Jump to content
Sign in to follow this  
water

Active Directory UDF - Help & Support (II)

Recommended Posts

I just noticed that the help file is wrong. If you specify parameter $sAD_UserParam then it has to be as SamAccountName.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

This is a continuation of my issue here

I tried it with a pc that I joined to the domain and received the same error message.

also to note I figured I would just try and join a pc to the domain to a computer object I created manually using the AD management tools from MS.

When I did this using my same AD_Open statement I got extended error 2202, which according to MS website is bad username. I tried to add my user directly to the joindomain command and then I get error 2 instead. If I run getallous it works fine so I know my userid is correct and it is a domain admin so has rights.

Any additional information on what I should try?

I am able to move a computer object just not create one or join the domain to one I created manually with the AD tools from MS?

Share this post


Link to post
Share on other sites

I will work on this problem as soon as I return from vacation (14.1.)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Water,

Thanks for this UDF and your hard wark. It's really a life saver.

I'm trying to do a search for user objects in the entire domain and not just the OU the current user is in. What is the easiest way to do this? I've been using these functions for years but can't get that to work. I saw your example in the help file for ad.au3 but it uses ANR. How can I just search for all user objects?

This doesn't seem to work

$aObjects = _AD_GetObjectsInOU("", "(&(objectCategory="person")(objectClass="user")(cn=*))", 2, "sAMAccountName,distinguishedName,displayname")

EndFuncAutoIt is the shiznit. I love it.

Share this post


Link to post
Share on other sites

wil answer next week - i am on vacation right now


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Water,

Thanks for this UDF and your hard wark. It's really a life saver.

I'm trying to do a search for user objects in the entire domain and not just the OU the current user is in. What is the easiest way to do this? I've been using these functions for years but can't get that to work. I saw your example in the help file for ad.au3 but it uses ANR. How can I just search for all user objects?

This doesn't seem to work

$aObjects = _AD_GetObjectsInOU("", "(&(objectCategory="person")(objectClass="user")(cn=*))", 2, "sAMAccountName,distinguishedName,displayname")

Your example should search all OUs (because parameter 1 is empty).

What is the value of $aObjects? Is it an array?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Which version of the UDF do you use (can be found in the first few lines of the UDF code)?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I think is have been using a very old copy. I think I got it working with an updated copy. I started using this when it was still called ad_functions.au3 I believe.

Anyway, Now I'm trying to be able to query partial names either display name or account name and it's not working correctly.

;example
$username = to
$catObject = person
$aObjects = _AD_GetObjectsInOU("", "(&(objectCategory="& $catObject &")(objectClass=user)(|(cn=*" & $Username &"*)(sAMAccountName=*" & $Username & "*)(displayName=*" & $UserDisplay & "*)))", 2, "sAMAccountName,distingusshedName,displayName")

That should find any username or display name that matches $username. That's not working. Can you help me with it? Maybe my query is not right.

Edited by EndFunc

EndFuncAutoIt is the shiznit. I love it.

Share this post


Link to post
Share on other sites

What does "not working" mean? What is the return value of the function (is it an array)? What's the value of @error?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Sorry should be more descriptive. @error is being set at 2. According to the function error 2 is - No records returned from Active Directory. $sAD_DataToRetrieve is invalid (attribute may not exist)

I tried givenName also in place of displayName in case that attribute is not available and it error'd also.

Edit:

it does work if you put the whole sAMAccountName for the search but not partial. It used to. Don't not why it doesn't now.

Edit 2:

It seems like it doesn't like distinguishedName. Took that out of the data to retrieve parameter and below works perfectly now. Thanks for the help on this.

$aObjects = _AD_GetObjectsInOU("", "(&(objectCategory="& $catObject &")(objectClass=user)(|(cn=*" & $Username &"*)(sAMAccountName=*" & $Username & "*)(displayName=*" & $UserDisplay & "*)))", 2, "sAMAccountName,displayName")

Side note, the forum board is really glitch with formatting. :ermm:

Edited by EndFunc

EndFuncAutoIt is the shiznit. I love it.

Share this post


Link to post
Share on other sites

You could give ANR (Ambigous Name Resolution) a try.

ANR searches attributes givenName (first name), sn (surname, or last name), displayName (the name that is given to the object when it is created), RDN (the relative distinguished name of the object), legacyExchangeDN (for enterprises that have upgraded a Microsoft Exchange installation to a later version of Exchange that is synchronized with Active Directory, the distinguished name of the old Exchange mailbox that corresponds to the user in Active Directory), physicalDeliveryOfficeName (for example, Building A, Suite 1234), proxyAddresses (the collection of e-mail addresses over all e-mail address spaces that the Exchange server knows about)

$aObjects = _AD_GetObjectsInOU("", "(ANR=" & $sSearch & ")", 2, "sAMAccountName,distinguishedName,displayname", "displayname")


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

You could give ANR (Ambigous Name Resolution) a try.

