AD.au3 | _AD_Open Error: 4 question

[Kovacic]

Greetings, here is what I am running into.. About my setup:

Computer 1: is on the domain, user account logged in is in local admin group and is a member of the domain, and has elevated AD abilities

Computer 2 (testing computer) logged in to by local admin account (not domain user), is on the domain.

when I execute this on computer 1, it returns the proper OU, on computer 2, it throws an Error 4 during the _AD_Open portion:

#include

dim $sAD_UserIdParam, $sAD_PasswordParam
_AD_Open( $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword")
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = (_AD_SamAccountNameToFQDN("DomainUserAccount"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
_AD_Close()

Keep in mind, I changed usernames and profiles to protect the innocent

When I run this on computer 2, I get Error 4 which is:

4 - Creation of the RootDSE object failed. @extended returns the error code received by the COM error handler. Generated when connection to the domain isn't successful. @extended returns -2147023541 (0x8007054B)

Any thoughts?

Edited January 25, 2013 by Kovacic

[water]

The way you specify userid and password is wrong. Should be:

#include <ad.au3>

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword"
_AD_Open( $sAD_UserIdParam, $sAD_PasswordParam)
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = ("DomainUserAccount")
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
_AD_Close()

[Kovacic]

My only question is, if I changed

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)

to

$fullou = ("DomainUserAccount")
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)

wont the result always just be DomainUserAccount ?

Because we are no longer using _AD_SamAccountNameToFQDN to pull the info

Edited January 25, 2013 by Kovacic

[Kovacic]

Also, I tried to run the script defining the username and password that way and it still came back with an error 4...

[water]

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)

_AD_SamAccountNameToFQDN simply translates a SamAccountName to a Fully Qualified Domain Name (FQDN).

Most functions accept both formats so there is no need to translate it before calling a function.

If you want to get the name of the OU (Organization Unit) the user is assigned to, then _AD_SamAccountNameToFQDN is still needed.

But to get the OU you have to strip of the Relative Distinguished Name (RDN).

$sSamAccount = "DomainUserAccount"
$sFQDN = _AD_SamAccountNameToFQDN($sSamAccount)
$iPos = StringInStr($sFQDN, ",")
$sOU = StringMid($sFQDN, $iPos+1)
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $sOU)

If the users CN (Common Name) contains a "," then another approach is needed to extract the OU.

[water]

When I run this on computer 2, I get Error 4 which is:

4 - Creation of the RootDSE object failed. @extended returns the error code received by the COM error handler. Generated when connection to the domain isn't successful. @extended returns -2147023541 (0x8007054B)

Did you try to pass parameters $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam to _AD_Open?

[Kovacic]

_AD_SamAccountNameToFQDN simply translates a SamAccountName to a Fully Qualified Domain Name (FQDN).

Most functions accept both formats so there is no need to translate it before calling a function.

If you want to get the name of the OU (Organization Unit) the user is assigned to, then _AD_SamAccountNameToFQDN is still needed.

But to get the OU you have to strip of the Relative Distinguished Name (RDN).

$sSamAccount = "DomainUserAccount"
$sFQDN = _AD_SamAccountNameToFQDN($sSamAccount)
$iPos = StringInStr($sFQDN, ",")
$sOU = StringMid($sFQDN, $iPos+1)
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $sOU)

If the users CN (Common Name) contains a "," then another approach is needed to extract the OU.

The reason for that is, I am working on a small tool that will become part of a larger profiler script to get the users OU, strip out 'OU=users', grab everything to the right of it, then add 'OU=Computers' to make sure the computers are in the proper OU based on the user we are setting them up for.

Did you try to pass parameters $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam to _AD_Open?

​I did and it didn't seem to help.. is it because I am running it as local admin?

