Jump to content
Sign in to follow this  

Recommended Posts

Hey all, back with some more AD questions. Is it possible to return machine info (computer name) given a username? Id like to know what computer a specific user is logged in to (and maybe a little history of when they last logged in to which computer), and Im thinking my best odds are using the AD UDF? Thanks for any help!!

Share this post


Link to post
Share on other sites

You can't get this information using the AD UDF because it isn't stored in the AD.

This subject has been discussed some time ago on this forum and your best bet is to use a login script and store this information on a file share you can access later.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-06-30 - Version 1.6.2.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (NEW 2020-06-27 - Version 1.3.2.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post


Link to post
Share on other sites

Good place to start might be this


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-06-30 - Version 1.6.2.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (NEW 2020-06-27 - Version 1.3.2.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post


Link to post
Share on other sites

As Water stated, this is not something that can be done through the UDF. You would need to do this at a higher level, such as A.D. event logging or creating a login script that records this information, or use an asset management suite such as Altiris or SCCM.


"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites

What version of Altiris? There should be a canned report for Altiris that shows you the primary user for a machine; you should be able to script either pulling the report or simply querying the database directly.


"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites

When you say all servers a user has logged into, are you talking any member server, or do you mean any Domain Controller the user has authenticated against? If it is the latter, you're back to A.D. logging or some other method of keeping track of this, none of it is automagical.


"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites

I do mean Domain Controller. I believe I have heard of a tool in the past (possibly a Windows tool?) that retreives a list of Domain Controllers a user has logged in to recently. So this wouldnt be something easily doable using the AD UDF?

Share this post


Link to post
Share on other sites

An intermediate result of function _AD_GetLastLoginDate is a list of Domain Controllers and the date/time of the last login. Is this what you are looking for?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-06-30 - Version 1.6.2.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (NEW 2020-06-27 - Version 1.3.2.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post


Link to post
Share on other sites

It sounds like it is what Im looking for. When I try to run it I receive "... ==> Variable must be of type "Object".:" It looks to be failing here:

$__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(" & $sAD_Property & "=" & $sAD_Object & ");ADsPath;subtree"

Ideas? Thanks a lot for your help by the way!!

Share this post


Link to post
Share on other sites

Can you please post the whole script you run?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-06-30 - Version 1.6.2.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (NEW 2020-06-27 - Version 1.3.2.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post


Link to post
Share on other sites

Please have a look at the example script which comes for every function: _AD_GetLastLoginDate.au3

_AD_Open() is missing at the top of the script.

Try to run this code:

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y

; *****************************************************************************
; Example 1
; Get last login date for current user. Returned as YYYYMMDDHHMMSS
; *****************************************************************************
#include <AD.au3>

; Open Connection to the Active Directory
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

; Get last login date for the current user
Global $iLLDate = _AD_GetLastLoginDate()
MsgBox(64, "Active Directory Functions - Example 1", "Last Login Date for User '" & @UserName & "'" & @CRLF & $iLLDate)

; Close Connection to the Active Directory
_AD_Close()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-06-30 - Version 1.6.2.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (NEW 2020-06-27 - Version 1.3.2.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post


Link to post
Share on other sites

The processing time depends on the number of Domain Controllers to query. If some of them are down it will even take longer.

You could pass the sitename as parameter 2 to reduce processing time.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-10-10 - Version 1.5.2.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-06-30 - Version 1.6.2.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (NEW 2020-06-27 - Version 1.3.2.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post


Link to post
Share on other sites

Hmm, so after it took around 5 minutes, the messagebox displayed just a date (correctly) but the logs arent much help as the description was a failure. Here is one of them:

COM Error Encountered in script.au3

AD UDF version = 1.3.0

@AutoItVersion = 3.3.8.1

@AutoItX64 = 0

@Compiled = 0

@OSArch = X86

@OSVersion = WIN_7

Scriptline = 1591

NumberHex = 002000

Number = -21473526

WinDescription =

Description = The server is not operational.

Source = Active Directory

HelpFile =

HelpContext = 0

LastDllError = 0

===================

Any idea what might cause this?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By water
      Extensive library to control and manipulate Microsoft Active Directory.

