Active Directory UDF - Help & Support (III)

water · January 31, 2014

As the Active Directory UDF - Help & Support thread has grown too big, I start a new one.
The original thread can be found here.

Edited June 8, 2016 by Jos

gonzo070777 · January 31, 2014

In my custom script I have the #RequireAdmin due to other items being run. So I did add it to the stock _AD_CreateComputer.au3 and compiled. I got the same error result with or without #RequireAdmin on the workgroup machine.

water · February 4, 2014

I have absolutely no idea what goes on. Can we do it step by step?

First _AD_Open. On the workstation do you use the same user as on the connected PC?

gonzo070777 · February 4, 2014

For _AD_Open. Variable: $techusername, $techpassword are the same for all scenarios and input fields(User ID and password in the GUI) in _AD_Open.au3 All other fields also match what is being used (DNSDomain, HostServer, Confiuration) in the GUI and the AD_Open line of code.

If I use the stock script from your UDF:

- Domain machine: Works fine. I'm able to get the "Logon Was Successful" with the same username/password passed by $techusername, $techpassword

- Workgroup: Gives -2147352567 upon launch (expected since it doesn't know what the AD server name should be on the workgroup machine)

If I modify the line in _AD_Open.au3 from

_AD_Open()

to

_AD_Open($techusername, $techpassword, "DC=us,DC=XXXX,DC=com", "XXAD_serverXX.us.XXXX.com", "CN=Configuration,DC=XXXX,DC=com") ;to pass the technician username / password who has rights to AD and the AD variables

- Domain Machine: works fine. I'm able to get the "Logon Was Successful" with the same username/password passed by $techusername, $techpassword

- Workgroup: Works fine, no error. I'm able to get the "Logon Was Successful" with the same username/password passed by $techusername, $techpassword

(Result is the same with both "CN=Configuration,DC=XXXX,DC=com" and "CN=Configuration,DC=us,DC=XXXX,DC=com")

Edited February 4, 2014 by gonzo070777

dataspike · February 5, 2014

Started playing around with scripts again... this was my first attempt, not sure if it's a config on my side or a bug.

Here's the script...

#include <AD.au3>

$sSam = @ComputerName & "$"
$sFQDN = _AD_SamAccountNameToFQDN($sSam)

#Region --- CodeWizard generated code Start ---
;MsgBox features: Title=Yes, Text=Yes, Buttons=OK, Icon=Info, Miscellaneous=Top-most attribute
MsgBox(262208,"Computer OU",$sFQDN)
#EndRegion --- CodeWizard generated code End ---

The script hangs in SciTE. Using the latest version available.

Edited February 5, 2014 by dataspike

water · February 5, 2014

Welcome to AutoIt and the forum!

Before you can call any of the _AD_* functions you need to call _AD_Open to connect to AD.

See any of the example scripts provided with the UDF.

Edited February 5, 2014 by water

dataspike · February 6, 2014

Welcome to AutoIt and the forum!

Before you can call any of the _AD_* functions you need to call _AD_Open to connect to AD.

See any of the example scripts provided with the UDF.

Ah, figured it was something simple. I found the sample code in another post, but you only the two strings were listed.

Thanks!

water · February 6, 2014

water · February 17, 2014

Version 1.4.1.0 (Bug fix) of the UDF has been released.

Only runs with AutoIt 3.3.10.2 and later.

Please test before using in production!

For download please see my signature.

Jochem · February 20, 2014

I have a problem with _AD_MoveObject

I have the same error with the helpfile provided with the udf as in my script:

I get an error about the object doesn't exist, but "_AD_SamAccountNameToFQDN(@UserName)" seems to be the correct value. I double checked that value

while @username gives me error: Return code '-2147352567' from Active Directory

I am not getting an error about the ou, so this part seems to be oke.

what am I doing wrong?

edit: I am using the latest UDF with autoit 3.3.10.2

Edited February 20, 2014 by Jochem

water · February 20, 2014

Can you add

_AD_ErrorNotify(2)

at the top of your script so we get detailed error information?

