Sign in to follow this  
Followers 0
Bodman

How to Query Distinguished Name in AD

42 posts in this topic

#1 ·  Posted (edited)

Hi, I am trying to output 2 figures from AD

The First is to count how many users in AD have the String OU=C3084* in the Distinguished name attribute and

the second is of the first output how many have them have the mail attribute set.

I have read what feels like the entire internet about adfunctions but im not sure how to start Can anyone point me in the right direction please

I was trying to run a query like this

$objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(ou=*c3408*)); distinguishedname,mail;subtree"

to no avail :x

Any pointers in the right direction appreciated

//Bodman

Edited by Bodman

Share this post


Link to post
Share on other sites



Did you have a look at Active Directory UDF?

There isn't anything in there to help you?


SNMP_UDF ... for SNMPv1 and v2c so far, GetBulk and a new example script

wannabe "Unbeatable" Tic-Tac-Toe

Paper-Scissor-Rock ... try to beat it anyway :)

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

To get all users with mail attribute set you could use

#include <ad.au3>
_AD_Open()
$aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")
_ArrayDisplay($aResult)
_AD_Close()

I'm investigating how to query the OU.

Edit: Unfortunately you can't use a wildcard with a distinguishedName (according to the X.500 standards). So you have to do it yourself:

#include <ad.au3>
Global $aResult[1]
$sOU = "OU=C3084"
_AD_Open()
$aOUs = _AD_GetAllOUs()
For $iIndex = 1 To $aOUs[0][0]
    $aTemp = StringSplit($aOUs[$iIndex][1], ",")
    If StringInStr($aTemp[1], $sOU) > 0 Then
        $aMail = _AD_GetObjectsInOU($aOUs[$iIndex][1],"(&(objectCategory=person)(objectClass=user)(mail=*))",1,"samAccountName")
        _ArrayConcatenate($aResult, $aMail, 1)
    EndIf
Next
$aResult[0] = UBound($aResult, 1) - 1
_ArrayDisplay($aResult)
_AD_Close()

This example gets a list of all OUs in your AD, searches for OUs starting with C3084 and queries each of this OUs for all users with attribute mail <> "" and returns the samaccountname. The result is concatenated to a result table.

If you want to get more then the samaccountname then you have to do the concatenation yourself as _ArrayConcatenate only works for 1-dimensional arrays.

Howto use LDAP-Filters: SelfADSI

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Well - you're lucky - you got the help from the person who wrote the UDF :x


SNMP_UDF ... for SNMPv1 and v2c so far, GetBulk and a new example script

wannabe "Unbeatable" Tic-Tac-Toe

Paper-Scissor-Rock ... try to beat it anyway :)

Share this post


Link to post
Share on other sites

Brilliant thank you (you should see the weird and wonderfull scripts ive been writing to try and get this to work). Ill start trying again now :x

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

ok im missing something here if I run

#include <ad.au3>
_AD_Open()
$aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user))",2,"samAccountName")
_ArrayDisplay($aResult)
_AD_Close()

I removed the (mail=*) to try and get a list of all users first but I dont get anything at all returned :P

I ran

#include <AD.au3>
_AD_Open()
ConsoleWrite($sAD_DNSDomain & @CRLF)
ConsoleWrite($sAD_HostServer & @CRLF)
ConsoleWrite($sAD_Configuration & @CRLF)
_AD_Close()

and got

DC=mydomain,DC=net

s0000664.mydomain.net

CN=Configuration,DC=mydomain,DC=net

and tried to add that to _AD_Open()but as far as I can see its opening the connection as I get a error code of 1 :x

My domain is 5 levels could that have something to do with it ?

Domain

Continent

Country

Site

SiteID

Users

Although if I run the LDAP query

$objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)); name,sAMAccountName,distinguishedname;subtree"

it dumps everything :shifty:

Any help appreciated :nuke:

Bod

Edited by Bodman

Share this post


Link to post
Share on other sites

If you run the _AD_GetobjectsInOU example script - what do you get?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

If you run the _AD_GetobjectsInOU example script - what do you get?

If I run your ADAudit.au3 script and try any queries I get the error (Is this what u want me to try)

Error 1 in _AD_GetObjectsInOU processing your query:.........

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

If I run your ADAudit.au3 script and try any queries I get the error (Is this what u want me to try)

Error 1 in _AD_GetObjectsInOU processing your query:.........

No, in the AD.ZIP file there is an example script for every function of the Active Directory UDF.

So you can find a _AD_GetObjectsInOU.au3 in the ZIP file.

What do you get if you run this example script?

BTW: Which version of the UDF do you run (can be found in the header - line 11 - of AD.au3)

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

No, in the AD.ZIP file there is an example script for every function of the Active Directory UDF.

So you can find a _AD_GetObjectsInOU.au3 in the ZIP file.

What do you get if you run this example script?