      Threads: Development - General Help & Support - Example Scripts - Wiki
      Previous downloads: 30467
       
      Known Bugs: (last changed: 2020-10-05)
      None Things to come: (last changed: 2020-07-21)
      None
      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
    • By AdamUL
      Below are some functions that I created when I needed to get some Group Policy information via script.  The quickest way I found to get this information was using the Group Policy Module for PowerShell.  This is not a full UDF for the Group Policy Module.  There are a lot more options available with the cmdlets, and this only touches on a few.  To use the functions below, for a Windows client, you will need to install Remote Server Administration Tools (RSAT).  For Windows Server 2012 or later, you will need to install the Group Policy Management Console.  
      Remote Server Administration Tools (RSAT)
      Installing the Group Policy Management Console via PowerShell for Windows Server 2012 or later.  Run in an Admin PowerShell prompt.
      Install-WindowsFeature –Name GPMC PowerShell Group Policy Module Documentation
      For the example below, the AD UDF is only required to query GPO names, but is not required to use the functions.  
      #include <AD.au3> #include <WinAPIFiles.au3> Global $sLDAPFilter = "(name=*)" Global $sExcludeFilter = "" Global $sIncludeFilter = "" Global $sBaseDN = "DC=ad,DC=university,DC=edu" Global $sDataToRetrieve = "sAMAccountName" $sIncludeFilter = "(&(displayName=LIBS-*))" ;GPO Names. $sLDAPFilter = "(&(objectClass=groupPolicyContainer)" & $sExcludeFilter & $sIncludeFilter & ")" $sDataToRetrieve = "displayName,name" _AD_Open() Global $aGPONames = _AD_GetObjectsInOU($sBaseDN, $sLDAPFilter, 2, $sDataToRetrieve) If @error Then MsgBox(64, "Active Directory Functions", "No objects found") Exit _AD_Close() EndIf _AD_Close() ;Add column headers to the output array. Global $aDataToRetrieve = StringSplit($sDataToRetrieve, ",", 2) For $i = 0 To UBound($aGPONames, 2) - 1 Step 1 $aGPONames[0][$i] = $aDataToRetrieve[$i] Next _ArraySort($aGPONames) _ArrayDisplay($aGPONames, "LIBS GPOs") ;For Testing. Global $aGPOPermissions = _AD_GetGPOPermissionsPS($aGPONames[1][0]) If @error Then Exit 1 _ArrayDisplay($aGPOPermissions, $aGPONames[1][0]) Global $sOU = "OU=libs,OU=active,DC=ad,DC=university,DC=edu" Global $aGPOLinks = _AD_GetGPOLinksPS($sOU) If @error Then Exit 2 _ArrayDisplay($aGPOLinks, $sOU) Global $aGPOInheritedLinks = _AD_GetGPOInheritedLinksPS($sOU) If @error Then Exit 2 _ArrayDisplay($aGPOInheritedLinks, $sOU) Global $aGPOs = _AD_GetAllGPOsPS() If @error Then Exit 3 _ArraySort($aGPOs) _ArrayDisplay($aGPOs, "GPOs") Global $aGPOName = _AD_GetGPOByNamePS($aGPONames[1][0]) If @error Then Exit 4 _ArrayDisplay($aGPOName, $aGPONames[1][0]) Global $aGPOGuid = _AD_GetGPOByGuidPS($aGPONames[1][1]) If @error Then Exit 5 _ArrayDisplay($aGPOGuid, $aGPONames[1][1]) Global $sReportName = "C:\Users\adamul\Desktop\Group Policy Object (GPO) PowerShell\Reports\" & $aGPONames[1][0] & ".html" _AD_GetGPOReportByNamePS($aGPONames[1][0], $sReportName) If @error Then Exit 6 Global $sReportGUID = "C:\Users\adamul\Desktop\Group Policy Object (GPO) PowerShell\Reports\" & $aGPONames[1][1] & ".html" _AD_GetGPOReportByGuidPS($aGPONames[1][1], $sReportGUID) If @error Then Exit 6 Func _AD_GetGPOPermissionsPS($sGPOName) ;An array of permission level for one or more security principals on a specified GPO. Local $sGPOCmd = 'powershell "Import-Module GroupPolicy; Get-GPPermissions -Name ''' & $sGPOName & ''' -All"' ConsoleWrite($sGPOCmd & @CRLF) ;Turn off redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(False) Local $iPIDGPOCmd = Run($sGPOCmd, @SystemDir, @SW_HIDE, $STDERR_MERGED) ProcessWaitClose($iPIDGPOCmd) ;Turn on redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(True) Local $sGPOCmdOutput = StringStripWS(StdoutRead($iPIDGPOCmd), 3) ;~ ConsoleWrite($sGPOCmdOutput & @CRLF & @CRLF) ;For testing. Local $iGPOCmdOutputSS = StringInStr($sGPOCmdOutput, @CRLF & @CRLF) If $iGPOCmdOutputSS = 0 Then Return SetError(1, 0, 0) Local $sGPOCmdOutputSS = StringMid($sGPOCmdOutput, 1, $iGPOCmdOutputSS) ;~ ConsoleWrite(@CRLF & @CRLF & $sGPOCmdOutputSS & @CRLF) Local $sRegEx = "([^:\r\n]*):.*" Local $aProperties = StringRegExp($sGPOCmdOutputSS, $sRegEx, 3) ;~ _ArrayDisplay($aProperties) ;For testing. If StringInStr($sGPOCmdOutput, "ArgumentException") Then Return SetError(2, 0, 0) ;Get data on multiple lines to a single line. $sGPOCmdOutput = StringRegExpReplace($sGPOCmdOutput, "(\r\n\h{2,})", "") Local $aGPOCmdOutput = StringSplit($sGPOCmdOutput, @CRLF & @CRLF, 1) ;~ _ArrayDisplay($aGPOCmdOutput) ;For testing. ;Convert from a list output to a 2D array. Local $aGPOCmdOutput2D[$aGPOCmdOutput[0]][UBound($aProperties)] Local $aTemp For $i = 1 To $aGPOCmdOutput[0] Step 1 $aTemp = StringSplit($aGPOCmdOutput[$i], @CRLF, 1) For $j = 1 To $aTemp[0] Step 1 For $k = 0 To UBound($aProperties) - 1 Step 1 If StringInStr($aTemp[$j], $aProperties[$k]) Then $aGPOCmdOutput2D[$i - 1][$k] = StringStripWS(StringReplace($aTemp[$j], $aProperties[$k] & ":", ""), 3) EndIf Next Next Next ;~ _ArrayDisplay($aGPOCmdOutput2D) ;For testing. For $i = 0 To UBound($aProperties) - 1 Step 1 $aProperties[$i] = StringStripWS($aProperties[$i], 3) Next _ArrayTranspose($aProperties) _ArrayConcatenate($aProperties, $aGPOCmdOutput2D) Return $aProperties EndFunc ;==>_AD_GetGPOPermissionsPS Func _AD_GetGPOLinksPS($sOUName) ;An array of GPOs that are linked directly to the location. Local $sGPOCmd = 'powershell "Import-Module GroupPolicy; (Get-GPInheritance -Target ''' & $sOUName & "').GpoLinks" ConsoleWrite($sGPOCmd & @CRLF) ;Turn off redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(False) Local $iPIDGPOCmd = Run($sGPOCmd, @SystemDir, @SW_HIDE, $STDERR_MERGED) ProcessWaitClose($iPIDGPOCmd) ;Turn on redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(True) Local $sGPOCmdOutput = StringStripWS(StdoutRead($iPIDGPOCmd), 3) ;~ ConsoleWrite($sGPOCmdOutput & @CRLF & @CRLF) ;For testing. Local $iGPOCmdOutputSS = StringInStr($sGPOCmdOutput, @CRLF & @CRLF) If $iGPOCmdOutputSS = 0 Then Return SetError(1, 0, 0) Local $sGPOCmdOutputSS = StringMid($sGPOCmdOutput, 1, $iGPOCmdOutputSS) ;~ ConsoleWrite(@CRLF & @CRLF & $sGPOCmdOutputSS & @CRLF) ;For testing. Local $sRegEx = "([^:\r\n]*):.