ANR searches attributes givenName (first name), sn (surname, or last name), displayName (the name that is given to the object when it is created), RDN (the relative distinguished name of the object), legacyExchangeDN (for enterprises that have upgraded a Microsoft Exchange installation to a later version of Exchange that is synchronized with Active Directory, the distinguished name of the old Exchange mailbox that corresponds to the user in Active Directory), physicalDeliveryOfficeName (for example, Building A, Suite 1234), proxyAddresses (the collection of e-mail addresses over all e-mail address spaces that the Exchange server knows about)

$aObjects = _AD_GetObjectsInOU("", "(ANR=" & $sSearch & ")", 2, "sAMAccountName,distinguishedName,displayname", "displayname")

Cool, I'll look at that. Thanks for the tip.


EndFuncAutoIt is the shiznit. I love it.

Share this post


Link to post
Share on other sites

Hey,

I'm trying to get a 4 dimensionnal array containing:

- in the first dimension, the name of the different groups of my AD

- in the second, the description of the groups that are in the first dimension,

- in the third, the users that are in the groups of the first dimension

- in the fourth, the description of the users of the third dimension.

In other words, i'd like to have $array[groupname][groupdescription][username][userdescription] for every group and every user of my AD.

I'm looking at the examples that I found to try to understand how to do that but I'm having a hard time, if anyone could give me a hint it would be much appreciated :)

TIA

Edited by Neutro

Share this post


Link to post
Share on other sites

Did you have a look at the example scripts example ADAudit?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Function _AD_IsMemberOf only checks if the specified user is an immediate member of the specified group.

At the moment if user X is member of group B which is a member of group A _AD_IsMemberOf("A", "X") returns false.

Do you want a function that recursively checks for membership of the user?

If needed I'm going to implement the function.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Did you have a look at the example scripts example ADAudit?

yes, i managed to gather all the groups of my AD and their description in a 2 dimensional array using:

$groupsarray = _AD_GetObjectsInOU("", "(&(objectclass=group)(description=*))", 2, "sAMAccountName,description")

Then if I use:

$usersarray=_AD_GetGroupMembers($groupsarray[1][0])

I get the users of the first group of my AD in another array.

But I'm having two problems at this point:

1°) I don't understand how can I put the array $userarray into the first array $groupsarray as a new dimension

2°) I don't understand how can I get the description related to the usernames that are inside $userarray

I'll keep digging ^^

Share this post


Link to post
Share on other sites

Some questions:

  • Why do you need a 4 dimensional array? How do you want to process the array when populated with the group/user data?
  • How will you cope with nested groups? Let's say group A has a few users and some groups as members. How would you resolve the grousp in groups?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

What i want to achieve is getting this in an excel document for every group in our AD:

http://img187.imagevenue.com/img.php?image=350326768_example1_122_362lo.jpg

for example, filled with fake values:

http://img296.imagevenue.com/img.php?image=350328958_example2_122_201lo.jpg

So to answer your questions,

Why do you need a 4 dimensional array? How do you want to process the array when populated with the group/user data?

I thought that a 4D array was the easiest way to acces informations, using 1st dimension as group names, 2nd dimension as group description, 3rd as user names and 4th as user names descriptions.

Then create one column for every group name in the first dimension, fill it with user names of 3rd dimension, and a second column with the group description in second dimension filled with user names descriptions in 4th dimension.

But maybe you have a better idea? :D

How will you cope with nested groups? Let's say group A has a few users and some groups as members. How would you resolve the grousp in groups?

There should be no groups in groups in my company. But if that happens, I was expecting that

_AD_GetObjectsInOU("", "(&(objectclass=group)(description=*))", 2, "sAMAccountName,description")

would include even the groups in groups, so even if group A includes group J for example, they would be both listed in the array, and so I would have a column for each of them.

Column for group A would be filled with : user1,user2,...., group J name, other users...

and then column for group J would be filled with : user1, user2, ...

Edited by Neutro

Share this post


Link to post
Share on other sites

I see.

You now have an array containing all groups and their description (you know that the LDAP query doesn't return groups without a description?)

Loop through this array and get the members of this group. Then write the group + member data to Excel. Do this for each element in the array.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...