BTW: Which version of the UDF do you run (can be found in the header - line 11 - of AD.au3)

UDF Version ...: 0.42

Sry I missed the examples in there (DOH) if I run the example script I get a list of everyone in the Same OU that I am in :) (Example 1 - so it appears to work fine ;) )

post-52553-0-37936700-1295607911_thumb.g

Edited by Bodman

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

it looks like if I add

#include <AD.au3>

; Get FQDN for the currently logged on user
Global $sFQDN = _AD_SamAccountNameToFQDN()

; Strip off the CN
Global $iPos = StringInStr($sFQDN, ",")
Global $sOU = StringMid($sFQDN, $iPos + 1)

Global $aObjects[1][1]

from the example file then the script may work :)

//Bod

Edited by Bodman

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

As the example script works there just seems to be a problem with the other script.

... then the script may work :)

What script are you talking about? My script posted in or do you have your own version? Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

Sorry im confusing things, OK

If I run the original script from #3

#include <ad.au3>
_AD_Open()
$aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")
_ArrayDisplay($aResult)
_AD_Close()

I cant get that to work (The script runs, then exits)

However if I take the first part from your example and add it to that script it appears to work.

#include <ad.au3>
_AD_Open()

; Get FQDN for the currently logged on user
Global $sFQDN = _AD_SamAccountNameToFQDN()


; Strip off the CN
Global $iPos = StringInStr($sFQDN, ",")
Global $sOU = StringMid($sFQDN, $iPos + 1)

Global $aObjects[1][1]


$aResult = _AD_GetObjectsInOU($sOU,"(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")
_ArrayDisplay($aResult)
_AD_Close()

It looks like for me that the line

$aResult = _AD_GetObjectsInOU($sOU,"(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")

must have the OU set $sOU instead of "" although as far as I can see "" should be enough to make it work.

//Bod

Edited by Bodman

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

I'm confused :)

In function _AD_GetObjectsInOU the first parameter (starting OU) is replaced with $sAD_DNSDomain if empty.

In your example you start to search in the OU where the currently logged on userid is located.

So:

"" is replaced with "DC=mydomain,DC=net" => should search the entire tree

"OU=User_Accounts,DC=mydomain,DC=net" => only searches the OU (and children) where your userid is located. So you only get a subset of the possible results.

Be sure that parameter 3 ($iAD_SearchScope) is set to 2 so the starting OU plus sub-tree is scanned!

Be sure that the first parameter is two double quotes without a space between them: "" yiels correct results, " " yields nothing!

Let's do some error checking to trap this down:

#include <ad.au3>
$iResult = _AD_Open()
MsgBox(16, "_AD_Open", "Result: " & $iResult & @CRLF & "Error: " & @error & @CRLF & "Extended: " & @extended)
$aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")
$iError = @error
$iExtended = @extended
If IsArray($aResult) Then
    _ArrayDisplay($aResult)
Else
    MsgBox(16, "_AD_GetObjectsInOU", "Result: " & $aResult & @CRLF & "Error: " & $iError & @CRLF & "Extended: " & $iExtended)
EndIf
_AD_Close()

Could you please run this script and post the results?

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

OK ive attached the results (Screenshots)

post-52553-0-74935900-1295612522_thumb.g

post-52553-0-83943400-1295612530_thumb.g

Share this post


Link to post
Share on other sites

#16 ·  Posted (edited)

Sorry, I had to edit the script (didn't return the correct @error information).

Could you please rerun the script as it is now and just post the result of the second msgbox?

Thanks

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

second box :)

post-52553-0-59500500-1295613386_thumb.g

Share this post


Link to post
Share on other sites

#18 ·  Posted (edited)

Sh......t! Once again I introduced a bug in this simple script!

I once more edited the script. Could you please rerun it?

_AD_GetObjectsInOU(" ", ..)
had to be changed to
_AD_GetObjectsInOU("", ..)

Edit: Have to leave now for the weekend. I'm sure we will trap down this problem in the next few days :)

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

here you go

Can I just say thanks for all your time your putting into this. its been driving me insane trying to get it working

post-52553-0-26701800-1295615650_thumb.g

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

Can I just say thanks for all your time your putting into this.

Can't help - it's my baby :)

@error = 3 means: No records returned from Active Directory. $sAD_Filter didn't return a record

So let's reduce the filter! Could you please try this little test script:

#include <ad.au3>
$iResult = _AD_Open()
$aResult = _AD_GetObjectsInOU("","(mail=*)",2,"samAccountName")
$iError = @error
$iExtended = @extended
If IsArray($aResult) Then
    _ArrayDisplay($aResult)
Else
    MsgBox(16, "_AD_GetObjectsInOU", "Result: " & $aResult & @CRLF & "Error: " & $iError & @CRLF & "Extended: " & $iExtended)
EndIf
_AD_Close()
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0