*" Local $aProperties = StringRegExp($sGPOCmdOutputSS, $sRegEx, 3) ;~ _ArrayDisplay($aProperties) ;For testing. If StringInStr($sGPOCmdOutput, "ArgumentException") Then Return SetError(1, 0, 0) ;Get data on multiple lines to a single line. $sGPOCmdOutput = StringRegExpReplace($sGPOCmdOutput, "(\r\n\h{2,})", "") Local $aGPOCmdOutput = StringSplit($sGPOCmdOutput, @CRLF & @CRLF, 1) ;~ _ArrayDisplay($aGPOCmdOutput) ;For testing. ;Convert from a list output to a 2D array. Local $aGPOCmdOutput2D[$aGPOCmdOutput[0]][UBound($aProperties)] Local $aTemp For $i = 1 To $aGPOCmdOutput[0] Step 1 $aTemp = StringSplit($aGPOCmdOutput[$i], @CRLF, 1) For $j = 1 To $aTemp[0] Step 1 For $k = 0 To UBound($aProperties) - 1 Step 1 If StringInStr($aTemp[$j], $aProperties[$k]) Then $aGPOCmdOutput2D[$i - 1][$k] = StringStripWS(StringReplace($aTemp[$j], $aProperties[$k] & ":", ""), 3) EndIf Next Next Next ;~ _ArrayDisplay($aGPOCmdOutput2D) ;For testing. For $i = 0 To UBound($aProperties) - 1 Step 1 $aProperties[$i] = StringStripWS($aProperties[$i], 3) Next _ArrayTranspose($aProperties) _ArrayConcatenate($aProperties, $aGPOCmdOutput2D) Return $aProperties EndFunc ;==>_AD_GetGPOLinksPS Func _AD_GetGPOInheritedLinksPS($sOUName) ;An array of GPOs that are applied to the location when Group Policy is processed on a client. Local $sGPOCmd = 'powershell "Import-Module GroupPolicy; (Get-GPInheritance -Target ''' & $sOUName & "').InheritedGpoLinks" ConsoleWrite($sGPOCmd & @CRLF) ;Turn off redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(False) Local $iPIDGPOCmd = Run($sGPOCmd, @SystemDir, @SW_HIDE, $STDERR_MERGED) ProcessWaitClose($iPIDGPOCmd) ;Turn on redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(True) Local $sGPOCmdOutput = StringStripWS(StdoutRead($iPIDGPOCmd), 3) ;~ ConsoleWrite($sGPOCmdOutput & @CRLF & @CRLF) ;For testing. Local $iGPOCmdOutputSS = StringInStr($sGPOCmdOutput, @CRLF & @CRLF) If $iGPOCmdOutputSS = 0 Then Return SetError(1, 0, 0) Local $sGPOCmdOutputSS = StringMid($sGPOCmdOutput, 1, $iGPOCmdOutputSS) ;~ ConsoleWrite(@CRLF & @CRLF & $sGPOCmdOutputSS & @CRLF) ;For testing. Local $sRegEx = "([^:\r\n]*):.*" Local $aProperties = StringRegExp($sGPOCmdOutputSS, $sRegEx, 3) ;~ _ArrayDisplay($aProperties) ;For testing. If StringInStr($sGPOCmdOutput, "ArgumentException") Then Return SetError(1, 0, 0) ;Get data on multiple lines to a single line. $sGPOCmdOutput = StringRegExpReplace($sGPOCmdOutput, "(\r\n\h{2,})", "") Local $aGPOCmdOutput = StringSplit($sGPOCmdOutput, @CRLF & @CRLF, 1) ;~ _ArrayDisplay($aGPOCmdOutput) ;For testing. ;Convert from a list output to a 2D array. Local $aGPOCmdOutput2D[$aGPOCmdOutput[0]][UBound($aProperties)] Local $aTemp For $i = 1 To $aGPOCmdOutput[0] Step 1 $aTemp = StringSplit($aGPOCmdOutput[$i], @CRLF, 1) For $j = 1 To $aTemp[0] Step 1 For $k = 0 To UBound($aProperties) - 1 Step 1 If StringInStr($aTemp[$j], $aProperties[$k]) Then $aGPOCmdOutput2D[$i - 1][$k] = StringStripWS(StringReplace($aTemp[$j], $aProperties[$k] & ":", ""), 