Sign in to follow this  
Followers 0
Apriest

Getting Computer group memberships in AD

2 posts in this topic

Hi all,

I downloaded and was looking through the AD Functions UDF file and have found it very useful. However, my company tends to use AD groups with computers as members to control software rights. I think there's a way to modify the Get User/Add User/Remove user functions to do computers but I'm not really well versed enough to successfully convert it without driving myself batty. Any help would be appreciated.

Func _ADGetUserGroups(ByRef $usergroups, $user = @UserName)

Local $oUsr

$strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree"

$objRecordSet = $objConnection.Execute($strQuery) ; Retrieve the FQDN for the logged on user

$ldap_entry = $objRecordSet.fields(0).value

$oUsr = _ADObjGet($ldap_entry) ; Retrieve the COM Object for the logged on user

$usergroups = $oUsr.GetEx("memberof")

$oUsr = 0

$count = UBound($usergroups)

_ArrayInsert($usergroups, 0, $count)

EndFunc ;==>_ADGetUserGroups

Func _ADAddUserToGroup($group, $user)

If _ADIsMemberOf($group, $user) Then Return 0

$oUsr = _ADObjGet("LDAP://" & $strHostServer & "/" & $user) ; Retrieve the COM Object for the user

$oGroup = _ADObjGet("LDAP://" & $strHostServer & "/" & $group) ; Retrieve the COM Object for the group

$oGroup.Add($oUsr.AdsPath)

$oGroup.SetInfo

$oGroup = 0

$oUser = 0

Return _ADIsMemberOf($group, $user)

EndFunc ;==>_ADAddUserToGroup

Func _ADRemoveUserFromGroup($group, $user)

If _ADIsMemberOf($group, $user) = 0 Then Return 0

$oUsr = _ADObjGet("LDAP://" & $strHostServer & "/" & $user) ; Retrieve the COM Object for the user

$oGroup = _ADObjGet("LDAP://" & $strHostServer & "/" & $group) ; Retrieve the COM Object for the group

$oGroup.Remove($oUsr.AdsPath)

$oGroup.SetInfo

$oGroup = 0

$oUser = 0

If _ADIsMemberOf($group, $user) Then

Return -1

Else

Return 1

EndIf

EndFunc ;==>_ADRemoveUserFromGroup

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Did you try to use the functions with a computer account? What results did you get?

To run the functions with a computer account you have to provide either a SamAccountName or a Fully Qualified Domain Name (FQDN).

The SamAccountName is the Computername PLUS an appended Dollar Sign.

So could you please try something like:

$aResult = _AD_GetUserGroups(@Computername & "$")

N:B.: If you have questions regarding the AD UDF could you please post them in the "General Help and Support Thread" (for link please see my signature)?

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0