_AD -> Use specific domain controller

[bartekd]

Hello All,

Using the active directory UDF's that someone has created, am I able to make a change on a specific domain controller? At my work, there are a couple different domain controllers, so I believe it connects to the one that I am currently connected to. What I would like is to connect to a specific server every time.

I have looked, and tried, and can't seem to get it to work. I believe it is with this statement that it needs to be done. Please let me know.

Here is the code that I am using to test how it works. Let me know if there is anything else that is needed.

expandcollapse popup

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Deletes an AD object.
; *****************************************************************************
#include <AD.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>

; Open Connection to the Active Directory

$SUserId = "UserName"
$SPassword = "Password"
$SDNSDomain = "DC=**domain name**,DC=com"
$SHostServer = "dOMAIN CONTROLLER.DOMAINNAME.com"
$SConfiguration = "CN=dOMAIN CONTROLLER,CN=Sites,CN=Configuration,DC=dOMAIN NAME,DC=com"


_AD_Open($SUserId, $SPassword, $SDNSDomain, $SHostServer, $SConfiguration)
;~ _AD_Open()

Global $iReply = MsgBox(308, "Active Directory Functions - Example 1", "This script deletes an AD object." & @CRLF & @CRLF & _
        "Are you sure you want to change the Active Directory?")
If $iReply <> 6 Then Exit

; Enter object to delete
#region ### START Koda GUI section ### Form=
Global $Form1 = GUICreate("Active Directory Functions - Example 1", 814, 124)
GUICtrlCreateLabel("Object to delete (FQDN or sAMAcccountName):", 8, 10, 231, 17)
Global $IObject = GUICtrlCreateInput("", 241, 8, 559, 21)
Global $BOK = GUICtrlCreateButton("Delete object", 8, 72, 130, 33)
Global $BCancel = GUICtrlCreateButton("Cancel", 728, 72, 73, 33, BitOR($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON))
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###

While 1
    Global $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE, $BCancel
            Exit
        Case $BOK
            Global $sObject = GUICtrlRead($IObject)
            ExitLoop
    EndSwitch
WEnd

; Delete object
Global $iValue = _AD_DeleteObject($sObject, _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject)))
If $iValue = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' successfully deleted")
ElseIf @error = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' does not exist")
Else
    MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf

; Close Connection to the Active Directory
_AD_Close()

[water]

Why do you want to make a change on a specific DC?

You connect to a DC, make a change and the change is replicated to all DCs in the domain by AD.

So it doesn's seem to make sense to connect to a specific DC.

To make sure you have the correct parameters for _AD_Open I would run the following script and then change $sHostServer:

#include 
_AD_Open()
ConsoleWrite("$sAD_DNSDomain: " & $sAD_DNSDomain & @CRLF)
ConsoleWrite("$sAD_HostServer: " & $sAD_HostServer & @CRLF)
ConsoleWrite("$sAD_Configuration: " & $sAD_Configuration & @CRLF)
_AD_Close()

[hannes08]

Hi water,

sometimes it is easier to use a specific DC, for example we have a singe domain that has 10 DCs. 3 of them are local the others in remote locations. So, for example, if you are located in USA and query a DC that's in Indonesia it will become veeery slow.

[water]

Yes, but I think when you logon without specifiying a DC Active Directory connects you to the nearest DC? Connecting to another DC only makes sense in my eyes if you have subdomains that are not replicated to every DC.

But I'm ready to leran something new every day

[bartekd]

Thanks Hannes123,

Thats one of the reasons. I know that once you make the change to one of the DCs, it will replicate, but Every server keeps event logs of what was done on that server (and the event logs only stay on the server that you made the change on). We use these event logs to run reports. We need to run reports for certain user deletions, and I thought it would be easier to just delete the users that I need off of the one domain controller if I will need a report for them.

The other reason is yes, there are multiple sites at my location. So if I want to reset a password for a user in another site, I reset it on my computer, which uses the domain controller I am currently connected to. if I reset it, the user in the other location will have to wait until all the info replicates over before they can log in.

hope that all makes sense.

If possible, I would like to not input the username and password. something like this, but it doesn't want to work.

$SDNSDomain = "DC=**domain name**,DC=com"
$SHostServer = "dOMAIN CONTROLLER.DOMAINNAME.com"
$SConfiguration = "CN=dOMAIN CONTROLLER,CN=Sites,CN=Configuration,DC=dOMAIN NAME,DC=com"


_AD_Open($SDNSDomain, $SHostServer, $SConfiguration)

[water]

hope that all makes sense.

It perfectly does

If possible, I would like to not input the username and password. something like this, but it doesn't want to work.

$SDNSDomain = "DC=**domain name**,DC=com"
$SHostServer = "dOMAIN CONTROLLER.DOMAINNAME.com"
$SConfiguration = "CN=dOMAIN CONTROLLER,CN=Sites,CN=Configuration,DC=dOMAIN NAME,DC=com"
_AD_Open($SDNSDomain, $SHostServer, $SConfiguration)

Use:

_AD_Open("", "", $SDNSDomain, $SHostServer, $SConfiguration)

UserId and password have to be specified (or be blank) if you use the other parameters.

[jvanegmond]

It would probably be a much better idea to deploy a log management tool. Check out this list of free log management tools. It was updated only days ago.

[bartekd]

Thanks again Water. I receive the below message after I try it this way. This is the error code (-2147352567)

[water]

I think you should change

$SConfiguration = "CN=dOMAIN CONTROLLER,CN=Sites,CN=Configuration,DC=dOMAIN NAME,DC=com"

to

$SConfiguration = "CN=Configuration,DC=dOMAIN NAME,DC=com"

[bartekd]

I did that, and I still get the same reply.

To make sure that I have the right settings, I ran this on the domain controller, and got the output.

_AD_Open()

ClipPut("$sAD_DNSDomain: " & $sAD_DNSDomain & @CRLF & "$sAD_HostServer: " & $sAD_HostServer & @CRLF & "$sAD_Configuration: " & $sAD_Configuration & @CRLF)
_AD_Close()

[water]

Which version of the UDF do you run? In 0.43 (the latest) line 4040 is a comment line.

[bartekd]

I think I have got it to work. I changed this

Global $iValue = _AD_DeleteObject($sObject, _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject)))

to this

Global $iValue = _AD_DeleteObject($sObject, "user")

Just going to check everything, and make sure the change was made on the right domain controller.

[water]

I think you problem is caused by an invalid FQDN which is entered into the GUI.

To handle this error please change part of the code as follows:

; Check if object exists
If Not _AD_ObjectExists Then Exit MsgBox(16, "Active Directory Functions - Example 1", "Object '" & $sObject & "' does not exist")
; Delete object
Global $iValue = _AD_DeleteObject($sObject, _AD_GetObjectClass($sObject))
If $iValue = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' successfully deleted")
ElseIf @error = 1 Then
    MsgBox(16, "Active Directory Functions - Example 1", "Object '" & $sObject & "' does not exist")
Else
    MsgBox(16, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf

[bartekd]

thanks again water. You have been a great help.