3) EndIf Next Next Next ;~ _ArrayDisplay($aGPOCmdOutput2D) ;For testing. For $i = 0 To UBound($aProperties) - 1 Step 1 $aProperties[$i] = StringStripWS($aProperties[$i], 3) Next _ArrayTranspose($aProperties) _ArrayConcatenate($aProperties, $aGPOCmdOutput2D) Return $aProperties EndFunc ;==>_AD_GetGPOInheritedLinksPS Func _AD_GetAllGPOsPS() ;An array of information on all the GPOs in a domain. Local $sGPOCmd = 'powershell "Import-Module GroupPolicy; Get-GPO -All"' ConsoleWrite($sGPOCmd & @CRLF) ;Turn off redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(False) Local $iPIDGPOCmd = Run($sGPOCmd, @SystemDir, @SW_HIDE, $STDERR_MERGED) ProcessWaitClose($iPIDGPOCmd) ;Turn on redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(True) Local $sGPOCmdOutput = StringStripWS(StdoutRead($iPIDGPOCmd), 3) ;~ ConsoleWrite($sGPOCmdOutput & @CRLF & @CRLF) ;For testing. Local $iGPOCmdOutputSS = StringInStr($sGPOCmdOutput, @CRLF & @CRLF) If $iGPOCmdOutputSS = 0 Then Return SetError(1, 0, 0) Local $sGPOCmdOutputSS = StringMid($sGPOCmdOutput, 1, $iGPOCmdOutputSS) ;~ ConsoleWrite(@CRLF & @CRLF & $sGPOCmdOutputSS & @CRLF) ;For testing. Local $sRegEx = "([^:\r\n]*):.*" Local $aProperties = StringRegExp($sGPOCmdOutputSS, $sRegEx, 3) ;~ _ArrayDisplay($aProperties) If StringInStr($sGPOCmdOutput, "ArgumentException") Then Return SetError(1, 0, 0) ;Get data on multiple lines to a single line. $sGPOCmdOutput = StringRegExpReplace($sGPOCmdOutput, "(\r\n\h{2,})", "") Local $aGPOCmdOutput = StringSplit($sGPOCmdOutput, @CRLF & @CRLF, 1) ;~ _ArrayDisplay($aGPOCmdOutput) ;For testing. ;Convert from a list output to a 2D array. Local $aGPOCmdOutput2D[$aGPOCmdOutput[0]][UBound($aProperties)] Local $aTemp For $i = 1 To $aGPOCmdOutput[0] Step 1 $aTemp = StringSplit($aGPOCmdOutput[$i], @CRLF, 1) For $j = 1 To $aTemp[0] Step 1 For $k = 0 To UBound($aProperties) - 1 Step 1 If StringInStr($aTemp[$j], $aProperties[$k]) Then $aGPOCmdOutput2D[$i - 1][$k] = StringStripWS(StringReplace($aTemp[$j], $aProperties[$k] & ":", ""), 3) EndIf Next Next Next ;~ _ArrayDisplay($aGPOCmdOutput2D) ;For testing. For $i = 0 To UBound($aProperties) - 1 Step 1 $aProperties[$i] = StringStripWS($aProperties[$i], 3) Next _ArrayTranspose($aProperties) _ArrayConcatenate($aProperties, $aGPOCmdOutput2D) Return $aProperties EndFunc ;==>_AD_GetAllGPOsPS Func _AD_GetGPOByNamePS($sGPOName) ;An array of information on one Group Policy Object (GPO) in a domain by Display Name. Local $sGPOCmd = 'powershell "Import-Module GroupPolicy; Get-GPO -Name ''' & $sGPOName & '''"' ConsoleWrite($sGPOCmd & @CRLF) ;Turn off redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(False) Local $iPIDGPOCmd = Run($sGPOCmd, @SystemDir, @SW_HIDE, $STDERR_MERGED) ProcessWaitClose($iPIDGPOCmd) ;Turn on redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(True) Local $sGPOCmdOutput = StringStripWS(StdoutRead($iPIDGPOCmd), 3) ;~ ConsoleWrite($sGPOCmdOutput & @CRLF & @CRLF) ;For testing. ;Add end of line characters for single return group to be processed. $sGPOCmdOutput = $sGPOCmdOutput & @CRLF & @CRLF Local $iGPOCmdOutputSS = StringInStr($sGPOCmdOutput, @CRLF & @CRLF) If $iGPOCmdOutputSS = 0 Then Return SetError(1, 0, 0) Local $sGPOCmdOutputSS = StringMid($sGPOCmdOutput, 1, $iGPOCmdOutputSS) ConsoleWrite(@CRLF & @CRLF & $sGPOCmdOutputSS & @CRLF) Local $sRegEx = "([^:\r\n]*):.