$objConnection.Open("Active Directory Provider")

gcue · February 16, 2010

i am using the adfunctions.au3 udf - works great! except today i have a user who crashes at this line:

how can i check if the session has been established or not?

i know IsObj is used to check a valid object is there something for session checking?

water · February 17, 2010

You could try AD.au3 - the successor of adfunctions.au3.

It comes with a lot of examples, help file, ScITE integration, better error checking ...

For download please see my signature.

The main difference for coders is that the function names changed from _AD* to _AD_*.

gcue · February 17, 2010

i tried it but got an error with the function that worked with adfunctions so i sorta gave up =)

(372) : ==> Variable must be of type "Object".:
Local $oAD_RecordSet = $oAD_Connection.Execute($sAD_Query)
Local $oAD_RecordSet = $oAD_Connection^ ERROR

#include "AD.au3"

    $selection_text = "Drive Lock Exception Policy"
    $asset = "d0929111"

;~  If $domain_disconnected = True Then
;~      MsgBox(262144, $selection_text, "Not connected to domain.")
;~      Return
;~  EndIf

    $group = "GPO_Clients_RME_DriveLock_Policy"
    $groupdn = _AD_SamAccountNameToFQDN($group)


    $assetdn = _AD_SamAccountNameToFQDN($asset & "$")

            If _AD_IsMemberOf($groupdn, $assetdn) = 1 Then
                MsgBox(262144, $selection_text, $asset & " is part of the Drive Lock Exception Policy.")
            Else
                MsgBox(262144, $selection_text, $asset & " is NOT part of the Drive Lock Exception Policy.")
            EndIf

99ojo · February 17, 2010

Hi,

before you can use _AD* functions, call _ad_open() before and _ad_close () after your function calls.

Water might correct my statement.....

#include "AD.au3"

$selection_text = "Drive Lock Exception Policy"
$asset = "d0929111"

;~  If $domain_disconnected = True Then
;~      MsgBox(262144, $selection_text, "Not connected to domain.")
;~      Return
;~  EndIf
_ad_open ()

$group = "GPO_Clients_RME_DriveLock_Policy"
$groupdn = _AD_SamAccountNameToFQDN($group)

$assetdn = _AD_SamAccountNameToFQDN($asset & "$")
If _AD_IsMemberOf($groupdn, $assetdn) = 1 Then
    MsgBox(262144, $selection_text, $asset & " is part of the Drive Lock Exception Policy.")
Else
    MsgBox(262144, $selection_text, $asset & " is NOT part of the Drive Lock Exception Policy.")
EndIf
_ad_close ()

;-))

Stefan

Edited February 17, 2010 by 99ojo

gcue · February 17, 2010

oooo thats why then! haha didnt think of it because the adfunctions didnt require that.

is there a way to detect if the connection fails to connect to the domain? (either when the udf loads or within the script)

id like to be able to accurately get this working:

;~ If $domain_disconnected = True Then
;~ MsgBox(262144, $selection_text, "Not connected to domain.")
;~ Return
;~ EndIf

great work water!

thanks 99ojo =)

Edited February 17, 2010 by gcue

99ojo · February 17, 2010

Hi,

since _ad_open () has no return value, i have no guess howto check.

Maybe like you get the (372) : ==> Variable must be of type "Object".:

error, there is no connection.

Maybe @water knows. He might also change the function to implement a return value.

;-))

Stefan

water · February 17, 2010

Not that I know.

If anyone has an idea I will be glad to implement it.

gcue · February 17, 2010

so what will happen if we try to make a query and theres no AD connection?

water · February 17, 2010

I will post a modified version of _AD_Open.

This will check for "IsObject" and @error after each COM related operation.

This might lead to some error codes that can be checked when calling _AD_Open().

gcue · February 17, 2010

all i include is ad.au3.. will i need to include _ad_open

or were you talking about just the function being modified?

thanks water!

ps just let us know how to test for ad connection if you can =)

thanks again

water · February 17, 2010

I will modify the _AD_Open() for a test script and run it on a computer without network connection. Then I will see where it "crashes".

When I have a version with "proper" error handling I will post it here for you to test.

Please be patient, I'm sure it will take a few days.

gcue · February 17, 2010

cool np..

thank you very much!

water · February 17, 2010

Quick and dirty! What do you get when you run this script and have no connection to a domain?

