Jump to content
Sign in to follow this  
water

Active Directory UDF - Help & Support (II)

Recommended Posts

Well I didn't know about this ldap thing, and tbh i don't know much about ldap :D Thanks for enlighting me :)

Yeah I thought about this too but I liked the idea of having all organised datas in one array if I wanted to do something else later.

But yeah you're right, this is much easier so i'll stick to this right now and will have fun with arrays later :)

Only thing I'm missing is a way to get users descriptions as well (we use this as full name of people in my company).

Thanks again for your help, i really appreciate it.

Share this post


Link to post
Share on other sites

This script should get you started. It writes the group name, description plus the names plus description of all group members to the console. This is done for the first 5 groups. Uncomment the line if you want to see all.

#include <AD.au3>
_AD_Open()
$aGroups = _AD_GetObjectsInOU("", "(&(objectclass=group)(description=*))", 2, "sAMAccountName,description")
For $i = 1 To 5; $aGroups[0][0]
    ConsoleWrite("Group: " & $aGroups[$i][0] & ", Description: " & $aGroups[$i][1] & @LF)
    $aMembers = _AD_GetGroupMembers($aGroups[$i][0])
    For $j = 1 To $aMembers[0]
        $sDescription = _AD_GetObjectAttribute($aMembers[$j], "description")
        ConsoleWrite("  User: " & $aMembers[$j] & ", Description: " & $sDescription & @LF)
    Next

Next
_AD_CLose()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Water,

Is it possible to reset a computer account in AD with Autoit instead of deleting and rejoining?

I know you can do it in AD itself by right clicking the computer object and select reset.

(its the same as deleting it from AD and readding it)

Many thanks

Iceman682

Edited by Iceman682

Share this post


Link to post
Share on other sites

With "resetting" you mean to recreate the computer (set up the OS from scratch) with a new SID and assign it to the same computer account?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I searched the web a bit and found the following description:

"Resetting the computer account maintains the computer object as is but resets the computer account password.The domain and the computer actually share a password and resetting it makes the password in the domain different, just as if you were to reset a user password without telling the user. The computer must be rejoined to the domain for it to communicate successfully.

The computer can now rejoined to the domain and will use the same computer account object. This means the computer sid will be maintained and in the case of Active Directory utilizing Dynamic Dns this is important since the DNS record will be per-missioned with the computer account SID. Also, group memberships will be maintained and any per-missioning done using the computer object.

Deleting and rejoining creates a completely new object. New SID in default OU without any of the old group memberships or permissions."

So I think calling _AD_SetPassword and passing the SamAccountName of the computer (including the trailing dollar sign) should do what you want.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Glad to be of service :D


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi Water

I wound not have thought to do it that way, so yes that should work.

I'll let you know the results

Many thanks as always :D

Iceman682

Share this post


Link to post
Share on other sites

I'm very interested in the result of your tests. Another new feature for the AD UDF :)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi Water

As promised, yes _AD_SetPassword work to rest a Computer Object.

You should give it the default Password as it would if you used the reset option in AD i.e Computer Name, appending the $ i.e MyComputer$

Many thanks for the guidance. :thumbsup:

Share this post


Link to post
Share on other sites

Thanks for the feedback. I'm going to update the documentation accordingly.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Any additional information on what I should try?

I am able to move a computer object just not create one or join the domain to one I created manually with the AD tools from MS?

Now I'm back from vacation and hope to work on your problem again.

Just to be sure: Does the problem still exist?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I have two questions about _AD_GetLastLoginDate(). This function takes too long. Could you please tell me what should I add to make it takes less time? _AD_ListDomainControllers() returns array with 257 elements but I want to use only this one:

EURSMZ-HUB21|CN=EURSMZ-HUB21,OU=Domain Controllers,DC=eur,DC=XXX,DC=com|EURSMZ-HUB21.eur.XXX.com|Site-SMZ|CN=Site-SMZ,CN=Sites,CN=Configuration,DC=XXX,DC=com

And the second question. _AD_GetLastLoginDate() works fine when I ask user_login but when I ask computer_name It always returns “0”. How can I get the last_login of a computer on an active directory?