*" Local $aProperties = StringRegExp($sGPOCmdOutputSS, $sRegEx, 3) ;~ _ArrayDisplay($aProperties) ;For testing. If StringInStr($sGPOCmdOutput, "ArgumentException") Then Return SetError(1, 0, 0) ;Get data on multiple lines to a single line. $sGPOCmdOutput = StringRegExpReplace($sGPOCmdOutput, "(\r\n\h{2,})", "") ;Remove last @CRLF to prevent blank row in return array. $sGPOCmdOutput = StringTrimRight($sGPOCmdOutput, 2) Local $aGPOCmdOutput = StringSplit($sGPOCmdOutput, @CRLF & @CRLF, 1) ;~ _ArrayDisplay($aGPOCmdOutput) ;For testing. ;Convert from a list output to a 2D array. Local $aGPOCmdOutput2D[$aGPOCmdOutput[0]][UBound($aProperties)] ;~ _ArrayDisplay($aGPOCmdOutput2D) ;For testing. Local $aTemp For $i = 1 To $aGPOCmdOutput[0] Step 1 $aTemp = StringSplit($aGPOCmdOutput[$i], @CRLF, 1) For $j = 1 To $aTemp[0] Step 1 For $k = 0 To UBound($aProperties) - 1 Step 1 If StringInStr($aTemp[$j], $aProperties[$k]) Then $aGPOCmdOutput2D[$i - 1][$k] = StringStripWS(StringReplace($aTemp[$j], $aProperties[$k] & ":", ""), 3) EndIf Next Next Next ;~ _ArrayDisplay($aGPOCmdOutput2D) ;For testing. For $i = 0 To UBound($aProperties) - 1 Step 1 $aProperties[$i] = StringStripWS($aProperties[$i], 3) Next _ArrayTranspose($aProperties) _ArrayConcatenate($aProperties, $aGPOCmdOutput2D) Return $aProperties EndFunc ;==>_AD_GetGPOByNamePS Func _AD_GetGPOByGuidPS($sGPOGuid) ;An array of information on one Group Policy Object (GPO) in a domain by GUID. Local $sGPOCmd = 'powershell "Import-Module GroupPolicy; Get-GPO -Guid ''' & $sGPOGuid & '''"' ConsoleWrite($sGPOCmd & @CRLF) ;Turn off redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(False) Local $iPIDGPOCmd = Run($sGPOCmd, @SystemDir, @SW_HIDE, $STDERR_MERGED) ProcessWaitClose($iPIDGPOCmd) ;Turn on redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(True) Local $sGPOCmdOutput = StringStripWS(StdoutRead($iPIDGPOCmd), 3) ;~ ConsoleWrite($sGPOCmdOutput & @CRLF & @CRLF) ;For testing. ;Add end of line characters for single return group to be processed. $sGPOCmdOutput = $sGPOCmdOutput & @CRLF & @CRLF Local $iGPOCmdOutputSS = StringInStr($sGPOCmdOutput, @CRLF & @CRLF) If $iGPOCmdOutputSS = 0 Then Return SetError(1, 0, 0) Local $sGPOCmdOutputSS = StringMid($sGPOCmdOutput, 1, $iGPOCmdOutputSS) ;~ ConsoleWrite(@CRLF & @CRLF & $sGPOCmdOutputSS & @CRLF) ;For testing. Local $sRegEx = "([^:\r\n]*):.*" Local $aProperties = StringRegExp($sGPOCmdOutputSS, $sRegEx, 3) ;~ _ArrayDisplay($aProperties) ;For testing. If StringInStr($sGPOCmdOutput, "ArgumentException") Then Return SetError(1, 0, 0) ;Get data on multiple lines to a single line. $sGPOCmdOutput = StringRegExpReplace($sGPOCmdOutput, "(\r\n\h{2,})", "") ;Remove last @CRLF to prevent blank row in return array. $sGPOCmdOutput = StringTrimRight($sGPOCmdOutput, 2) Local $aGPOCmdOutput = StringSplit($sGPOCmdOutput, @CRLF & @CRLF, 