Jump to content
Sign in to follow this  
Kovacic

AD.au3 | _AD_Open Error: 4 question

Recommended Posts

Kovacic

Greetings, here is what I am running into.. About my setup:

Computer 1: is on the domain, user account logged in is in local admin group and is a member of the domain, and has elevated AD abilities

Computer 2 (testing computer) logged in to by local admin account (not domain user), is on the domain.

when I execute this on computer 1, it returns the proper OU, on computer 2, it throws an Error 4 during the _AD_Open portion:

#include

dim $sAD_UserIdParam, $sAD_PasswordParam
_AD_Open( $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword")
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = (_AD_SamAccountNameToFQDN("DomainUserAccount"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
_AD_Close()

Keep in mind, I changed usernames and profiles to protect the innocent ;)

When I run this on computer 2, I get Error 4 which is:

4 - Creation of the RootDSE object failed. @extended returns the error code received by the COM error handler. Generated when connection to the domain isn't successful. @extended returns -2147023541 (0x8007054B)

Any thoughts?

Edited by Kovacic

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

The way you specify userid and password is wrong. Should be:

#include <ad.au3>

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword"
_AD_Open( $sAD_UserIdParam, $sAD_PasswordParam)
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = ("DomainUserAccount")
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
_AD_Close()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

My only question is, if I changed

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)

to

$fullou = ("DomainUserAccount")
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)

wont the result always just be DomainUserAccount ?

Because we are no longer using _AD_SamAccountNameToFQDN to pull the info

Edited by Kovacic

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
Kovacic

Also, I tried to run the script defining the username and password that way and it still came back with an error 4...


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)

_AD_SamAccountNameToFQDN simply translates a SamAccountName to a Fully Qualified Domain Name (FQDN).

Most functions accept both formats so there is no need to translate it before calling a function.

If you want to get the name of the OU (Organization Unit) the user is assigned to, then _AD_SamAccountNameToFQDN is still needed.

But to get the OU you have to strip of the Relative Distinguished Name (RDN).

$sSamAccount = "DomainUserAccount"
$sFQDN = _AD_SamAccountNameToFQDN($sSamAccount)
$iPos = StringInStr($sFQDN, ",")
$sOU = StringMid($sFQDN, $iPos+1)
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $sOU)
If the users CN (Common Name) contains a "," then another approach is needed to extract the OU.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

When I run this on computer 2, I get Error 4 which is:

4 - Creation of the RootDSE object failed. @extended returns the error code received by the COM error handler. Generated when connection to the domain isn't successful. @extended returns -2147023541 (0x8007054B)

Did you try to pass parameters $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam to _AD_Open?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

_AD_SamAccountNameToFQDN simply translates a SamAccountName to a Fully Qualified Domain Name (FQDN).

Most functions accept both formats so there is no need to translate it before calling a function.

If you want to get the name of the OU (Organization Unit) the user is assigned to, then _AD_SamAccountNameToFQDN is still needed.

But to get the OU you have to strip of the Relative Distinguished Name (RDN).

$sSamAccount = "DomainUserAccount"
$sFQDN = _AD_SamAccountNameToFQDN($sSamAccount)
$iPos = StringInStr($sFQDN, ",")
$sOU = StringMid($sFQDN, $iPos+1)
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $sOU)
If the users CN (Common Name) contains a "," then another approach is needed to extract the OU.

The reason for that is, I am working on a small tool that will become part of a larger profiler script to get the users OU, strip out 'OU=users', grab everything to the right of it, then add 'OU=Computers' to make sure the computers are in the proper OU based on the user we are setting them up for.

Did you try to pass parameters $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam to _AD_Open?

​I did and it didn't seem to help.. is it because I am running it as local admin?


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

If you just want to change the OU then you could use StringReplace

$sSamAccount = "DomainUserAccount"
$sFQDN = _AD_SamAccountNameToFQDN($sSamAccount)
$sNewOU = StringReplace($sFQDN, ",OU=users,", ",OU=Computers,")
Msgbox(0, "Message", "This is Mikes target OU: " & @CRLF & $sNewOU)
  • Like 1

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

​I did and it didn't seem to help.. is it because I am running it as local admin?

Could you try to specify the username as NetBIOS or UPN?

; * NetBIOS Login Name e.g. "<DOMAIN>\DJ"

; * User Principal Name e.g. "DJ@domain.com"


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

This is where I am so far and it seems im still getting the Error 4..

#include <ad.au3>

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword", $sAD_DNSDomainParam = "DC=MyDomain,DC=COM", $sAD_HostServerParam = "MyDomainController"

_AD_Open( )
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
_AD_Close()

I verified on the same laptop if I log in with domain creds, I can actually pull the OU

Tried every naming convention I could... everything keeps pointing to that same error :/

Edited by Kovacic

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

You have to pass the parameters to _AD_Open.

Please check the wiki for an example.

And check the $sAD_HostServerParam parameter and please set $sAD_ConfigurationParam as well.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

I did pass the others, but, what exactly is $sAD_ConfigurationParam? that is the only parim that throws me off... do i need to create an OU called configuration in AD?


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
Kovacic

Also by declaring the parameters as global, shouldn't they be passed on anyways?


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

No. Funktion _AD_Open expects them as parameters!


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Kovacic

ok, looks more like this now:

Global $sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam , $sAD_HostServerParam

_AD_Open($sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPW", $sAD_DNSDomainParam = "DC=Mydomain,DC=COM", $sAD_HostServerParam = "NSDC01")

So what is the $sAD_ConfigurationParam anyways? I don't have that as an OU, even in advanced view


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
Kovacic

Ok, I see it says:

sAD_ConfigurationParam Optional: Configuration naming context if you want to connect to a different domain e.g. CN=Configuration,DC=microsoft,DC=com

The only thing is, I am not trying to connect to a subdomain...


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
Kovacic

out of curiosity, I tried using _AD_Open.au3 on the machine being run as local admin, and it will not work unless I compile it and run it as a domain user. Do you have any examples of this is a working environment?


C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
BrewManNH

Your _AD_Open command is written wrong.

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword", $sAD_DNSDomainParam = "DC=MyDomain,DC=COM", $sAD_HostServerParam = "MyDomainController"
_AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam)

You have to pass just the CONTENTS of the variables to the function, you can't assign the values to the variables and pass them at the same time.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
Kovacic

Your _AD_Open command is written wrong.

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword", $sAD_DNSDomainParam = "DC=MyDomain,DC=COM", $sAD_HostServerParam = "MyDomainController"
_AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam)

You have to pass just the CONTENTS of the variables to the function, you can't assign the values to the variables and pass them at the same time.

when I tried it that way, I got Error 6 (Parameter $sAD_HostServerParam and $sAD_ConfigurationParam are required when $sAD_DNSDomainParam is specified)

When I strip out the $sAD_HostServerParam and $sAD_ConfigurationParam, I get an error 4 again... Current code looks like this now:

#include <ad.au3>


Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword"

_AD_Open($sAD_UserIdParam, $sAD_PasswordParam)
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
   _AD_Close()

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Share this post


Link to post
Share on other sites
water

$sAD_ConfigurationParam has to be specified. If not you get an error message.

If the user is currrently connected to a domain: _AD_Open() is enough because all parameters are being taken from the current connection.

If the user isn't connected to a domain (local user) you have to specify all parameters for _AD_Open. As described in the wiki.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • Spartan117
      By Spartan117
      Hi everyone,
      I am wondering if is there any autoit function that make the program ignore errors and move on and resume correct lines?
      Thank you
    • rudi
      By rudi
      Hello,
       
      from this posting of @Jos https://www.autoitscript.com/forum/topic/162005-getting-windows-users-account-type/?do=findComment&comment=1176831
      I can smoothly check, if a user is a *DIRECT* group member. Has anybody some code to check also, if a user is a *INDIRECT* member of a cascaded group construct?  Maybe with @Melba23 's AD UDF?
       
      The required rights are granted to group "Dept_B" User John is member of group "Dept_A" Group "Dept_A" is member of the group "Dept_B" So in the AD / NTFS FS environment John finally has the rights of both groups But when checking his "membership to group Dept_B" the result is "no member". The approach I can think of would be, to check all Group Members of group "Dept_B" whether they are of type group, then check again if "John" is member of than " 2nd level group"
      Func UserInGroup($InGroup,$ThisUser=@LogonDomain & "/" & @UserName) Local $objUser = ObjGet("WinNT://" & $ThisUser ) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 EndIf Next Return 0 EndFunc Any suggestions appreciated, regards, Rudi.
    • nacerbaaziz
      By nacerbaaziz
      Hi dear
      I have a question please
      Can we customize error messages in autoit script?
      I mean internal error messages
      for example
      AutoIt Error
      Line 4  (File "D:\my projects\NVDA Manager\New AutoIt v3
      Script.au3"):
      $script[1] = 1
      $script^ ERROR
      Error: Subscript used on non-accessible variable.
      For example, I want to customize this message
      Is this possible?
      am waiting for your answers
    • AnonymousX
      By AnonymousX
      Hello,
      I'm trying to make a program that can look at a folder directory, find all the CSV files, and then add the data from CSV's to an array. 
      The problem I seem to be running into is on the 2nd iteration (2nd file) when the script will not create an array. Could someone please help? Thanks in advance
       
      #include <Array.au3> #include <File.au3> #include <MsgBoxConstants.au3> #include <Excel.au3> #include <MsgBoxConstants.au3> Global $MasterArray RefineData() Func RefineData() Local $i, $filenum, $file, $csvArray, $sFilePath = @ScriptDir $fileList = _FileListToArrayRec($sFilePath, "*.csv", 1) ;Create and array of all .csv files within folder ;=====Loop through the .csv files within the folder====== For $filenum = 1 To UBound($fileList) - 1 Step 1 $file = $fileList[$filenum] $sFilePath = $sFilePath & "\" & $file ;=====Create array based on csv file===== _FileReadToArray($sFilePath, $csvArray, $FRTA_NOCOUNT, ",") _ArrayDisplay($csvArray,"File: " & $filenum) If $filenum = 1 Then $MasterArray = $csvArray _ArrayDisplay($MasterArray, "Master") Else $MasterArray = _ArrayColInsert($MasterArray, UBound($MasterArray)) ;want column added at end For $i = 0 To UBound($MasterArray)-1 Step 1 $MasterArray[$i][UBound($MasterArray) - 1] = $csvArray[$i][4] Next _ArrayDisplay($MasterArray, "Master") EndIf Next EndFunc ;==>RefineData  
    • ur
      By ur
      In the autoit file, if we add multiple libraries (both internal and custom created one)
       
      When we compile the code and run the exe, some time we are getting runtime errors.
      But the line number of error is not showing the exact line number, might be it is including the line number count of libraries also.
      Can you please suggest how to get the exact error line number.
      So, it will be useful for debugging.
×