Edited by minimen456

Share this post


Link to post
Share on other sites

Pass "Site-SMZ" as parameter 2. This will limit the list of DCs to query to those who "handle" this site.

The problem is caused by the way a correct last login date is retrieved. This property isn't synchronized between DCs so the script has to query every DC and then takes the latest date. If one/more DCs is/are not operational then the script waits till the timout has expired and then queries the next DC.

Parameter 2 defines the site the user can log on to and hence the script only queries the relevant DCs.

To query the last logindate of a computer you have to pass the SamAccountName or the FQDN. The SamAccountName is always @ComputerName &amp; "$"

; Get last login date for the current computer
$iLLDate = _AD_GetLastLoginDate(@ComputerName &amp; "$")
MsgBox(64, "Active Directory Functions - Example 2", "Last Login Date for Computer '" &amp; @ComputerName &amp; "$'" &amp; @CRLF &amp; $iLLDate)
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I think I've found a bug. If you:

#include <IE.au3>
#include <AD.au3>

then _IECreate() stops working properly and starts returning warning:

--> IE.au3 V2.4-0 Warning from function internal function __IEIsObjType, Cannot register internal error handler, cannot trap COM errors (Use _IEErrorHandlerRegister() to register a user error handler)
--> IE.au3 V2.4-0 Warning from function internal function __IEIsObjType, Cannot register internal error handler, cannot trap COM errors (Use _IEErrorHandlerRegister() to register a user error handler)
COM Error Encountered in IE_AD_Test.au3
AD UDF version = 1.3.0
@AutoItVersion = 3.3.8.1
@AutoItX64 = 0
@Compiled = 0
@OSArch = X86
@OSVersion = WIN_XP
Scriptline = 3690
NumberHex = 80020009
Number = -2147352567
WinDescription = Unspecified error
Description =
Source =
HelpFile =
HelpContext = 0
LastDllError = 0
========================================================
--> IE.au3 V2.4-0 Warning from function _IELoadWait, Cannot register internal error handler, cannot trap COM errors (Use _IEErrorHandlerRegister() to register a user error handler)
Edited by minimen456

Share this post


Link to post
Share on other sites

MsgBox(64, "Active Directory Error", "Return code '" & @error & "' from Active Directory")
Hi Water

Here is one of the return codes:

i.e Return Code -2147352567 from Active Directory

I get this when moving a computer to another OU or changing its attributes.

As I am logged on as a user with less permissions, I can only guess it means I don't have permissions to move it or change it.

Where can I get a list of the return codes so I know what they all mean?

Edited by Iceman682

Share this post


Link to post
Share on other sites

@minimen456

This is because every UDF tries to register it's own error handler. But there can be only one error handler at a time. AD registers the COM error handler when _AD_Open is called.

If possible run _AD_Open, do all the AD related stuff, then use _AD_Close. Now you shouldn't see any further error messages by the IE UDF.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Yes, I understand that, but when a user gets an error like the one I mentioned, or a different one, I need to know why the user is getting the error code so I can point them in the right direction.

These codes must mean something otherwise whats the point in having them.

Edited by Iceman682

Share this post


Link to post
Share on other sites

@Iceman682

MsgBox(64, "Active Directory Error", "Return code '" &amp; @error &amp; "' from Active Directory")
Hi Water

Here is one of the return codes:

i.e Return Code -2147352567 from Active Directory

I get this when moving a computer to another OU or changing its attributes.

As I am logged on as a user with less permissions, I can only guess it means I don't have permissions to move it or change it.

Where can I get a list of the return codes so I know what they all mean?

This is a general error. -2147352567 (decimal) is 80020009 (hex).

Exception occurred. (Exception from HRESULT: 0x80020009 (DISP_E_EXCEPTION)) is a very generic exception message.

Listing of HRESULT values.

You get more information about the COM error by setting _AD_ErrorNotify to 2 or 3 before using _AD_Open.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Iceman682,

For clarity I prefixed my last messages with the userid I'm referring to.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2019-10-24 - Version 1.4.14.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2019-11-30 - Version 1.4.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (NEW 2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...