1) ;~ _ArrayDisplay($aGPOCmdOutput) ;For testing. ;Convert from a list output to a 2D array. Local $aGPOCmdOutput2D[$aGPOCmdOutput[0]][UBound($aProperties)] ;~ _ArrayDisplay($aGPOCmdOutput2D) Local $aTemp For $i = 1 To $aGPOCmdOutput[0] Step 1 $aTemp = StringSplit($aGPOCmdOutput[$i], @CRLF, 1) For $j = 1 To $aTemp[0] Step 1 For $k = 0 To UBound($aProperties) - 1 Step 1 If StringInStr($aTemp[$j], $aProperties[$k]) Then $aGPOCmdOutput2D[$i - 1][$k] = StringStripWS(StringReplace($aTemp[$j], $aProperties[$k] & ":", ""), 3) EndIf Next Next Next ;~ _ArrayDisplay($aGPOCmdOutput2D) ;For testing. For $i = 0 To UBound($aProperties) - 1 Step 1 $aProperties[$i] = StringStripWS($aProperties[$i], 3) Next _ArrayTranspose($aProperties) _ArrayConcatenate($aProperties, $aGPOCmdOutput2D) Return $aProperties EndFunc ;==>_AD_GetGPOByGuidPS Func _AD_GetGPOReportByNamePS($sGPOName, $sReportFullPath, $sReportType = "HTML") ;Generates a report either in XML or HTML format for a specified GPO by name in a domain. Switch $sReportType Case "HTML", "XML" Case Else Return SetError(1, 0, False) EndSwitch Local $sPath = StringRegExpReplace($sReportFullPath, "(^.*\\)(.*)", "$1") ;~ ConsoleWrite($sPath & @CRLF) ;For testing. ;~ If Not FileExists($sPath) Then Return SetError(2, 0, False) Local $sGPOCmd = 'powershell "Get-GPOReport -Name ''' & $sGPOName & ''' -ReportType ' & $sReportType & ' -Path ''' & $sReportFullPath & '''"' ConsoleWrite($sGPOCmd & @CRLF) ;Turn off redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(False) Local $iPIDGPOCmd = Run($sGPOCmd, @SystemDir, @SW_HIDE, $STDERR_MERGED) ProcessWaitClose($iPIDGPOCmd) ;Turn on redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(True) Local $sGPOCmdOutput = StringStripWS(StdoutRead($iPIDGPOCmd), 3) ;~ ConsoleWrite($sGPOCmdOutput & @CRLF & @CRLF) ;For testing. If $sGPOCmdOutput <> "" Then SetError(3, 0, False) Return True EndFunc ;==>_AD_GetGPOReportByNamePS Func _AD_GetGPOReportByGuidPS($sGPOGuid, $sReportFullPath, $sReportType = "HTML") ;Generates a report either in XML or HTML format for a specified GPO by GUID in a domain. Switch $sReportType Case "HTML", "XML" Case Else Return SetError(1, 0, False) EndSwitch Local $sPath = StringRegExpReplace($sReportFullPath, "(^.*\\)(.*)", "$1") ;~ ConsoleWrite($sPath & @CRLF) ;For testing. ;~ If Not FileExists($sPath) Then Return SetError(2, 0, False) Local $sGPOCmd = 'powershell "Get-GPOReport -GUID ''' & $sGPOGuid & ''' -ReportType ' & $sReportType & ' -Path ''' & $sReportFullPath & '''"' ConsoleWrite($sGPOCmd & @CRLF) ;Turn off redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(False) Local $iPIDGPOCmd = Run($sGPOCmd, @SystemDir, @SW_HIDE, $STDERR_MERGED) ProcessWaitClose($iPIDGPOCmd) ;Turn on redirection for a 32-bit script on 64-bit system. If @OSArch = "X64" And Not @AutoItX64 Then _WinAPI_Wow64EnableWow64FsRedirection(True) Local $sGPOCmdOutput = StringStripWS(StdoutRead($iPIDGPOCmd), 3) ;~ ConsoleWrite($sGPOCmdOutput & @CRLF & @CRLF) ;For testing. If $sGPOCmdOutput <> "" Then SetError(3, 0, False) Return True EndFunc ;==>_AD_GetGPOReportByGuidPS  
      Adam
       
