Active Directory UDF - Help & Support (III)

[water 1,936]

As the Active Directory UDF - Help & Support thread has grown too big, I start a new one.
The original thread can be found here.

Edited June 8, 2016 by Jos

[gonzo070777 0]

In my custom script I have the #RequireAdmin due to other items being run.  So I did add it to the stock _AD_CreateComputer.au3 and compiled.  I got the same error result with or without #RequireAdmin on the workgroup machine.

[water 1,936]

I have absolutely no idea what goes on. Can we do it step by step?

First _AD_Open. On the workstation do you use the same user as on the connected PC?

[gonzo070777 0]

For _AD_Open.  Variable:  $techusername, $techpassword are the same for all scenarios and input fields(User ID and password in the GUI) in _AD_Open.au3  All other fields also match what is being used (DNSDomain, HostServer, Confiuration) in the GUI and the AD_Open line of code.

If I use the stock script from your UDF:

- Domain machine:  Works fine.  I'm able to get the "Logon Was Successful" with the same username/password passed by $techusername, $techpassword

- Workgroup: Gives -2147352567 upon launch (expected since it doesn't know what the AD server name should be on the workgroup machine)

If I modify the line in _AD_Open.au3 from

_AD_Open()

to 

_AD_Open($techusername, $techpassword, "DC=us,DC=XXXX,DC=com", "XXAD_serverXX.us.XXXX.com", "CN=Configuration,DC=XXXX,DC=com") ;to pass the technician username / password who has rights to AD and the AD variables

- Domain Machine: works fine.  I'm able to get the "Logon Was Successful" with the same username/password passed by $techusername, $techpassword

- Workgroup: Works fine, no error.  I'm able to get the "Logon Was Successful" with the same username/password passed by $techusername, $techpassword

(Result is the same with both "CN=Configuration,DC=XXXX,DC=com" and "CN=Configuration,DC=us,DC=XXXX,DC=com")

Edited February 4, 2014 by gonzo070777

[dataspike 0]

Started playing around with scripts again... this was my first attempt, not sure if it's a config on my side or a bug.

Here's the script...

#include <AD.au3>

$sSam = @ComputerName & "$"
$sFQDN = _AD_SamAccountNameToFQDN($sSam)

#Region --- CodeWizard generated code Start ---
;MsgBox features: Title=Yes, Text=Yes, Buttons=OK, Icon=Info, Miscellaneous=Top-most attribute
MsgBox(262208,"Computer OU",$sFQDN)
#EndRegion --- CodeWizard generated code End ---

The script hangs in SciTE.  Using the latest version available.

Edited February 5, 2014 by dataspike

[water 1,936]

Welcome to AutoIt and the forum!

Before you can call any of the _AD_* functions you need to call _AD_Open to connect to AD.

See any of the example scripts provided with the UDF.

Edited February 5, 2014 by water

[dataspike 0]

Welcome to AutoIt and the forum!

Before you can call any of the _AD_* functions you need to call _AD_Open to connect to AD.

See any of the example scripts provided with the UDF.

Ah, figured it was something simple.   I found the sample code in another post, but you only the two strings were listed.

Thanks!

[water 1,936]

[water 1,936]

Version 1.4.1.0 (Bug fix) of the UDF has been released.

Only runs with AutoIt 3.3.10.2 and later.

Please test before using in production!

For download please see my signature.

[Jochem 0]

I have a problem with _AD_MoveObject

I have the same error with the helpfile provided with the udf as in my script:

I get an error about the object doesn't exist, but "_AD_SamAccountNameToFQDN(@UserName)" seems to be the correct value. I double checked that value

while @username gives me error: Return code '-2147352567' from Active Directory

I am not getting an error about the ou, so this part seems to be oke.

what am I doing wrong?

edit: I am using the latest UDF with autoit 3.3.10.2

Edited February 20, 2014 by Jochem

[water 1,936]

Can you add

_AD_ErrorNotify(2)

at the top of your script so we get detailed error information?

-2147352567 (decimal) = 0x80020009 (hex) just means: General Error

[Jochem 0]

this is the error I get with @username as $sobject

Iwht this error I triple checked the ou and this one seems to be oke.

Edited February 20, 2014 by Jochem

[water 1,936]

Can you please post the full _AD_MoveObject statement you use?

[Jochem 0]

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6

#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y

; *****************************************************************************

; Example 1

; Moves an AD object to another OU.

; *****************************************************************************

#include <AD.au3>

#include <ButtonConstants.au3>

#include <GUIConstantsEx.au3>

#include <WindowsConstants.au3>

_AD_ErrorNotify(2)

; Open Connection to the Active Directory

_AD_Open()

If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

Global $iReply = MsgBox(308, "Active Directory Functions - Example 1", "This script moves an object to another OU." & @CRLF & @CRLF & _

  "Are you sure you want to change the Active Directory?")

