Sign in to follow this  
Followers 0
MidwayMonster

AD Computer Object search

16 posts in this topic

#1 ·  Posted (edited)

A portion of a script I am writing needs to check which OU the computer object is in prior to proceeding. Originally I used DSQUERY with a loop reading the Stdout data (example shown below). But on occassion it will not find the object which i know is there and have tested a manual dsquery query and it worked fine.

I believe i should probably be using the AD.au3 functions but not sure which one to use. What I am trying to accomplish is to get the OU structure the computer object resides in. I then compare it to strings to determine next steps.

Here is the dssquery portion of this script to show what I was using before.

;##### Checks OU #####

$OU_Check = Run(@ComSpec & " /c " & "c:FOLDERdsquery computer -name " & @ComputerName & " -d DOMAIN", @SystemDir, @SW_HIDE, 8)

$loop = "0"

While 1

$loop = Execute($loop + "1")

$OU_Line = StdoutRead($OU_Check)

If StringInStr($OU_Line, @ComputerName) > 0 Then

_Logging("OU Check - OU Found")

ExitLoop

ElseIf $loop = "1000000" Then

_Logging("OU Check - Computer object not found.")

$OU_Line = ""

ExitLoop

EndIf

Wend

Edited by MidwayMonster

Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites



You could use my AD UDF and the following functions:

_AD_Open()
$Result = _AD_GetObjectAttribute(@Computername & "$", "distinguishedname")
_AD_Close()
Be aware that the samaccountname of a computer object has a dollar sign at the end.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Thanks that appears to work really well. I will need to test it some more before using in production but so far so good...

I would like to have it move the object to a new OU in the event that it is in the default computers container. Searching the AD.au3 it appears i should use _AD_MoveObject to do this.

Can / Should i use the same _AD_Open connection and just close it after the script is complete or just open query close and open move close if necessary.

It appears the context of the command would be

_AD_MoveObject("OU=Managed_Computers,DC=SUB,DC=DOMAIN,DC=com", @Computername & "$")

it would then move it using the credentials used in the _AD_Open command.


Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites

i would also get into the habit of casting your numbers as integers and not strings

Share this post


Link to post
Share on other sites

Thanks for pointing that out. I know the base difference is that with it being a integer it treats it as a number vs text. are there other differences, benefits etc?


Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites

Can / Should i use the same _AD_Open connection and just close it after the script is complete or just open query close and open move close if necessary.

Do an _AD_Open at the top of your script, do all the AD processing and then call _AD_Close. This improves performance.

It appears the context of the command would be

_AD_MoveObject("OU=Managed_Computers,DC=SUB,DC=DOMAIN,DC=com", @Computername & "$")

it would then move it using the credentials used in the _AD_Open command.

Correct.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I have been playing with the _AD_MoveObject and i am getting @error = 0 which i dont see a explanation in the ad.au3 file. Can you let me know what this error code means?

Here are the _AD_Open and _AD_MoveObject lines

$AD_Con = _AD_Open($AD_UID, $AD_PWD, "DC=SUB,DC=DOMAIN,DC=com", "DC1.SUB.DOMAIN.com:3268", "CN=Configuration,DC=SUB,DC=DOMAIN,DC=com")



$AD_Move = _AD_MoveObject($OU_New, @ComputerName & "$")

Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites

@error = 0 means: No errors occurred.

Does the move operation work for you?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

So as i was cleaning up my code to copy it up here... i realized i was logging the wrong variable for the error code and @error. The real error for the move is: -2147352567. According to what i read that falls under the MoveHere function error codes.


Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites

I tested credentials by making the move using dsquery | dsmove from the test system.

UDF Version 1.2.0

AutoIT 3.3.6.1


Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites

Keep in mind this is only the move portion. Also _Logging is my function that is specified earlier. The _AD_Open function connects to a GC properly with no issues.

$AD_Con = _AD_Open($AD_UID, $AD_PWD, "DC=SUB,DC=DOMAIN,DC=com", "DC1.SUB.DOMAIN.com:3268", "CN=Configuration,DC=SUB,DC=DOMAIN,DC=com")
; _AD_Open happens much earlier just putting here so you can see it.

$AD_Move = _AD_MoveObject($OU_New, @ComputerName & "$")
$AD_Move_Error = @error

If $AD_Move = 0 Then ; Error during move
     If $AD_Move_Error = 1 Then
          $AD_Move_Error_Detail = "$sAD_OU does not exist"
     ElseIf $AD_Move_Error = 2 Then
          $AD_Move_Error_Detail = "$sAD_Object does not exist"
     ElseIf $AD_Move_Error = 3 Then
          $AD_Move_Error_Detail = "Object already exists in the target OU"
     Else
          $AD_Move_Error_Detail = "Error returned by MoveHere function (Missing permission etc.)"
     EndIf

     _Logging("AD Move - ERROR!! Move Failed")
     _Logging("AD Move - Error Code: " & $AD_Move_Error)
     _Logging("AD Move - Error Details: " & $AD_Move_Error_Detail)
 
Else
     _Logging("AD Move - Move command Successfully")
     _Logging(" ")

     RegWrite($regkey_run, "POS Encryption", "REG_SZ", "C:Encrypt-IT.exe")

     _Logging("Script - Registry key for Run Once has been set")
     _Logging("Script - Rebooting system to apply computer move.")
     _Logging(" ")
 
     Run(@ComSpec & " /c " & "Shutdown -r -t 3")
EndIf

Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites

So as i was cleaning up my code to copy it up here... i realized i was logging the wrong variable for the error code and @error. The real error for the move is: -2147352567. According to what i read that falls under the MoveHere function error codes.

Does anyone know what the @error code -2147352567 for _AD_MoveObject means? I have done alot of searching on google and have not found anything as of yet.


Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites

Connecting to a GC means that only read operations are allowed. Can you connect to a DC and try the script again?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Going to try now.


Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites

I removed the GC port on the _AD_open and that seemed to do the trick!!!

Thanks Water! It now checks the Ou membership if it doesnt match the default container it continues if it does it moves it accordingly and reboots.

Thanks again


Keith Hugginswww.LivingViLife.com | [email="Keith.Visalus@gmail.com"]Keith.Visalus@gmail.com[/email]Want to automate your weightloss and fitness? I lost 20 pounds and 5 inches across my belly in 8 weeks without exercise!Check out my website or shoot me a email for more information

Share this post


Link to post
Share on other sites
:D

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0