Jump to content
Sign in to follow this  
richietheprogrammer

AD - Given username, find IP

Recommended Posts

richietheprogrammer

Hey all, back with some more AD questions. Is it possible to return machine info (computer name) given a username? Id like to know what computer a specific user is logged in to (and maybe a little history of when they last logged in to which computer), and Im thinking my best odds are using the AD UDF? Thanks for any help!!

Share this post


Link to post
Share on other sites
water

You can't get this information using the AD UDF because it isn't stored in the AD.

This subject has been discussed some time ago on this forum and your best bet is to use a login script and store this information on a file share you can access later.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

Good place to start might be this


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
richietheprogrammer

Do you mean a script would have to run on the user's computer? I think theres a way to do what Im looking for using the AD GUI. What you're suggesting wouldnt work since I don't have the computer information.

Share this post


Link to post
Share on other sites
richietheprogrammer

Dictator, I think that would do the opposite of what Im looking for. What you suggested is a way to find the users logged in to a specific machine. Im looking to a log of machines a user has logged in to.

Share this post


Link to post
Share on other sites
JLogan3o13

As Water stated, this is not something that can be done through the UDF. You would need to do this at a higher level, such as A.D. event logging or creating a login script that records this information, or use an asset management suite such as Altiris or SCCM.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
richietheprogrammer

Oh I see. I actually do use Altiris (web version). Anyway I can script Altiris for quick usage that you can think of?

Share this post


Link to post
Share on other sites
JLogan3o13

What version of Altiris? There should be a canned report for Altiris that shows you the primary user for a machine; you should be able to script either pulling the report or simply querying the database directly.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
richietheprogrammer

I will have to look into that. Alternatively, is it possible to get a log of all the servers a user has logged in to over some time, or is that the same type of deal?

Share this post


Link to post
Share on other sites
JLogan3o13

When you say all servers a user has logged into, are you talking any member server, or do you mean any Domain Controller the user has authenticated against? If it is the latter, you're back to A.D. logging or some other method of keeping track of this, none of it is automagical.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
richietheprogrammer

I do mean Domain Controller. I believe I have heard of a tool in the past (possibly a Windows tool?) that retreives a list of Domain Controllers a user has logged in to recently. So this wouldnt be something easily doable using the AD UDF?

Share this post


Link to post
Share on other sites
water

An intermediate result of function _AD_GetLastLoginDate is a list of Domain Controllers and the date/time of the last login. Is this what you are looking for?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
richietheprogrammer

It sounds like it is what Im looking for. When I try to run it I receive "... ==> Variable must be of type "Object".:" It looks to be failing here:

$__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(" & $sAD_Property & "=" & $sAD_Object & ");ADsPath;subtree"

Ideas? Thanks a lot for your help by the way!!

Share this post


Link to post
Share on other sites
water

Can you please post the whole script you run?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
richietheprogrammer

My script:

#include <ad.au3>
_AD_GetLastLoginDate("johnsmith")

Share this post


Link to post
Share on other sites
water

Please have a look at the example script which comes for every function: _AD_GetLastLoginDate.au3

_AD_Open() is missing at the top of the script.

Try to run this code:

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y

; *****************************************************************************
; Example 1
; Get last login date for current user. Returned as YYYYMMDDHHMMSS
; *****************************************************************************
#include <AD.au3>

; Open Connection to the Active Directory
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

; Get last login date for the current user
Global $iLLDate = _AD_GetLastLoginDate()
MsgBox(64, "Active Directory Functions - Example 1", "Last Login Date for User '" & @UserName & "'" & @CRLF & $iLLDate)

; Close Connection to the Active Directory
_AD_Close()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
richietheprogrammer

Thanks!!! I feel dumb for that. It is taking quite a while to complete. I assume theres no way around that?

Share this post


Link to post
Share on other sites
water

The processing time depends on the number of Domain Controllers to query. If some of them are down it will even take longer.

You could pass the sitename as parameter 2 to reduce processing time.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
richietheprogrammer

Hmm, so after it took around 5 minutes, the messagebox displayed just a date (correctly) but the logs arent much help as the description was a failure. Here is one of them:

COM Error Encountered in script.au3

AD UDF version = 1.3.0

@AutoItVersion = 3.3.8.1

@AutoItX64 = 0

@Compiled = 0

@OSArch = X86

@OSVersion = WIN_7

Scriptline = 1591

NumberHex = 002000

Number = -21473526

WinDescription =

Description = The server is not operational.

Source = Active Directory

HelpFile =

HelpContext = 0

LastDllError = 0

===================

Any idea what might cause this?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • water
      By water
      Extensive library to control and manipulate Microsoft Active Directory.