If $iReply <> 6 Then Exit

; Enter object to move and target OU

#region ### START Koda GUI section ### Form=

Global $Form1 = GUICreate("Active Directory Functions - Example 1", 814, 124)

GUICtrlCreateLabel("Object to move (FQDN or sAMAccountName):", 8, 10, 231, 17)

GUICtrlCreateLabel("OU where to move to (FQDN):", 8, 42, 231, 17)

Global $IObject = GUICtrlCreateInput(_AD_SamAccountNameToFQDN(@UserName), 241, 8, 559, 21)

;~ Global $IObject = GUICtrlCreateInput(@UserName, 241, 8, 559, 21)

Global $ITargetOU = GUICtrlCreateInput("", 241, 40, 559, 21)

Global $BOK = GUICtrlCreateButton("Move object", 8, 72, 130, 33)

Global $BCancel = GUICtrlCreateButton("Cancel", 728, 72, 73, 33, BitOR($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON))

GUISetState(@SW_SHOW)

#endregion ### END Koda GUI section ###

While 1

 Global $nMsg = GUIGetMsg()

 Switch $nMsg

  Case $GUI_EVENT_CLOSE, $BCancel

   Exit

  Case $BOK

   Global $sObject = GUICtrlRead($IObject)

   Global $sTargetOU = GUICtrlRead($ITargetOU)

   ExitLoop

 EndSwitch

WEnd

; Move object

Global $iValue = _AD_MoveObject($sTargetOU, $sObject)

If $iValue = 1 Then

 MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' successfully moved to '" & $sTargetOU & "'")

ElseIf @error = 1 Then

 MsgBox(64, "Active Directory Functions - Example 1", "Target OU '" & $sTargetOU & "' does not exist")

ElseIf @error = 2 Then

 MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' does not exist")

Else

 MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")

EndIf

; Close Connection to the Active Directory

_AD_Close()

 

actually I use the help file now for testing purposes, this one gives the same error as my script.

I think it is a 2003 AD error with trailing slashes "/" in the FQGN

Edited February 20, 2014 by Jochem

[water 1,936]

Can you please post the data you enter into the GUI (mask company specific information if needed).

[Jochem 0]

$sobject = CN=Jochem xxxxxx /xxxx,OU=medewerkers_CAD_Grafisch,OU=straat1,DC=xxxx,DC=nl

$sTargetOU = OU=Grafische_werkstations,OU=straat1,DC=xxxx,DC=nl

but see the trailing slashes in the CN this seems to be a microsoft AD error:

http://support.microsoft.com/kb/842632

http://support.microsoft.com/kb/826374

But I can`t try the hotfix now

[water 1,936]

Last thing I would try is to use the hex value. Means

$sobject = CN=Jochem xxxxxx \5Cxxxx,OU=medewerkers_CAD_Grafisch,OU=straat1,DC=xxxx,DC=nl

I this doesn't help then you need to install the hotfix.

For details about escaping characters see this site.

[Jochem 0]

thanks, but it didn`t work.

anyway we need to upgrade our AD to 2008, this will solve the problem, for now it isn`t a big issue, because I use this command only for disabled users (a few per month), so i doo this manually.

[water 1,936]

Thanks for the feedback.

As I'm always eager to improve the UDF I'm "glad" to hear that it is a MS bug

[kor 5]

These COM errors are really getting to me.

> Deleting user dramirez
COM Error Encountered in Get list of accounts going to be deleted.au3
AD UDF version = 1.4.0
@AutoItVersion = 3.3.8.1
@AutoItX64 = 0
@Compiled = 0
@OSArch = X86
@OSVersion = WIN_7
Scriptline = 640
NumberHex = 80020009
Number = -2147352567
WinDescription =
Description = The directory property cannot be found in the cache.
Source = Active Directory
HelpFile =
HelpContext = 0
LastDllError = 0
========================================================
>Exit code: 0    Time: 13.300

 

Full Code

#NoTrayIcon
#include <AD.au3>
#include <Date.au3>

Global $aUsers, $sUsername, $sLogin, $sModified, $iLogin, $iModified, $sAttribute, $aResult
Global $iStaffDays = 180 ; days
Global $iStudentDays = 90 ; days

_AD_Open() ; open connection to AD
$aUsers = _AD_GetObjectsInOU("OU=Purgatory,DC=ad,DC=domain,DC=org", "(objectCategory=user)") ; read users in purgatory into an array
For $i = 1 to UBound($aUsers) - 1
    $sUsername = $aUsers[$i]
    $sModified = StringRegExpReplace(_AD_GetObjectAttribute($sUsername, "whenChanged"), "(\d{4})(\d{2})(\d{2}).+", "$1/$2/$3") ; convert YYYYMMDDHHMMSS into YYYY/MM/DD
    $iModified = _DateDiff("D", $sModified, _NowCalcDate()) ; compare dates
    $sAttribute = _AD_GetObjectAttribute($sUsername, "extensionAttribute2")
    If @error Or $sAttribute = "" Then ExitLoop
    If $sAttribute <> "student" Then
        If $iModified >= $iStudentDays Then ; if last modified is more than X days
            ConsoleWrite("> Deleting user " & $sUsername & @CR)
            _ArrayAdd($aResult, $sUsername)
        EndIf
    Else
        If $iModified >= $iStaffDays Then ; if last modified is more than X days
            ConsoleWrite("> Deleting user " & $sUsername & @CR)
            _ArrayAdd($aResult, $sUsername)
        EndIf
    EndIf
Next
_AD_Close() ; close connection to AD
_ArrayDisplay($aResult)