#include <AD.au3>

$Return = _AD_OpenX()
Msgbox(0,"","Finished with @error: " & @error & ", @extended: " & @extended & ", return value: " & $Return)
_AD_Close()

Func _AD_OpenX($sAD_UserIdParam = "", $sAD_PasswordParam = "", $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = "")

    ; A COM error handler will only be set up if there isn't an error handler already active.
    If ObjEvent("AutoIt.Error") = "" Then
        $oAD_MyError = ObjEvent("AutoIt.Error", "_AD_ErrorHandler") ; Install a custom error handler
        If @error <> 0 Then Return SetError(1, @error, 0)
    EndIf
    $oAD_Connection = ObjCreate("ADODB.Connection") ; Create COM object to AD
    If @error <> 0 Then Return SetError(2, @error, 0)
    $oAD_Connection.ConnectionString = "Provider=ADsDSOObject" ; Set Service providertype
    If $sAD_UserIdParam <> "" Then
        $oAD_Connection.Properties("User ID") = $sAD_UserIdParam ; Authenticate User
        $oAD_Connection.Properties("Password") = $sAD_PasswordParam ; Authenticate User
        ; If userid is the Windows login name then set the flag for secure authentifiction
        If StringInStr($sAD_UserIdParam, "\") = 0 And StringInStr($sAD_UserIdParam, "@") = 0 Then
            $oAD_Connection.Properties("ADSI Flag") = $ADS_SECURE_AUTH
        Else
            $oAD_Connection.Properties("ADSI Flag") = 0x0
        EndIf
        $sAD_UserId = $sAD_UserIdParam
        $sAD_Password = $sAD_PasswordParam
    EndIf
    $oAD_Connection.Open("Active Directory Provider") ; Open connection to AD
    ; Connect to another Domain if the Domain parameter is provided
    If $sAD_DNSDomainParam <> "" Then
        $oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServerParam & "/RootDSE")
        If @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $sAD_DNSDomainParam
        $sAD_HostServer = $sAD_HostServerParam
        $sAD_Configuration = $sAD_ConfigurationParam
    Else
        $oAD_RootDSE = ObjGet("LDAP://RootDSE")
        If @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $oAD_RootDSE.Get("defaultNamingContext") ; Retrieve the current AD domain name
        $sAD_HostServer = $oAD_RootDSE.Get("dnsHostName") ; Retrieve the name of the connected DC
        $sAD_Configuration = $oAD_RootDSE.Get("ConfigurationNamingContext") ; Retrieve the Configuration naming context
    EndIf
    $oAD_OpenDS = ObjGet("LDAP:")
    If @error <> 0 Then Return SetError(5, @error, 0)
    Return 1

EndFunc ;==>_AD_OpenX

gcue · February 17, 2010

the user is in England and I'm in the US

i'll try when he gets back in the office tomorrow...

thanks!!!

gcue · February 18, 2010

pc with domain access:

@error:0

@extended:0

return value:1

domain pc i disconnected network cable from:

COM Error Encountered in test.exe

Scriptline = -1

NumberHex 80070548

Number = -2147023541

WinDescription = The specified domain either does not exist or could not be contacted

Description =

Source =

Helpfile =

HelpContext =

LastDllError = 317

@error: 4

@extended: -2147023541

return value: 0

pc on domain user logged in without query access

@error:0

@extended:0

return value:1

99ojo · February 18, 2010

Hi,

so check beforehand if user has a domain login:

$netbios = "MyDomain"
$domain = EnvGet ("USERDOMAIN")
If $domain <> $netbios Then MsgBox (0,"","Please logon to domain first!")

If you have trusted structure, you check against an array with the netbios names of your trusted domains.

#include <array.au3>
Global $netbios [2]
$netbios [0] = "My1stDomain"
$netbios [1] = "My2ndDomain"
$domain = EnvGet ("USERDOMAIN")
If _ArraySearch ($netbios, $domain) = -1 Then MsgBox (0,"","Please logon to domain first!")

Also you can check with a ping if your domain is reachable.

;-))

Stefan

Edited February 18, 2010 by 99ojo

water · February 18, 2010

Hi gcue,

I think I will catch this COM error in the COM error handler. So _AD_Open can return 1 on success and 0 with @error and @extended set on failure.

I will set @extended to the errornumber of the COM error. In this case -2147023541.

What do you think?

gcue · February 18, 2010

sounds good =)

thanks for your help

water · February 18, 2010

I'm no COM guru and my AD access is readonly. So a bit of testing is required. Could you please run the following code and report the results with and without AD access?

#include <AD.au3>

$Return = _AD_OpenX()
Msgbox(0,"","Finished with @error: " & @error & ", @extended: " & @extended & ", return value: " & $Return)
_AD_Close()