      Threads: Development - General Help & Support - Example Scripts - Wiki
      Previous downloads: 30467
       
      Known Bugs: (last changed: 2018-08-08)
      _AD_IsPasswordExired: It compares the expiration time (UTC - but should be local time) with the current time (local time). Which is 2 hours off here. Will be fixed in the next version.
      Or replace line If $aTemp[11] <= _NowCalc() Then Return 1 with
      If $aTemp[9] <= _NowCalc() Then Return 1  
      Things to come: (last changed: 2018-08-08)
      Internal function to convert Large Integer to Date String. _AD_ModifyAttribute fully supports single-value and multi-value attributes. Returns better error information. Better support for Fine Grained Password Policy
      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
    • Blois
      By Blois
      Hey Guys,
      Good?
      I'm ned help to consult in other domain. My three domain contains any domains.
      How do I get this query done?
       
      Tks for the Help!
       
    • water
      By water
      Hello all!
      As I have just read access to my companies Active Directory I need some users willing to test the rewritten _AD_ModifyAttribute function.
      My goal is to have the function handle single and multi value attributes the same way and support CLEAR, UPDATE, APPEND and DELETE for the attributes.
      First step is to test how the function handles single value attributes:
      Please modify the following script to specify the object (I suggest a dummy user in your test AD environment - the function might still be buggy).
      Then please run the script and post the restults!
      If everything works as expected we will test multi value attributes. AD attributes: http://www.rlmueller.net/UserAttributes.htm
      #include <AD.au3> _AD_Open() $sObject = "user-to-modify" ; <== NEEDS TO BE CHANGED BY YOU! $sAttribute = "Description" ; CLEAR - single value attribute _AD_ModifyAttribute($sObject, $sAttribute, "Original value", 2) ; Set the original value If @error Then Exit MsgBox(0, "Single value - Error!", "CLEAR: Set original value returned @error = " & @error & ", @extended = " & @extended) _AD_ModifyAttributeEX($sObject, $sAttribute, "", 1) If @error Then Exit MsgBox(0, "Single value - Error!", "CLEAR returned @error = " & @error & ", @extended = " & @extended) $sReturnValue = _AD_GetObjectAttribute($sObject, $sAttribute) If @error Then Exit MsgBox(0, "Single value - Error!", "CLEAR: Query new value returned @error = " & @error & ", @extended = " & @extended) MsgBox(0, "Success!", "Value after CLEAR: " & $sReturnValue & @CRLF & "Expected value: ''") ; UPDATE - single value attribute _AD_ModifyAttribute($sObject, $sAttribute, "Original value", 2) ; Set the original value If @error Then Exit MsgBox(0, "Single value - Error!", "UPDATE: Set original value returned @error = " & @error & ", @extended = " & @extended) _AD_ModifyAttributeEX($sObject, $sAttribute, "UPDATE", 2) If @error Then Exit MsgBox(0, "Single value - Error!", "UPDATE returned @error = " & @error & ", @extended = " & @extended) $sReturnValue = _AD_GetObjectAttribute($sObject, $sAttribute) If @error Then Exit MsgBox(0, "Single value - Error!", "UPDATE: Query new value returned @error = " & @error & ", @extended = " & @extended) MsgBox(0, "Success!", "Value after UPDATE: " & $sReturnValue & @CRLF & "Expected value: 'UPDATE'") ; APPEND - single value attribute - APPEND should work the same way as UPDATE _AD_ModifyAttribute($sObject, $sAttribute, "Original value", 2) ; Set the original value _AD_ModifyAttributeEX($sObject, $sAttribute, "APPEND", 3) $sReturnValue = _AD_GetObjectAttribute($sObject, $sAttribute) If @error Then Exit MsgBox(0, "Single value - Error!", "APPEND returned @error = " & @error & ", @extended = " & @extended) MsgBox(0, "Success!", "Value after APPEND: " & $sReturnValue & @CRLF & "Expected value: 'APPEND'") ; DELETE - single value attribute - DELETE should work the same way as CLEAR _AD_ModifyAttribute($sObject, $sAttribute, "Original value", 2) ; Set the original value _AD_ModifyAttributeEX($sObject, $sAttribute, "DELETE", 4) $sReturnValue = _AD_GetObjectAttribute($sObject, $sAttribute) If @error Then Exit MsgBox(0, "Single value - Error!", "DELETE returned @error = " & @error & ", @extended = " & @extended) MsgBox(0, "Success!", "Value after DELETE: " & $sReturnValue & @CRLF & "Expected value: ''") _AD_Close() Exit ; #FUNCTION# ==================================================================================================================== ; Name...........: _AD_ModifyAttribute ; Description ...: Modifies an attribute of the given object to the value specified. ; Syntax.........: _AD_ModifyAttribute($sObject, $sAttribute[, $vValue = ""[, $iOption = 1]]) ; Parameters ....: $sObject - Object (user, group ...) to add/delete/modify an attribute (sAMAccountName or FQDN) ; $sAttribute - Attribute to add/delete/modify ; $vValue - Optional: Value(s) to modify the attribute with. Use a blank string ("") to remove all values (default). ; +$vValue can be a single value (as a string) or a multi-value (as a zero-based one-dimensional array) ; $iOption - Optional: Indicates the mode of modification: Clear, Update, Append, Delete. ; |1 - CLEAR: remove all value(s) from the attribute (default when $vValue = "" or Default) ; |2 - UPDATE: replace the current value(s) with the specified value(s) ; |3 - APPEND: append the specified value(s) to the existing values(s) ; |4 - DELETE: delete the specified value(s) from the object ; Return values .: Success - 1 ; Failure - 0, sets @error to: ; |1 - $sObject does not exist ; |2 - Parameter $iOption is invalid. needs to be in the range1 to 4. ; |x - Error returned by SetInfo method (Missing permission etc.) ; Author ........: Jonathan Clelland ; Modified.......: water ; Remarks .......: ; Related .......: _AD_GetObjectAttribute, _AD_GetObjectProperties, _AD_AddEmailAddress ; Link ..........: http://msdn.microsoft.com/en-us/library/aa746353(VS.85).aspx (ADS_PROPERTY_OPERATION_ENUM Enumeration) ; Example .......: Yes ; =============================================================================================================================== Func _AD_ModifyAttributeEX($sObject, $sAttribute, $vValue = "", $iOption = 1) Local $aValue[1] If $vValue = Default Then $vValue = "" If IsArray($vValue) Then $aValue = $vValue Else ; Move the string value to the array $aValue[0] = $vValue EndIf If $iOption = Default Then $iOption = 1 If $iOption < 1 Or $iOption > 4 Then Return SetError(2, 0, 0) If Not _AD_ObjectExists($sObject) Then Return SetError(1, 0, 0) Local $sProperty = "sAMAccountName" If StringMid($sObject, 3, 1) = "=" Then $sProperty = "distinguishedName" ; FQDN provided $__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(" & $sProperty & "=" & $sObject & ");ADsPath;subtree" Local $oRecordSet = $__oAD_Command.Execute ; Retrieve the ADsPath for the object Local $sLDAPEntry = $oRecordSet.fields(0).Value Local $oObject = __AD_ObjGet($sLDAPEntry) ; Retrieve the COM Object for the object $oObject.GetInfo Switch $iOption Case 1 $oObject.PutEx(1, $sAttribute, 0) ; CLEAR: remove all the property value(s) from the object Case 2 $oObject.PutEx(2, $sAttribute, $aValue) ; UPDATE: replace the current value(s) with the specified value(s) Case 3 $oObject.PutEx(3, $sAttribute, $aValue) ; APPEND: append the specified value(s) to the existing values(s) Case 4 $oObject.PutEx(4, $sAttribute, $aValue) ; DELETE: delete the specified value(s) from the object EndSwitch $oObject.SetInfo If @error Then Return SetError(@error, 0, 0) Return 1 EndFunc ;==>_AD_ModifyAttributeEX  
    • Trinnon
      By Trinnon
      I have a question about the @error logging features in _AD_CreateUser.  Hopefully I am just missing something obvious.
      In my app I am creating a user if it does not exist then manipulating some attributes. 
      If the user does exist I would then call another function to remove groups from the user and modify some attributes.
      My question is...
      If the user already Exists, the _AD_CreateUser option gives $iValue = 0 and @error = 0.
      How can @error = 1 for the condition that the user already exists?
       
      I copied a small ship of the code in question along with my full .au3. 
      I am using AD UDF 1.4.9.0 (Water, thanks for the awesome work on this!!!).
      $iValue = _AD_CreateUser ($sOU, $sUser, $sCN)
      If $iValue = 1 Then
            _FileWriteLog ($Log, "Func UserCheck() - User '" & $sUser & "' successfully created ==> Calling UserAttribsNewUser Function.")
            Call ("NewUser")
      ElseIf @error = 1 Then
            _FileWriteLog ($Log, $sUser & " already exists ==> Calling UserAttribsExistingUser Function.")
            Call ("ExistingUser")
       
      AccountSettingConfigurations-Test1.au3
       
×