Sign in to follow this  
Followers 0
bartekd

_AD -> Use specific domain controller

14 posts in this topic

Hello All,

Using the active directory UDF's that someone has created, am I able to make a change on a specific domain controller? At my work, there are a couple different domain controllers, so I believe it connects to the one that I am currently connected to. What I would like is to connect to a specific server every time.

I have looked, and tried, and can't seem to get it to work. I believe it is with this statement that it needs to be done. Please let me know.

Here is the code that I am using to test how it works. Let me know if there is anything else that is needed.

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Deletes an AD object.
; *****************************************************************************
#include <AD.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>

; Open Connection to the Active Directory

$SUserId = "UserName"
$SPassword = "Password"
$SDNSDomain = "DC=**domain name**,DC=com"
$SHostServer = "dOMAIN CONTROLLER.DOMAINNAME.com"
$SConfiguration = "CN=dOMAIN CONTROLLER,CN=Sites,CN=Configuration,DC=dOMAIN NAME,DC=com"


_AD_Open($SUserId, $SPassword, $SDNSDomain, $SHostServer, $SConfiguration)
;~ _AD_Open()

Global $iReply = MsgBox(308, "Active Directory Functions - Example 1", "This script deletes an AD object." & @CRLF & @CRLF & _
        "Are you sure you want to change the Active Directory?")
If $iReply <> 6 Then Exit

; Enter object to delete
#region ### START Koda GUI section ### Form=
Global $Form1 = GUICreate("Active Directory Functions - Example 1", 814, 124)
GUICtrlCreateLabel("Object to delete (FQDN or sAMAcccountName):", 8, 10, 231, 17)
Global $IObject = GUICtrlCreateInput("", 241, 8, 559, 21)
Global $BOK = GUICtrlCreateButton("Delete object", 8, 72, 130, 33)
Global $BCancel = GUICtrlCreateButton("Cancel", 728, 72, 73, 33, BitOR($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON))
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###

While 1
    Global $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE, $BCancel
            Exit
        Case $BOK
            Global $sObject = GUICtrlRead($IObject)
            ExitLoop
    EndSwitch
WEnd

; Delete object
Global $iValue = _AD_DeleteObject($sObject, _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject)))
If $iValue = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' successfully deleted")
ElseIf @error = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' does not exist")
Else
    MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf

; Close Connection to the Active Directory
_AD_Close()

Share this post


Link to post
Share on other sites



Why do you want to make a change on a specific DC?

You connect to a DC, make a change and the change is replicated to all DCs in the domain by AD.

So it doesn's seem to make sense to connect to a specific DC.

To make sure you have the correct parameters for _AD_Open I would run the following script and then change $sHostServer:

#include 
_AD_Open()
ConsoleWrite("$sAD_DNSDomain: " & $sAD_DNSDomain & @CRLF)
ConsoleWrite("$sAD_HostServer: " & $sAD_HostServer & @CRLF)
ConsoleWrite("$sAD_Configuration: " & $sAD_Configuration & @CRLF)
_AD_Close()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi water,

sometimes it is easier to use a specific DC, for example we have a singe domain that has 10 DCs. 3 of them are local the others in remote locations. So, for example, if you are located in USA and query a DC that's in Indonesia it will become veeery slow.

:)


Regards,Hannes[spoiler]If you can't convince them, confuse them![/spoiler]

Share this post


Link to post
Share on other sites

Yes, but I think when you logon without specifiying a DC Active Directory connects you to the nearest DC? Connecting to another DC only makes sense in my eyes if you have subdomains that are not replicated to every DC.

But I'm ready to leran something new every day :)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Thanks Hannes123,

Thats one of the reasons. I know that once you make the change to one of the DCs, it will replicate, but Every server keeps event logs of what was done on that server (and the event logs only stay on the server that you made the change on). We use these event logs to run reports. We need to run reports for certain user deletions, and I thought it would be easier to just delete the users that I need off of the one domain controller if I will need a report for them.

The other reason is yes, there are multiple sites at my location. So if I want to reset a password for a user in another site, I reset it on my computer, which uses the domain controller I am currently connected to. if I reset it, the user in the other location will have to wait until all the info replicates over before they can log in.

hope that all makes sense. :)

If possible, I would like to not input the username and password. something like this, but it doesn't want to work.

$SDNSDomain = "DC=**domain name**,DC=com"
$SHostServer = "dOMAIN CONTROLLER.DOMAINNAME.com"
$SConfiguration = "CN=dOMAIN CONTROLLER,CN=Sites,CN=Configuration,DC=dOMAIN NAME,DC=com"


_AD_Open($SDNSDomain, $SHostServer, $SConfiguration)

Share this post


Link to post
Share on other sites

hope that all makes sense. :)

It perfectly does :)

If possible, I would like to not input the username and password. something like this, but it doesn't want to work.

$SDNSDomain = "DC=**domain name**,DC=com"
$SHostServer = "dOMAIN CONTROLLER.DOMAINNAME.com"
$SConfiguration = "CN=dOMAIN CONTROLLER,CN=Sites,CN=Configuration,DC=dOMAIN NAME,DC=com"
_AD_Open($SDNSDomain, $SHostServer, $SConfiguration)

Use:

_AD_Open("", "", $SDNSDomain, $SHostServer, $SConfiguration)

UserId and password have to be specified (or be blank) if you use the other parameters.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Thanks again Water. I receive the below message after I try it this way. This is the error code (-2147352567)

post-47970-0-92424800-1301573961_thumb.j

Share this post


Link to post
Share on other sites

I think you should change

$SConfiguration = "CN=dOMAIN CONTROLLER,CN=Sites,CN=Configuration,DC=dOMAIN NAME,DC=com"
to

$SConfiguration = "CN=Configuration,DC=dOMAIN NAME,DC=com"

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I did that, and I still get the same reply.

To make sure that I have the right settings, I ran this on the domain controller, and got the output.

_AD_Open()

ClipPut("$sAD_DNSDomain: " & $sAD_DNSDomain & @CRLF & "$sAD_HostServer: " & $sAD_HostServer & @CRLF & "$sAD_Configuration: " & $sAD_Configuration & @CRLF)
_AD_Close()

Share this post


Link to post
Share on other sites

Which version of the UDF do you run? In 0.43 (the latest) line 4040 is a comment line.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I think I have got it to work. I changed this

Global $iValue = _AD_DeleteObject($sObject, _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject)))

to this

Global $iValue = _AD_DeleteObject($sObject, "user")

Just going to check everything, and make sure the change was made on the right domain controller.

Share this post


Link to post
Share on other sites

I think you problem is caused by an invalid FQDN which is entered into the GUI.

To handle this error please change part of the code as follows:

; Check if object exists
If Not _AD_ObjectExists Then Exit MsgBox(16, "Active Directory Functions - Example 1", "Object '" & $sObject & "' does not exist")
; Delete object
Global $iValue = _AD_DeleteObject($sObject, _AD_GetObjectClass($sObject))
If $iValue = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' successfully deleted")
ElseIf @error = 1 Then
    MsgBox(16, "Active Directory Functions - Example 1", "Object '" & $sObject & "' does not exist")
Else
    MsgBox(16, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

thanks again water. You have been a great help. :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0