Jump to content

Getting Computer group memberships in AD

Apriest
 Share

Recommended Posts

Apriest Seeker

Apriest

Posted
Posted

Hi all,

I downloaded and was looking through the AD Functions UDF file and have found it very useful. However, my company tends to use AD groups with computers as members to control software rights. I think there's a way to modify the Get User/Add User/Remove user functions to do computers but I'm not really well versed enough to successfully convert it without driving myself batty. Any help would be appreciated.

Func _ADGetUserGroups(ByRef $usergroups, $user = @UserName)

Local $oUsr

$strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree"

$objRecordSet = $objConnection.Execute($strQuery) ; Retrieve the FQDN for the logged on user

$ldap_entry = $objRecordSet.fields(0).value

$oUsr = _ADObjGet($ldap_entry) ; Retrieve the COM Object for the logged on user

$usergroups = $oUsr.GetEx("memberof")

$oUsr = 0

$count = UBound($usergroups)

_ArrayInsert($usergroups, 0, $count)

EndFunc ;==>_ADGetUserGroups

Func _ADAddUserToGroup($group, $user)

If _ADIsMemberOf($group, $user) Then Return 0

$oUsr = _ADObjGet("LDAP://" & $strHostServer & "/" & $user) ; Retrieve the COM Object for the user

$oGroup = _ADObjGet("LDAP://" & $strHostServer & "/" & $group) ; Retrieve the COM Object for the group

$oGroup.Add($oUsr.AdsPath)

$oGroup.SetInfo

$oGroup = 0

$oUser = 0

Return _ADIsMemberOf($group, $user)

EndFunc ;==>_ADAddUserToGroup

Func _ADRemoveUserFromGroup($group, $user)

If _ADIsMemberOf($group, $user) = 0 Then Return 0

$oUsr = _ADObjGet("LDAP://" & $strHostServer & "/" & $user) ; Retrieve the COM Object for the user

$oGroup = _ADObjGet("LDAP://" & $strHostServer & "/" & $group) ; Retrieve the COM Object for the group

$oGroup.Remove($oUsr.AdsPath)

$oGroup.SetInfo

$oGroup = 0

$oUser = 0

If _ADIsMemberOf($group, $user) Then

Return -1

Else

Return 1

EndIf

EndFunc ;==>_ADRemoveUserFromGroup

Link to comment
Share on other sites
water Universalist

water

Posted
Posted (edited)

Did you try to use the functions with a computer account? What results did you get?

To run the functions with a computer account you have to provide either a SamAccountName or a Fully Qualified Domain Name (FQDN).

The SamAccountName is the Computername PLUS an appended Dollar Sign.

So could you please try something like:

$aResult = _AD_GetUserGroups(@Computername & "$")

N:B.: If you have questions regarding the AD UDF could you please post them in the "General Help and Support Thread" (for link please see my signature)?

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...