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_Open
; Description ...: Opens a connection to the Active Directory.
; Syntax.........: _AD_Open([$sAD_UserIdParam = "", $sAD_PasswordParam = ""[, $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = ""]])
; Parameters ....: $sAD_UserIdParam - Optional: UserId to authenticate with. This has to be a valid domain user
;   $sAD_PasswordParam - Optional: Password to authenticate with
;   $sAD_DNSDomainParam - Optional: Active Directory domain name if you want to connect to a different domain
;   $sAD_HostServerParam - Optional: Name of the connected Domain Controller if you want to connect to a different domain
;   $sAD_ConfigurationParam - Optional: Configuration naming context if you want to connect to a different domain
; Return values .: Success - 1
;   Failure - 0, sets @error to:
;   |1 - Installation of the custom error handler failed. @extended set to error code of ObjEvent
;   |2 - Creation of the COM object to the AD failed. @extended set to error code of ObjCreate
;   |3 - Open the connection to AD failed. @extended set to error code of ObjCreate
;   |4 - Creation of the RootDSE object failed. @extended set to error code received by the COM error handler
;   +   Happens when the connection to the domain isn't successful. @extended is set to -2147023541
;   |5 - Creation of the DS object failed. @extended set to error code received by the COM error handler
; Author ........: Jonathan Clelland
; Modified.......: Thomas Rupp
; Remarks .......: To close the connection to the Active Directory, use the _AD_Close function.
;+
;   _AD_Open will use the alternative credentials $sAD_UserIdParam and $sAD_PasswordParam if passed as parameters.
;   $sAD_UserIdParam has to be in one of the following formats (assume the samAccountName = DJ)
;   * Windows Login Name e.g. "DJ"
;   * NetBIOS Login Name e.g. "<DOMAIN>\DJ"
;   * User Principal Name e.g. "DJ@domain.com"
;   All other name formats have not been successfully tested (see section "Link").
;+
;   If you want to connect to a different domain (not the domain your computer is a member of) or your computer is no domain member
;   then please provide $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam as FQDN as well as $sAD_UserIdParam and $sAD_PasswordParam.
;   Example:
;   $sAD_DNSDomainParam = "DC=subdomain,DC=example,DC=com"
;   $sAD_HostServerParam = "servername.subdomain.example.com"
;   $sAD_ConfigurationParam = "CN=Configuration,DC=subdomain,DC=example,DC=com"
;+
;   The COM error handler will be set up if there isn't an error handler already active.
;   But be aware that some functions will not work correctly any more because they handle error codes ($iAD_COMError) that are set by the error handler.
; Related .......: _AD_Close
; Link ..........: http://msdn.microsoft.com/en-us/library/cc223499(PROT.10).aspx (Simple Authentication)
; Example .......: Yes
; ===============================================================================================================================
Func _AD_OpenX($sAD_UserIdParam = "", $sAD_PasswordParam = "", $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = "")

    ; A COM error handler will only be set up if there isn't an error handler already active.
    If ObjEvent("AutoIt.Error") = "" Then
        $oAD_MyError = ObjEvent("AutoIt.Error", "_AD_ErrorHandler") ; Install a custom error handler
        If @error <> 0 Then Return SetError(1, @error, 0)
    EndIf
    $oAD_Connection = ObjCreate("ADODB.Connection") ; Create COM object to AD
    If @error <> 0 Then Return SetError(2, @error, 0)
    $oAD_Connection.ConnectionString = "Provider=ADsDSOObject" ; Set Service providertype
    If $sAD_UserIdParam <> "" Then
        $oAD_Connection.Properties("User ID") = $sAD_UserIdParam ; Authenticate User
        $oAD_Connection.Properties("Password") = $sAD_PasswordParam ; Authenticate User
        ; If userid is the Windows login name then set the flag for secure authentifiction
        If StringInStr($sAD_UserIdParam, "\") = 0 And StringInStr($sAD_UserIdParam, "@") = 0 Then
            $oAD_Connection.Properties("ADSI Flag") = $ADS_SECURE_AUTH
        Else
            $oAD_Connection.Properties("ADSI Flag") = 0x0
        EndIf
        $sAD_UserId = $sAD_UserIdParam
        $sAD_Password = $sAD_PasswordParam
    EndIf
    $oAD_Connection.Open("Active Directory Provider") ; Open connection to AD
    If @error <> 0 Then Return SetError(3, @error, 0)
    ; Connect to another Domain if the Domain parameter is provided
    If $sAD_DNSDomainParam <> "" Then
        $oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServerParam & "/RootDSE")
        If @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $sAD_DNSDomainParam
        $sAD_HostServer = $sAD_HostServerParam
        $sAD_Configuration = $sAD_ConfigurationParam
    Else
        $oAD_RootDSE = ObjGet("LDAP://RootDSE")
        If @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $oAD_RootDSE.Get("defaultNamingContext") ; Retrieve the current AD domain name
        $sAD_HostServer = $oAD_RootDSE.Get("dnsHostName") ; Retrieve the name of the connected DC
        $sAD_Configuration = $oAD_RootDSE.Get("ConfigurationNamingContext") ; Retrieve the Configuration naming context
    EndIf
    $oAD_OpenDS = ObjGet("LDAP:")
    If @error <> 0 Then Return SetError(5, @error, 0)
    Return 1

EndFunc ;==>_AD_OpenX

Edited February 18, 2010 by water

gcue · February 18, 2010

def ill try it with the London guy tomorrow..

what does it do?

Sign In

$objConnection.Open("Active Directory Provider")

Recommended Posts

gcue

water

gcue

99ojo

gcue

99ojo

water

gcue

water

gcue

water

gcue

water

gcue

gcue

99ojo

water

gcue

water

gcue

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta