Jump to content
Sign in to follow this  
Kovacic

AD.au3 | _AD_Open Error: 4 question

Recommended Posts

Kovacic

Greetings, here is what I am running into.. About my setup:

Computer 1: is on the domain, user account logged in is in local admin group and is a member of the domain, and has elevated AD abilities

Computer 2 (testing computer) logged in to by local admin account (not domain user), is on the domain.

when I execute this on computer 1, it returns the proper OU, on computer 2, it throws an Error 4 during the _AD_Open portion:

#include

dim $sAD_UserIdParam, $sAD_PasswordParam
_AD_Open( $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword")
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = (_AD_SamAccountNameToFQDN("DomainUserAccount"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
_AD_Close()

Keep in mind, I changed usernames and profiles to protect the innocent ;)

When I run this on computer 2, I get Error 4 which is:

4 - Creation of the RootDSE object failed. @extended returns the error code received by the COM error handler. Generated when connection to the domain isn't successful. @extended returns -2147023541 (0x8007054B)

Any thoughts?

Edited by Kovacic

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

The way you specify userid and password is wrong. Should be:

#include <ad.au3>

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword"
_AD_Open( $sAD_UserIdParam, $sAD_PasswordParam)
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = ("DomainUserAccount")
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
_AD_Close()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

My only question is, if I changed

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)

to

$fullou = ("DomainUserAccount")
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)

wont the result always just be DomainUserAccount ?

Because we are no longer using _AD_SamAccountNameToFQDN to pull the info

Edited by Kovacic

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
Kovacic

Also, I tried to run the script defining the username and password that way and it still came back with an error 4...


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)

_AD_SamAccountNameToFQDN simply translates a SamAccountName to a Fully Qualified Domain Name (FQDN).

Most functions accept both formats so there is no need to translate it before calling a function.

If you want to get the name of the OU (Organization Unit) the user is assigned to, then _AD_SamAccountNameToFQDN is still needed.

But to get the OU you have to strip of the Relative Distinguished Name (RDN).

$sSamAccount = "DomainUserAccount"
$sFQDN = _AD_SamAccountNameToFQDN($sSamAccount)
$iPos = StringInStr($sFQDN, ",")
$sOU = StringMid($sFQDN, $iPos+1)
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $sOU)
If the users CN (Common Name) contains a "," then another approach is needed to extract the OU.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

When I run this on computer 2, I get Error 4 which is:

4 - Creation of the RootDSE object failed. @extended returns the error code received by the COM error handler. Generated when connection to the domain isn't successful. @extended returns -2147023541 (0x8007054B)

Did you try to pass parameters $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam to _AD_Open?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

_AD_SamAccountNameToFQDN simply translates a SamAccountName to a Fully Qualified Domain Name (FQDN).

Most functions accept both formats so there is no need to translate it before calling a function.

If you want to get the name of the OU (Organization Unit) the user is assigned to, then _AD_SamAccountNameToFQDN is still needed.

But to get the OU you have to strip of the Relative Distinguished Name (RDN).

$sSamAccount = "DomainUserAccount"
$sFQDN = _AD_SamAccountNameToFQDN($sSamAccount)
$iPos = StringInStr($sFQDN, ",")
$sOU = StringMid($sFQDN, $iPos+1)
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $sOU)
If the users CN (Common Name) contains a "," then another approach is needed to extract the OU.

The reason for that is, I am working on a small tool that will become part of a larger profiler script to get the users OU, strip out 'OU=users', grab everything to the right of it, then add 'OU=Computers' to make sure the computers are in the proper OU based on the user we are setting them up for.

Did you try to pass parameters $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam to _AD_Open?

​I did and it didn't seem to help.. is it because I am running it as local admin?


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

If you just want to change the OU then you could use StringReplace

$sSamAccount = "DomainUserAccount"
$sFQDN = _AD_SamAccountNameToFQDN($sSamAccount)
$sNewOU = StringReplace($sFQDN, ",OU=users,", ",OU=Computers,")
Msgbox(0, "Message", "This is Mikes target OU: " & @CRLF & $sNewOU)
  • Like 1

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

​I did and it didn't seem to help.. is it because I am running it as local admin?

Could you try to specify the username as NetBIOS or UPN?

; * NetBIOS Login Name e.g. "<DOMAIN>\DJ"

; * User Principal Name e.g. "DJ@domain.com"


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

This is where I am so far and it seems im still getting the Error 4..

#include <ad.au3>

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword", $sAD_DNSDomainParam = "DC=MyDomain,DC=COM", $sAD_HostServerParam = "MyDomainController"

_AD_Open( )
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
_AD_Close()

I verified on the same laptop if I log in with domain creds, I can actually pull the OU

Tried every naming convention I could... everything keeps pointing to that same error :/

Edited by Kovacic

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

You have to pass the parameters to _AD_Open.

Please check the wiki for an example.

And check the $sAD_HostServerParam parameter and please set $sAD_ConfigurationParam as well.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

I did pass the others, but, what exactly is $sAD_ConfigurationParam? that is the only parim that throws me off... do i need to create an OU called configuration in AD?


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
Kovacic

Also by declaring the parameters as global, shouldn't they be passed on anyways?


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

No. Funktion _AD_Open expects them as parameters!


