
Share on other sites

#19 ·  Posted (edited)

I'm no COM guru and my AD access is readonly. So a bit of testing is required. Could you please run the following code and report the results with and without AD access?

#include <AD.au3>

$Return = _AD_OpenX()
Msgbox(0,"","Finished with @error: " & @error & ", @extended: " & @extended & ", return value: " & $Return)
_AD_Close()

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_Open
; Description ...: Opens a connection to the Active Directory.
; Syntax.........: _AD_Open([$sAD_UserIdParam = "", $sAD_PasswordParam = ""[, $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = ""]])
; Parameters ....: $sAD_UserIdParam - Optional: UserId to authenticate with. This has to be a valid domain user
;   $sAD_PasswordParam - Optional: Password to authenticate with
;   $sAD_DNSDomainParam - Optional: Active Directory domain name if you want to connect to a different domain
;   $sAD_HostServerParam - Optional: Name of the connected Domain Controller if you want to connect to a different domain
;   $sAD_ConfigurationParam - Optional: Configuration naming context if you want to connect to a different domain
; Return values .: Success - 1
;   Failure - 0, sets @error to:
;   |1 - Installation of the custom error handler failed. @extended set to error code of ObjEvent
;   |2 - Creation of the COM object to the AD failed. @extended set to error code of ObjCreate
;   |3 - Open the connection to AD failed. @extended set to error code of ObjCreate
;   |4 - Creation of the RootDSE object failed. @extended set to error code received by the COM error handler
;   +   Happens when the connection to the domain isn't successful. @extended is set to -2147023541
;   |5 - Creation of the DS object failed. @extended set to error code received by the COM error handler
; Author ........: Jonathan Clelland
; Modified.......: Thomas Rupp
; Remarks .......: To close the connection to the Active Directory, use the _AD_Close function.
;+
;   _AD_Open will use the alternative credentials $sAD_UserIdParam and $sAD_PasswordParam if passed as parameters.
;   $sAD_UserIdParam has to be in one of the following formats (assume the samAccountName = DJ)
;   * Windows Login Name e.g. "DJ"
;   * NetBIOS Login Name e.g. "<DOMAIN>\DJ"
;   * User Principal Name e.g. "DJ@domain.com"
;   All other name formats have not been successfully tested (see section "Link").
;+
;   If you want to connect to a different domain (not the domain your computer is a member of) or your computer is no domain member
;   then please provide $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam as FQDN as well as $sAD_UserIdParam and $sAD_PasswordParam.
;   Example:
;   $sAD_DNSDomainParam = "DC=subdomain,DC=example,DC=com"
;   $sAD_HostServerParam = "servername.subdomain.example.com"
;   $sAD_ConfigurationParam = "CN=Configuration,DC=subdomain,DC=example,DC=com"
;+
;   The COM error handler will be set up if there isn't an error handler already active.
;   But be aware that some functions will not work correctly any more because they handle error codes ($iAD_COMError) that are set by the error handler.
; Related .......: _AD_Close
; Link ..........: http://msdn.microsoft.com/en-us/library/cc223499(PROT.10).aspx (Simple Authentication)
; Example .......: Yes
; ===============================================================================================================================
Func _AD_OpenX($sAD_UserIdParam = "", $sAD_PasswordParam = "", $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = "")

    ; A COM error handler will only be set up if there isn't an error handler already active.
    If ObjEvent("AutoIt.Error") = "" Then
        $oAD_MyError = ObjEvent("AutoIt.Error", "_AD_ErrorHandler") ; Install a custom error handler
        If @error <> 0 Then Return SetError(1, @error, 0)
    EndIf
    $oAD_Connection = ObjCreate("ADODB.Connection") ; Create COM object to AD
    If @error <> 0 Then Return SetError(2, @error, 0)
    $oAD_Connection.ConnectionString = "Provider=ADsDSOObject" ; Set Service providertype
    If $sAD_UserIdParam <> "" Then
        $oAD_Connection.Properties("User ID") = $sAD_UserIdParam ; Authenticate User
        $oAD_Connection.Properties("Password") = $sAD_PasswordParam ; Authenticate User
        ; If userid is the Windows login name then set the flag for secure authentifiction
        If StringInStr($sAD_UserIdParam, "\") = 0 And StringInStr($sAD_UserIdParam, "@") = 0 Then
            $oAD_Connection.Properties("ADSI Flag") = $ADS_SECURE_AUTH
        Else
            $oAD_Connection.Properties("ADSI Flag") = 0x0
        EndIf
        $sAD_UserId = $sAD_UserIdParam
        $sAD_Password = $sAD_PasswordParam
    EndIf
    $oAD_Connection.Open("Active Directory Provider") ; Open connection to AD
    If @error <> 0 Then Return SetError(3, @error, 0)
    ; Connect to another Domain if the Domain parameter is provided
    If $sAD_DNSDomainParam <> "" Then
        $oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServerParam & "/RootDSE")
        If @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $sAD_DNSDomainParam
        $sAD_HostServer = $sAD_HostServerParam
        $sAD_Configuration = $sAD_ConfigurationParam
    Else
        $oAD_RootDSE = ObjGet("LDAP://RootDSE")
        If @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $oAD_RootDSE.Get("defaultNamingContext") ; Retrieve the current AD domain name
        $sAD_HostServer = $oAD_RootDSE.Get("dnsHostName") ; Retrieve the name of the connected DC
        $sAD_Configuration = $oAD_RootDSE.Get("ConfigurationNamingContext") ; Retrieve the Configuration naming context
    EndIf
    $oAD_OpenDS = ObjGet("LDAP:")
    If @error <> 0 Then Return SetError(5, @error, 0)
    Return 1

EndFunc ;==>_AD_OpenX
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

def ill try it with the London guy tomorrow..

what does it do?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0