Jump to content
Sign in to follow this  
Bodman

How to Query Distinguished Name in AD

Recommended Posts

Bodman

Hi, I am trying to output 2 figures from AD

The First is to count how many users in AD have the String OU=C3084* in the Distinguished name attribute and

the second is of the first output how many have them have the mail attribute set.

I have read what feels like the entire internet about adfunctions but im not sure how to start Can anyone point me in the right direction please

I was trying to run a query like this

$objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(ou=*c3408*)); distinguishedname,mail;subtree"

to no avail :x

Any pointers in the right direction appreciated

//Bodman

Edited by Bodman

Share this post


Link to post
Share on other sites
enaiman

Did you have a look at Active Directory UDF?

There isn't anything in there to help you?


SNMP_UDF ... for SNMPv1 and v2c so far, GetBulk and a new example script

wannabe "Unbeatable" Tic-Tac-Toe

Paper-Scissor-Rock ... try to beat it anyway :)

Share this post


Link to post
Share on other sites
water

To get all users with mail attribute set you could use

#include <ad.au3>
_AD_Open()
$aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")
_ArrayDisplay($aResult)
_AD_Close()

I'm investigating how to query the OU.

Edit: Unfortunately you can't use a wildcard with a distinguishedName (according to the X.500 standards). So you have to do it yourself:

#include <ad.au3>
Global $aResult[1]
$sOU = "OU=C3084"
_AD_Open()
$aOUs = _AD_GetAllOUs()
For $iIndex = 1 To $aOUs[0][0]
    $aTemp = StringSplit($aOUs[$iIndex][1], ",")
    If StringInStr($aTemp[1], $sOU) > 0 Then
        $aMail = _AD_GetObjectsInOU($aOUs[$iIndex][1],"(&(objectCategory=person)(objectClass=user)(mail=*))",1,"samAccountName")
        _ArrayConcatenate($aResult, $aMail, 1)
    EndIf
Next
$aResult[0] = UBound($aResult, 1) - 1
_ArrayDisplay($aResult)
_AD_Close()

This example gets a list of all OUs in your AD, searches for OUs starting with C3084 and queries each of this OUs for all users with attribute mail <> "" and returns the samaccountname. The result is concatenated to a result table.

If you want to get more then the samaccountname then you have to do the concatenation yourself as _ArrayConcatenate only works for 1-dimensional arrays.

Howto use LDAP-Filters: SelfADSI

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
enaiman

Well - you're lucky - you got the help from the person who wrote the UDF :x


SNMP_UDF ... for SNMPv1 and v2c so far, GetBulk and a new example script

wannabe "Unbeatable" Tic-Tac-Toe

Paper-Scissor-Rock ... try to beat it anyway :)

Share this post


Link to post
Share on other sites
Bodman

Brilliant thank you (you should see the weird and wonderfull scripts ive been writing to try and get this to work). Ill start trying again now :x

Share this post


Link to post
Share on other sites
Bodman

ok im missing something here if I run

#include <ad.au3>
_AD_Open()
$aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user))",2,"samAccountName")
_ArrayDisplay($aResult)
_AD_Close()

I removed the (mail=*) to try and get a list of all users first but I dont get anything at all returned :P

I ran

#include <AD.au3>
_AD_Open()
ConsoleWrite($sAD_DNSDomain & @CRLF)
ConsoleWrite($sAD_HostServer & @CRLF)
ConsoleWrite($sAD_Configuration & @CRLF)
_AD_Close()

and got

DC=mydomain,DC=net

s0000664.mydomain.net

CN=Configuration,DC=mydomain,DC=net

and tried to add that to _AD_Open()but as far as I can see its opening the connection as I get a error code of 1 :x

My domain is 5 levels could that have something to do with it ?

Domain

Continent

Country

Site

SiteID

Users

Although if I run the LDAP query

$objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)); name,sAMAccountName,distinguishedname;subtree"

it dumps everything :shifty:

Any help appreciated :nuke:

Bod

Edited by Bodman

Share this post


Link to post
Share on other sites
water

If you run the _AD_GetobjectsInOU example script - what do you get?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Bodman

If you run the _AD_GetobjectsInOU example script - what do you get?

If I run your ADAudit.au3 script and try any queries I get the error (Is this what u want me to try)

Error 1 in _AD_GetObjectsInOU processing your query:.........

Share this post


Link to post
Share on other sites
water

If I run your ADAudit.au3 script and try any queries I get the error (Is this what u want me to try)

Error 1 in _AD_GetObjectsInOU processing your query:.........

No, in the AD.ZIP file there is an example script for every function of the Active Directory UDF.

So you can find a _AD_GetObjectsInOU.au3 in the ZIP file.

What do you get if you run this example script?

BTW: Which version of the UDF do you run (can be found in the header - line 11 - of AD.au3)

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Bodman

No, in the AD.ZIP file there is an example script for every function of the Active Directory UDF.

So you can find a _AD_GetObjectsInOU.au3 in the ZIP file.

What do you get if you run this example script?

BTW: Which version of the UDF do you run (can be found in the header - line 11 - of AD.au3)

UDF Version ...: 0.42

Sry I missed the examples in there (DOH) if I run the example script I get a list of everyone in the Same OU that I am in :) (Example 1 - so it appears to work fine ;) )

post-52553-0-37936700-1295607911_thumb.g

Edited by Bodman

Share this post


Link to post
Share on other sites
Bodman

it looks like if I add

#include <AD.au3>

; Get FQDN for the currently logged on user
Global $sFQDN = _AD_SamAccountNameToFQDN()

; Strip off the CN
Global $iPos = StringInStr($sFQDN, ",")
Global $sOU = StringMid($sFQDN, $iPos + 1)

Global $aObjects[1][1]

from the example file then the script may work :)

//Bod

Edited by Bodman

Share this post


Link to post
Share on other sites
water

As the example script works there just seems to be a problem with the other script.

... then the script may work :)

What script are you talking about? My script posted in or do you have your own version? Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Bodman

Sorry im confusing things, OK

If I run the original script from #3

#include <ad.au3>
_AD_Open()
$aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")
_ArrayDisplay($aResult)
_AD_Close()

I cant get that to work (The script runs, then exits)

However if I take the first part from your example and add it to that script it appears to work.

#include <ad.au3>
_AD_Open()

; Get FQDN for the currently logged on user
Global $sFQDN = _AD_SamAccountNameToFQDN()


; Strip off the CN
Global $iPos = StringInStr($sFQDN, ",")
Global $sOU = StringMid($sFQDN, $iPos + 1)

Global $aObjects[1][1]


$aResult = _AD_GetObjectsInOU($sOU,"(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")
_ArrayDisplay($aResult)
_AD_Close()

It looks like for me that the line

$aResult = _AD_GetObjectsInOU($sOU,"(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")

must have the OU set $sOU instead of "" although as far as I can see "" should be enough to make it work.

//Bod

Edited by Bodman

Share this post


Link to post
Share on other sites
water

I'm confused :)

In function _AD_GetObjectsInOU the first parameter (starting OU) is replaced with $sAD_DNSDomain if empty.

In your example you start to search in the OU where the currently logged on userid is located.

So:

"" is replaced with "DC=mydomain,DC=net" => should search the entire tree

"OU=User_Accounts,DC=mydomain,DC=net" => only searches the OU (and children) where your userid is located. So you only get a subset of the possible results.

Be sure that parameter 3 ($iAD_SearchScope) is set to 2 so the starting OU plus sub-tree is scanned!

Be sure that the first parameter is two double quotes without a space between them: "" yiels correct results, " " yields nothing!

Let's do some error checking to trap this down:

#include <ad.au3>
$iResult = _AD_Open()
MsgBox(16, "_AD_Open", "Result: " & $iResult & @CRLF & "Error: " & @error & @CRLF & "Extended: " & @extended)
$aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")
$iError = @error
$iExtended = @extended
If IsArray($aResult) Then
    _ArrayDisplay($aResult)
Else
    MsgBox(16, "_AD_GetObjectsInOU", "Result: " & $aResult & @CRLF & "Error: " & $iError & @CRLF & "Extended: " & $iExtended)
EndIf
_AD_Close()

Could you please run this script and post the results?

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Bodman

OK ive attached the results (Screenshots)

post-52553-0-74935900-1295612522_thumb.g

post-52553-0-83943400-1295612530_thumb.g

Share this post


Link to post
Share on other sites
water

Sorry, I had to edit the script (didn't return the correct @error information).

Could you please rerun the script as it is now and just post the result of the second msgbox?

Thanks

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Bodman

second box :)

post-52553-0-59500500-1295613386_thumb.g

Share this post


Link to post
Share on other sites
water

Sh......t! Once again I introduced a bug in this simple script!

I once more edited the script. Could you please rerun it?

_AD_GetObjectsInOU(" ", ..)
had to be changed to
_AD_GetObjectsInOU("", ..)

Edit: Have to leave now for the weekend. I'm sure we will trap down this problem in the next few days :)

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Bodman

here you go

Can I just say thanks for all your time your putting into this. its been driving me insane trying to get it working

post-52553-0-26701800-1295615650_thumb.g

Share this post


Link to post
Share on other sites
water

Can I just say thanks for all your time your putting into this.

Can't help - it's my baby :)

@error = 3 means: No records returned from Active Directory. $sAD_Filter didn't return a record

So let's reduce the filter! Could you please try this little test script:

#include <ad.au3>
$iResult = _AD_Open()
$aResult = _AD_GetObjectsInOU("","(mail=*)",2,"samAccountName")
$iError = @error
$iExtended = @extended
If IsArray($aResult) Then
    _ArrayDisplay($aResult)
Else
    MsgBox(16, "_AD_GetObjectsInOU", "Result: " & $aResult & @CRLF & "Error: " & $iError & @CRLF & "Extended: " & $iExtended)
EndIf
_AD_Close()
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×