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

ok, looks more like this now:

Global $sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam , $sAD_HostServerParam

_AD_Open($sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPW", $sAD_DNSDomainParam = "DC=Mydomain,DC=COM", $sAD_HostServerParam = "NSDC01")

So what is the $sAD_ConfigurationParam anyways? I don't have that as an OU, even in advanced view


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
Kovacic

Ok, I see it says:

sAD_ConfigurationParam Optional: Configuration naming context if you want to connect to a different domain e.g. CN=Configuration,DC=microsoft,DC=com

The only thing is, I am not trying to connect to a subdomain...


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
Kovacic

out of curiosity, I tried using _AD_Open.au3 on the machine being run as local admin, and it will not work unless I compile it and run it as a domain user. Do you have any examples of this is a working environment?


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
BrewManNH

Your _AD_Open command is written wrong.

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword", $sAD_DNSDomainParam = "DC=MyDomain,DC=COM", $sAD_HostServerParam = "MyDomainController"
_AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam)

You have to pass just the CONTENTS of the variables to the function, you can't assign the values to the variables and pass them at the same time.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
Kovacic

Your _AD_Open command is written wrong.

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword", $sAD_DNSDomainParam = "DC=MyDomain,DC=COM", $sAD_HostServerParam = "MyDomainController"
_AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam)

You have to pass just the CONTENTS of the variables to the function, you can't assign the values to the variables and pass them at the same time.

when I tried it that way, I got Error 6 (Parameter $sAD_HostServerParam and $sAD_ConfigurationParam are required when $sAD_DNSDomainParam is specified)

When I strip out the $sAD_HostServerParam and $sAD_ConfigurationParam, I get an error 4 again... Current code looks like this now:

#include <ad.au3>


Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword"

_AD_Open($sAD_UserIdParam, $sAD_PasswordParam)
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
   _AD_Close()

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

$sAD_ConfigurationParam has to be specified. If not you get an error message.

If the user is currrently connected to a domain: _AD_Open() is enough because all parameters are being taken from the current connection.

If the user isn't connected to a domain (local user) you have to specify all parameters for _AD_Open. As described in the wiki.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • xiantez
      By xiantez
      This script used to work on an older version of AutoIT. Currently I am running AutoIT v3.3.14.5 and it's failing.
      Func PublicIP() ;Post public facing IP address Local $url = 'https://www.google.com/search?client=opera&q=what+is+my+ip&sourceid=opera&ie=UTF-8&oe=UTF-8' Local $getIPaddress = BinaryToString(InetRead($url)) Local $sStart = 'clamp:2">' Local $sEnd = '</div>' Local $ipaddress = _StringBetween($getIPaddress, $sStart, $sEnd For $i In $ipaddress MsgBox(0, 'External IP', "Your public IP address is " & $i) Next EndFunc ;==>PublicIP The console output shows:
      "C:\Users\user\Documents\AutoIT\Scripts\WSI Tools.au3" (197) : ==> Variable must be of type "Object".: For $i In $ipaddress For $i In $ipaddress^ ERROR ->14:12:16 AutoIt3.exe ended.rc:1 +>14:12:16 AutoIt3Wrapper Finished. >Exit code: 1 Time: 9.811
    • Blois
      By Blois
      Hey Guys,
      Good?
      I'm ned help to consult in other domain. My three domain contains any domains.
      How do I get this query done?
       
      Tks for the Help!
       
    • Xandy
      By Xandy
      I'm listing the error message strings, and roughly matching the error code
      Is this how to do error reporting?  Is there a more simple way I don't know about?
      I realise I might not need to trap @error inside $error.  I like it this way b/c I have no fear of overwriting @error now; I don't even use it.
      Func Send_Connect($address, $port)     $socket = TCPConnect($address, $port)     $error = @error     If $error <> 0 Then         Local $aError[4] = ["-2 not connected.", _                             "1 IPAddr is incorrect.", _                             "2 port is incorrect."]         $aError[3] = "10060 Connection timed out."         If $error < 0 Then $error = 0         If $error > 2 Then $error = 3         MsgBox(0, "TCP Connect Error", $aError[$error], 0)         $socket = 0     EndIf     Return $socket EndFunc
    • Spartan117
      By Spartan117
      Hi everyone,
      I am wondering if is there any autoit function that make the program ignore errors and move on and resume correct lines?
      Thank you
    • rudi
      By rudi
      Hello,
       
      from this posting of @Jos https://www.autoitscript.com/forum/topic/162005-getting-windows-users-account-type/?do=findComment&comment=1176831
      I can smoothly check, if a user is a *DIRECT* group member. Has anybody some code to check also, if a user is a *INDIRECT* member of a cascaded group construct?  Maybe with @Melba23 's AD UDF?
       
      The required rights are granted to group "Dept_B" User John is member of group "Dept_A" Group "Dept_A" is member of the group "Dept_B" So in the AD / NTFS FS environment John finally has the rights of both groups But when checking his "membership to group Dept_B" the result is "no member". The approach I can think of would be, to check all Group Members of group "Dept_B" whether they are of type group, then check again if "John" is member of than " 2nd level group"
      Func UserInGroup($InGroup,$ThisUser=@LogonDomain & "/" & @UserName) Local $objUser = ObjGet("WinNT://" & $ThisUser ) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 EndIf Next Return 0 EndFunc Any suggestions appreciated, regards, Rudi.
×