Jump to content
Sign in to follow this  
darkleton

LDAP vbs to au3

Recommended Posts

darkleton

Hi,

I have a vbs script which when run will ask for username and password, and will then check that against a server, if it is correct and you are in the right group specified it will do a few functions. i have tried using the vbs to au3 converter but it just doesn't like running afterwards.

if anyone is able to give me a hand converting it i would be eternally grateful. my aim is to have it as an au3 script, and then have the ability to minimise it to the tray so that it can be disconnected later. the vbs code works exactly as i want, so it really just is a case of converting it.

i've attached the code below, if anyone could help, thank you :mellow:

sDNS="dc=mydomain,dc=com"
sDomain = "MYDOMAIN"
sDC="SERVER01"

strUserNameMessage = "Please enter your username"
strPasswordMessage = "Please enter your password"
strTitle = "Domain Connect"

sUser = InputBox(strUserNameMessage,strTitle,"",1600,1600)
sPassword = InputBox(strPasswordMessage,strTitle,"",1600,1600)
sGroup1= "Group1"
sGroup2= "Group2"


const ADS_SECURE_AUTHENTICATION = 1
const ADS_SERVER_BIND= 512


'find the distinguished name of this user
'will return N/A for either no user or wrong password
sDN=getdn(sUser,sPassword,sDomain)
if sDN="N/A" then
  wscript.echo "Can't find user"
  wscript.quit
end if


'username and password are valid; is the user in the group
'bind to user object
set oLDAP=getobject("LDAP:")
set oUser=oLDAP.opendsobject("LDAP://"  & sDC & "/" & sDN,sDomain & "\" & sUser,sPassword,  ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)
'assume user is not in group
bInGroup=false
for each oGroup in oUser.groups
  'check for each group - make lcase just to avoid problems with case
  if lcase(oGroup.samaccountname)=lcase(sGroup1) or lcase(oGroup.samaccountname)=lcase(sGroup2) then
    bInGroup=True
    exit for
  end if
next

'process appropriately for in/out of group
if bInGroup then
  wscript.echo "In group, mapping drives"
else
  wscript.echo "Not in group " & sGroup
  wscript.quit
end if



function getDN(sNTName,sPassword,sDomain)
  'kludgy but saves unwanted errors
'  on error resume next
  sResult="N/A"
  sBase="<LDAP://" &  sDC & "/" & sDNS & ">"
  'set up connection to Active Direcotry
  set oCommand=createobject("adodb.command")
  sAttributes = "distinguishedName"
  Set oConn = CreateObject("ADODB.Connection")
  oConn.Provider = "ADsDSOObject"
  oConn.Properties("User ID") =  sDomain & "\" & sUser
  oConn.Properties("Password") = sPassword
  oConn.Open
  oCommand.ActiveConnection = oConn
  set oRS=createobject("adodb.recordset")
  sFilter = "(samaccountname=" & sNTName & ")"
  'query built here has domain name; filter based on username; only attribute needed is distinguished name and subtree means search whole directory
  sQuery = sBase & ";" & sFilter & ";" & sAttributes & ";subtree"
  oCommand.CommandText = sQuery
 Set oRS = oCommand.Execute
  'will be EOF if not found
  if ors.eof then
        sresult="N/A"
    else
        sResult=ors("distinguishedname")
    end if
    ors.close
  'return either N/A for not found or error (eg bad password) and distinguished name otherwise
    getDN=sResult
  on error goto 0
end function

thanks

Mike

Share this post


Link to post
Share on other sites
water

There is a UDF available for Active Directory (for download please see my signature). It has a lot of functions that help you cope with AD.

