Sign in to follow this  
Followers 0
stephend

_AD_OPEN() for specific user

8 posts in this topic

Hi,

I would like to thank whoever worked on the AD functions, they are fantasic. I have a newbie question about _AD_OPEN(). Only some of our users exist in AD, before I try and map a drive to a Windows share I would like to check that they exist in AD and that their user name and password are correct, this is because if they don't exist or if their password is wrong there is a delay of 30 seconds or so before "net use" or "Drive Map Add" time out. I'm trying to use _AD_OPEN() like this

#include<AD.au3>
$var=_AD_OPEN("username","password","domain")
msgbox(262144,"",$var)

If our domain is "wbstest" I've tried the username as "wbstest\testuser" and "testuser". I've entered the domain as "wbstest". If I don't specify a username or password _AD_OPEN() works fine - testing for membership of a group works. If I specify the username or password whether right or wrong _AD_OPEN() always returns 1. If I specify the domain too, it always returns 0 even if the username and password are correct. I think I must be missing something obvious - could someone please provide an example of how to use _AD_OPEN() for a particular user and password? Or should I be using another function to try and achieve my goal?

Thanks for your help,

Stephen

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Hi,

you use _AD_Open either with 0, 2 or 5 parameters. So

#include<AD.au3>
$var=_AD_OPEN("username","password")
msgbox(262144,"_AD_Open","Returnvalue: " & $var & @CRLF & "@error: " & @error & @CRLF & "@extended: " & @Extended)
should work fine.

Every _AD-function sets @error and @extended (if available) if an error occurres.

If you have only one domain and the computer already is a member of the domain then the above example should work fine.

If you have multiple domains or the computer isn't a member of a domain then you have to specify at least parameter 3-5.

PS: For every function a html help file is provided.

PPS: What operating system do you use? Starting with Windows Vista additional information can be retrieved 8function _AD_GetLastADSIError) which informs you about the following errors:

525 - user not found

52e - invalid credentials

530 - not permitted to logon at this time

532 - password expired

533 - account disabled

701 - account expired

773 - user must reset password

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Water,

Thanks for your prompt reply. I can see now I was working with an older version of AD.au3, it seems to be working better with the new version and the html help files are a big plus.

I'm still getting some inconsistency but I think that may be down to my test environment, don't want to bother you anymore till I've done everything I can at my end.

Thanks again,

Stephen

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Hello,

I got en arror when I try to connect with a specific user

_AD_Open("LDAPadm", "admPWD", "domain.local", "server", "CN=Configuration,DC=domain,DC=local", 2)

C:\Program Files\AutoIt3\Include\AD.au3 (4147) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:

$aAD_TempError = StringSplit(StringStripWS($aAD_TempError[3], 7), " ")

$aAD_TempError = StringSplit(StringStripWS(^ ERROR

->18:45:45 AutoIT3.exe ended.rc:1

I add an _ArrayDisplay to get the content of $aAD_LastError

Func _AD_GetLastADSIError()
  Local $aAD_LastError[6] = [5]
  Local $EC = DllStructCreate("DWord")
  Local $ED = DllStructCreate("wchar[256]")
  Local $PN = DllStructCreate("wchar[256]")
  ; ADsGetLastError: http://msdn.microsoft.com/en-us/library/aa772183(VS.85).aspx
  DllCall("Activeds.dll", "DWORD", "ADsGetLastError", "ptr", DllStructGetPtr($EC), "ptr", DllStructGetPtr($ED), "DWORD", 256, "ptr", DllStructGetPtr($PN), "DWORD", 256)
  If @error <> 0 Then Return SetError(@error, @extended, "")
  $aAD_LastError[1] = DllStructGetData($EC, 1) ; error code (decimal)
  $aAD_LastError[2] = DllStructGetData($ED, 1) ; Unicode string that describes the error
  $aAD_LastError[3] = DllStructGetData($PN, 1) ; name of the provider that raised the error
  _ArrayDisplay($aAD_LastError)
  ; Old version to set element 4
  ; Local $sAD_Error = StringTrimLeft($aAD_LastError[2], StringInStr($aAD_LastError[2], "AcceptSecurityContext", 2))
  ; $sAD_Error = StringTrimLeft($sAD_Error, StringInStr($sAD_Error, " data", 2) + 5)
  ; $aAD_LastError[4] = StringTrimRight($sAD_Error, StringLen($sAD_Error) - StringInStr($sAD_Error, ", vece", 2) + 1)
  Local $aAD_TempError = StringSplit($aAD_LastError[2], ",")
  $aAD_TempError = StringSplit(StringStripWS($aAD_TempError[3], 7), " ")
  $aAD_LastError[4] = $aAD_TempError[2]
  _WinAPI_FormatMessage($__WINAPICONSTANT_FORMAT_MESSAGE_FROM_SYSTEM, 0, Dec($aAD_LastError[4]), 0, $aAD_LastError[5], 4096, 0)
  Return $aAD_LastError
EndFunc   ;==>_AD_GetLastADSIError

and the array $aAD_LastError contain only :

[0]|5

[1]|0

[2]|

[3]|LDAP Provider

[4]|

[5]|

The problem is that $aAD_LastError[2] is empty, and so $aAD_TempError[3] too

I haven't this error with _AD_Open("LDAPadm", "admPWD") nor _AD_Open(), so I change the default method in AD.au3 for _AD_Open to

;~ Func _AD_Open($sAD_UserIdParam = "", $sAD_PasswordParam = "", $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = "", $fAD_Security = 0)
Func _AD_Open($sAD_UserIdParam = "", $sAD_PasswordParam = "", $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = "", $fAD_Security = 2)

But without success :graduated:

Additionnaly, I got an other error with _AD_ModifyAttribute (can't post the complete code, display is not good after submit?!) :

_AD_ModifyAttribute($s_Login, "description" & $s_Description)

I always go to Error : x - Error returned by SetInfo function (Missing permission etc.)

If someone can Help me...

Edited by Jeannot

Share this post


Link to post
Share on other sites

I will have to check the _AD_Open problem.

Change

_AD_ModifyAttribute($s_Login, "description" & $s_Description)
to
_AD_ModifyAttribute($s_Login, "description", $s_Description)
and the error will be gone.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

_AD_Open: The format of parameter 3 is wrong. You need something like: "DC=microsoft,DC=com" not "microsoft.com"

Edit: In the version of the UDF I will check for $aAD_LastError[2] being empty.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Oups, with the good syntaxe("DC=microsoft,DC=com"), it's better ;)

Thanks for correct my syntax error for _AD_ModifyAttribute(), I abuse of Copy/Paste for my log and my GUICtrlSetData (for status bar info)

And many thanks for your AD.au3 scripts :graduated:

Share this post


Link to post
Share on other sites

Glad to be of service :graduated:


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0