Authenticate with Active Directory

[Lew 0]

I want to build some scripts that will authenticate with active directory. Does any one have any good functions or UDFs for me to look at? Thanks in advance.

[rvn 1]

search the forum first

[Lew 0]

search the forum first

I've been looking around the forums but can't fine what I am looking for yet but just want to see if anybody had something I could look at that they might have came across. :)

[water 1,871]

What do you want to do exactly?

If you just want to check a given userid/password against the AD then you will find some solutions on the forum.

Or you could use this tool.

If you run Windows 7 you could use the latest version of my AD UDF (for download please see my signature). Just call _AD_Open() with userid/password and check the return code.

This function is not yet available in version 0.39. If you want to test it I will send you the latest version.

Edited August 31, 2010 by water

[Lew 0]

What I would like to do is have it authenticate with user and password to the AD and also have it check to see if they are a member of a group.

[water 1,871]

For the current user this would look like:

#include <AD.au3>
If _AD_Open() <> 1 Then
  MsgBox(0,"AD","Error " & @error " returned by _AD_Open.") ; Invalid userid/password etc.
  Exit
Endif
If _AD_IsMemberOf("Group") = 1 Then
  MsgBox(0,"AD","User is member of group xx")
  Exit
Endif
_AD_Close()

If you are running Windows 7 you get more information if the userid/password is invalid, account is locked etc.

[Lew 0]

For the current user this would look like:

#include <AD.au3>
If _AD_Open() <> 1 Then
  MsgBox(0,"AD","Error " & @error " returned by _AD_Open.") ; Invalid userid/password etc.
  Exit
Endif
If _AD_IsMemberOf("Group") = 1 Then
  MsgBox(0,"AD","User is member of group xx")
  Exit
Endif
_AD_Close()

If you are running Windows 7 you get more information if the userid/password is invalid, account is locked etc.

Thanks, I was thinking about that last night some how using _AD_Open and _AD_IsMemberOf. It will be running on XP but will have to play around with those functions and see what I get out of them.

[Lew 0]

For the current user this would look like:

#include <AD.au3>
If _AD_Open() <> 1 Then
  MsgBox(0,"AD","Error " & @error " returned by _AD_Open.") ; Invalid userid/password etc.
  Exit
Endif
If _AD_IsMemberOf("Group") = 1 Then
  MsgBox(0,"AD","User is member of group xx")
  Exit
Endif
_AD_Close()

If you are running Windows 7 you get more information if the userid/password is invalid, account is locked etc.

Water - Question for you. I am running this under WinXP. _AD_Open ( "Username", "Password")

If I use this with the correct password or wrong password, I receive a value of Success - 1 and @error of 0. Is that because I am running this under WinXP?

[water 1,871]

Is that because I am running this under WinXP?

Correct. Windows XP is not very good in returning useful error information.

You can either use the test version of the enhanced _AD_Open. Or you can wait for version 0.40 of the UDF which will be released in the next 2-3 weeks.

Both functions set @error = 8 on Windows XP if the userid or password is invalid.

On Windows 7 you get an error array and @error is set to the Windows32 error code of the last LDAP function call.

[Lew 0]

Correct. Windows XP is not very good in returning useful error information.

You can either use the test version of the enhanced _AD_Open. Or you can wait for version 0.40 of the UDF which will be released in the next 2-3 weeks.

Both functions set @error = 8 on Windows XP if the userid or password is invalid.

On Windows 7 you get an error array and @error is set to the Windows32 error code of the last LDAP function call.

Thanks water, That test version worked for me.