In your case you need _AD_SamAccountNameToFQDN, _AD_IsMemberOf


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
darkleton

the other thing i forgot to mention is this is run on a machine not joined to the domain, but joined to a workgroup connected to a domain network via wireless. so its the whole making it work with authentication bit.

thanks water, i'll have a read through, see if i can make some sense of it. it's been a while since i tried au3 stuff :mellow:

Share this post


Link to post
Share on other sites
water

the other thing i forgot to mention is this is run on a machine not joined to the domain, but joined to a workgroup connected to a domain network via wireless. so its the whole making it work with authentication bit.

thanks water, i'll have a read through, see if i can make some sense of it. it's been a while since i tried au3 stuff :mellow:

If you supply the necessary information to _AD_Open you can connect to a domain from a workgroup as well.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
darkleton

OK I've had a quick look at the functions, but it's been about 3 years since I last tried doing AutoIT :mellow:

How wrong is the code below? Sorry if it seems stupidly simple.

Func Connect()
Global $sAD_DNSDomainParam = "dc=mydomain,dc=com"
Global $sAD_HostServerParam = "server01.mydomain.dom"
Global $sAD_ConfigurationParam = "cn=Configuration,dc=mydomain,dc=com"
Global $sAD_Group1 = "group2"
Global $sAD_Group2 = "group1"
Global $sAD_UserIdParam = $suser
Global $sAD_PasswordParam = $spassword
_AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam, $sAD_ConfigurationParam)

;;convert sam name into fqdn using username in gui
$sDN = _AD_SamAccountNameToFQDN($sAD_UserIdParam)
if $sDN = 0 Then
    MsgBox(0,"Error","No such user")
    Exit
EndIf
;;convert to fqdn end

;;check user is member of groups
$ismember = _AD_IsMemberOf($sAD_Group1 or $sAD_Group2, $sDN)
If $ismember = 1 then 
    MsgBox(0,"Success","Mapping drives")
Else
    MsgBox(0,"Failure","Not in groups")
EndIf
;;close ad connection
_AD_Close()
;;close ad connection end
EndFunc

Share this post


Link to post
Share on other sites
water

Only some minor changes:

Func Connect()
Global $sAD_DNSDomainParam = "dc=mydomain,dc=com"
Global $sAD_HostServerParam = "server01.mydomain.dom"
Global $sAD_ConfigurationParam = "cn=Configuration,dc=mydomain,dc=com"
Global $sAD_Group1 = "group2"
Global $sAD_Group2 = "group1"
Global $sAD_UserIdParam = $suser
Global $sAD_PasswordParam = $spassword
_AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam, $sAD_ConfigurationParam)

;;convert sam name into fqdn using username in gui
$sDN = _AD_SamAccountNameToFQDN($sAD_UserIdParam)
if @error <> 0 Then
    MsgBox(0,"Error","No such user")
    Exit
EndIf
;;convert to fqdn end

;;check user is member of groups
$ismember = _AD_IsMemberOf($sAD_Group1, $sDN) + _AD_IsMemberOf($sAD_Group1, $sDN)
If $ismember > 0 then 
    MsgBox(0,"Success","Mapping drives")
Else
    MsgBox(0,"Failure","Not in groups")
EndIf
;;close ad connection
_AD_Close()
;;close ad connection end
EndFunc

I will soon release version 0.37 of the UDF. _AD_Open then sets @error if the connection was not successful.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
darkleton

When I run it (after entering user/pass in the gui)I get:

COM error encountered

Scriptline = 373

NumberHex = 000000A9

Number = 169

WinDescription = Variable must be of type "Object"

Description = Permission denied

Source = Provider

HelpContext = 1240640

Share this post


Link to post
Share on other sites
water

Either the connection to the AD was not successful or the specified user is not allowed to read the AD.

I attach the beta of version 0.37. Could you please check @error after _AD_Open.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
darkleton

I have just tested using the domain admin password and after this:

_AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam, $sAD_ConfigurationParam)

MsgBox(1,"",@error)

I get the message box with 0 so I am assuming it is failing to connect?

run on another machine and the description of the com error changes to unknown username or bad password, source active directory. yet i know im using the right username (its my own!!)

Edited by darkleton

Share this post


Link to post
Share on other sites
darkleton

ah, it was me using the $sAD_Usernameparam = $suser....it was outputting as "3" instead of what i typed in.

changed it to = guictrlread($suser) and it outputted right. i can test a bit further now. :mellow:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×