[water]

If you just want to change the OU then you could use StringReplace

$sSamAccount = "DomainUserAccount"
$sFQDN = _AD_SamAccountNameToFQDN($sSamAccount)
$sNewOU = StringReplace($sFQDN, ",OU=users,", ",OU=Computers,")
Msgbox(0, "Message", "This is Mikes target OU: " & @CRLF & $sNewOU)

[water]

​I did and it didn't seem to help.. is it because I am running it as local admin?

Could you try to specify the username as NetBIOS or UPN?

; * NetBIOS Login Name e.g. "<DOMAIN>\DJ"

; * User Principal Name e.g. "DJ@domain.com"

[Kovacic]

This is where I am so far and it seems im still getting the Error 4..

#include <ad.au3>

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword", $sAD_DNSDomainParam = "DC=MyDomain,DC=COM", $sAD_HostServerParam = "MyDomainController"

_AD_Open( )
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
_AD_Close()

I verified on the same laptop if I log in with domain creds, I can actually pull the OU

Tried every naming convention I could... everything keeps pointing to that same error :/

Edited January 28, 2013 by Kovacic

[water]

You have to pass the parameters to _AD_Open.

Please check the wiki for an example.

And check the $sAD_HostServerParam parameter and please set $sAD_ConfigurationParam as well.

[Kovacic]

I did pass the others, but, what exactly is $sAD_ConfigurationParam? that is the only parim that throws me off... do i need to create an OU called configuration in AD?

[Kovacic]

Also by declaring the parameters as global, shouldn't they be passed on anyways?

[water]

No. Funktion _AD_Open expects them as parameters!

[Kovacic]

ok, looks more like this now:

Global $sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam , $sAD_HostServerParam

_AD_Open($sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPW", $sAD_DNSDomainParam = "DC=Mydomain,DC=COM", $sAD_HostServerParam = "NSDC01")

So what is the $sAD_ConfigurationParam anyways? I don't have that as an OU, even in advanced view

[Kovacic]

Ok, I see it says:

sAD_ConfigurationParam Optional: Configuration naming context if you want to connect to a different domain e.g. CN=Configuration,DC=microsoft,DC=com

The only thing is, I am not trying to connect to a subdomain...

[Kovacic]

out of curiosity, I tried using _AD_Open.au3 on the machine being run as local admin, and it will not work unless I compile it and run it as a domain user. Do you have any examples of this is a working environment?

[BrewManNH]

Your _AD_Open command is written wrong.

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword", $sAD_DNSDomainParam = "DC=MyDomain,DC=COM", $sAD_HostServerParam = "MyDomainController"
_AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam)

You have to pass just the CONTENTS of the variables to the function, you can't assign the values to the variables and pass them at the same time.

[Kovacic]

Your _AD_Open command is written wrong.

Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword", $sAD_DNSDomainParam = "DC=MyDomain,DC=COM", $sAD_HostServerParam = "MyDomainController"
_AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam)

You have to pass just the CONTENTS of the variables to the function, you can't assign the values to the variables and pass them at the same time.

when I tried it that way, I got Error 6 (Parameter $sAD_HostServerParam and $sAD_ConfigurationParam are required when $sAD_DNSDomainParam is specified)

When I strip out the $sAD_HostServerParam and $sAD_ConfigurationParam, I get an error 4 again... Current code looks like this now:

#include <ad.au3>


Global $sAD_UserIdParam = "ServiceProfile", $sAD_PasswordParam = "MyPassword"

_AD_Open($sAD_UserIdParam, $sAD_PasswordParam)
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

$fullou = (_AD_SamAccountNameToFQDN("mkovacic"))
Msgbox(0, "Message", "This is Mikes OU:" & @CRLF & $fullou)
   _AD_Close()

[water]

$sAD_ConfigurationParam has to be specified. If not you get an error message.

If the user is currrently connected to a domain: _AD_Open() is enough because all parameters are being taken from the current connection.

If the user isn't connected to a domain (local user) you have to specify all parameters for _AD_Open. As described in the wiki.