Apriest Posted March 28, 2010 Share Posted March 28, 2010 Hi all, I downloaded and was looking through the AD Functions UDF file and have found it very useful. However, my company tends to use AD groups with computers as members to control software rights. I think there's a way to modify the Get User/Add User/Remove user functions to do computers but I'm not really well versed enough to successfully convert it without driving myself batty. Any help would be appreciated. Func _ADGetUserGroups(ByRef $usergroups, $user = @UserName) Local $oUsr $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree" $objRecordSet = $objConnection.Execute($strQuery) ; Retrieve the FQDN for the logged on user $ldap_entry = $objRecordSet.fields(0).value $oUsr = _ADObjGet($ldap_entry) ; Retrieve the COM Object for the logged on user $usergroups = $oUsr.GetEx("memberof") $oUsr = 0 $count = UBound($usergroups) _ArrayInsert($usergroups, 0, $count) EndFunc ;==>_ADGetUserGroups Func _ADAddUserToGroup($group, $user) If _ADIsMemberOf($group, $user) Then Return 0 $oUsr = _ADObjGet("LDAP://" & $strHostServer & "/" & $user) ; Retrieve the COM Object for the user $oGroup = _ADObjGet("LDAP://" & $strHostServer & "/" & $group) ; Retrieve the COM Object for the group $oGroup.Add($oUsr.AdsPath) $oGroup.SetInfo $oGroup = 0 $oUser = 0 Return _ADIsMemberOf($group, $user) EndFunc ;==>_ADAddUserToGroup Func _ADRemoveUserFromGroup($group, $user) If _ADIsMemberOf($group, $user) = 0 Then Return 0 $oUsr = _ADObjGet("LDAP://" & $strHostServer & "/" & $user) ; Retrieve the COM Object for the user $oGroup = _ADObjGet("LDAP://" & $strHostServer & "/" & $group) ; Retrieve the COM Object for the group $oGroup.Remove($oUsr.AdsPath) $oGroup.SetInfo $oGroup = 0 $oUser = 0 If _ADIsMemberOf($group, $user) Then Return -1 Else Return 1 EndIf EndFunc ;==>_ADRemoveUserFromGroup Link to comment Share on other sites More sharing options...
water Posted March 29, 2010 Share Posted March 29, 2010 (edited) Did you try to use the functions with a computer account? What results did you get? To run the functions with a computer account you have to provide either a SamAccountName or a Fully Qualified Domain Name (FQDN). The SamAccountName is the Computername PLUS an appended Dollar Sign. So could you please try something like:$aResult = _AD_GetUserGroups(@Computername & "$") N:B.: If you have questions regarding the AD UDF could you please post them in the "General Help and Support Thread" (for link please see my signature)? Edited March 29, 2010 by water My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now