    • By Chimp
      Is there an AD way to search if and where (the hostname) an userid is (or on what host was last time) logged?
      Thanks
    • By rudi
      Hello,
       
      <edit>
      In this posting below you will find a script to get an Active Directory User's Group Memberships including nested Group Memberships:
       
      </edit>
      quite a while ago I started this thread: https://www.autoitscript.com/forum/topic/193984-ad-member-of-group-in-group/
       
      #include <AD.au3> _AD_Open() $user=_AD_SamAccountNameToFQDN("ASP") $group=_AD_SamAccountNameToFQDN("daten-Bestellung-QS_lesen") $result=_AD_IsMemberOf($group,$user,false,True) ; $Group is the 1st, $User the 2nd param ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $result = ' & $result & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console _AD_Close() this works fine, thanks for the help in the other thread.
      Howto to get the "chain" of groups for nested group memberships?

      In AD.AU3 I found the function _AD_RecursiveGetMemberOf(), which might be an approach, (get all the group content then sort out what's needed), just wondering if there is another function that I've overlooked, that directly would give me the "nested membership chain" *ONLY*?
       
      Regards, Rudi.
    • By tweakster2010
      Hello All,
      It has been a long time since I posted, role changes etc involving work and I finally am back to modifying a program I write in AutoIt that has AD integration. I am at a point where we are modifying our structure where I am validating users access via what Distribution List they belong to in our AD OU's. What I have run into is the OU is a sub OU of a sub OU now. Meaning: CN=team, OU=DL, OU=Groups, DC=business.com(working), is now CN=Team, OU=SubDL, OU=DL, OU=Groups, DC=business.com (Not working).  Just curious if the AD functionality should be able to read it or maybe I am missing something?
       
      ElseIf _AD_IsMemberOf("CN=Team,OU=Distribution Lists,OU=Groups,DC=business,DC=com", $sFQDN_User) Then #works for primary Distro ElseIf _AD_IsMemberOf("CN=Team,OU=SubDL,OU=Distribution Lists,OU=Groups,DC=business,DC=com", $sFQDN_User) Then #fails for subOU of DL How I am accessing AD to get the information:
      _AD_Open() Global $aUser = _AD_GetObjectsInOU("", "(&(objectCategory=person)(objectClass=user)(samaccountname=" & @UserName & "))", 2, "ADsPath,Displayname,distinguishedName") Global $sDisplayName0 = $aUser[1][1] ; Displayname ;MsgBox(0,"", $sDisplayName0) If StringLeft($sDisplayName0, 2) = "9-" Then $Displaynamestring = StringTrimLeft($sDisplayName0, 2) $Displaynamestring1 = StringTrimRight($Displaynamestring, 6) The error code generated is a 1 with a 0 extended. I assume it is because it cannot find the SubOU.
       
      Thanks for any assistance.
×
×
  • Create New...