-2147352567 (decimal) = 0x80020009 (hex) just means: General Error

Jochem · February 20, 2014

this is the error I get with @username as $sobject

Iwht this error I triple checked the ou and this one seems to be oke.

Edited February 20, 2014 by Jochem

water · February 20, 2014

Can you please post the full _AD_MoveObject statement you use?

Jochem · February 20, 2014

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Moves an AD object to another OU.
; *****************************************************************************
#include <AD.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>

_AD_ErrorNotify(2)
; Open Connection to the Active Directory
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

Global $iReply = MsgBox(308, "Active Directory Functions - Example 1", "This script moves an object to another OU." & @CRLF & @CRLF & _
  "Are you sure you want to change the Active Directory?")
If $iReply <> 6 Then Exit

; Enter object to move and target OU
#region ### START Koda GUI section ### Form=
Global $Form1 = GUICreate("Active Directory Functions - Example 1", 814, 124)
GUICtrlCreateLabel("Object to move (FQDN or sAMAccountName):", 8, 10, 231, 17)
GUICtrlCreateLabel("OU where to move to (FQDN):", 8, 42, 231, 17)
Global $IObject = GUICtrlCreateInput(_AD_SamAccountNameToFQDN(@UserName), 241, 8, 559, 21)
;~ Global $IObject = GUICtrlCreateInput(@UserName, 241, 8, 559, 21)
Global $ITargetOU = GUICtrlCreateInput("", 241, 40, 559, 21)
Global $BOK = GUICtrlCreateButton("Move object", 8, 72, 130, 33)
Global $BCancel = GUICtrlCreateButton("Cancel", 728, 72, 73, 33, BitOR($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON))
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###

While 1
Global $nMsg = GUIGetMsg()
Switch $nMsg
  Case $GUI_EVENT_CLOSE, $BCancel
   Exit
  Case $BOK
   Global $sObject = GUICtrlRead($IObject)
   Global $sTargetOU = GUICtrlRead($ITargetOU)
   ExitLoop
EndSwitch
WEnd

; Move object
Global $iValue = _AD_MoveObject($sTargetOU, $sObject)
If $iValue = 1 Then
MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' successfully moved to '" & $sTargetOU & "'")
ElseIf @error = 1 Then
MsgBox(64, "Active Directory Functions - Example 1", "Target OU '" & $sTargetOU & "' does not exist")
ElseIf @error = 2 Then
MsgBox(64, "Active Directory Functions - Example 1", "Object '" & $sObject & "' does not exist")
Else
MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf

; Close Connection to the Active Directory
_AD_Close()

actually I use the help file now for testing purposes, this one gives the same error as my script.

I think it is a 2003 AD error with trailing slashes "/" in the FQGN

Edited February 20, 2014 by Jochem

water · February 20, 2014

Can you please post the data you enter into the GUI (mask company specific information if needed).

Jochem · February 21, 2014

$sobject = CN=Jochem xxxxxx /xxxx,OU=medewerkers_CAD_Grafisch,OU=straat1,DC=xxxx,DC=nl

$sTargetOU = OU=Grafische_werkstations,OU=straat1,DC=xxxx,DC=nl

but see the trailing slashes in the CN this seems to be a microsoft AD error:

http://support.microsoft.com/kb/842632

http://support.microsoft.com/kb/826374

But I can`t try the hotfix now

water · February 21, 2014

Last thing I would try is to use the hex value. Means

$sobject = CN=Jochem xxxxxx \5Cxxxx,OU=medewerkers_CAD_Grafisch,OU=straat1,DC=xxxx,DC=nl

I this doesn't help then you need to install the hotfix.

For details about escaping characters see this site.

Jochem · February 21, 2014

thanks, but it didn`t work.

anyway we need to upgrade our AD to 2008, this will solve the problem, for now it isn`t a big issue, because I use this command only for disabled users (a few per month), so i doo this manually.

water · February 21, 2014

Thanks for the feedback.

As I'm always eager to improve the UDF I'm "glad" to hear that it is a MS bug

kor · March 15, 2014

These COM errors are really getting to me.

> Deleting user dramirez
COM Error Encountered in Get list of accounts going to be deleted.au3
AD UDF version = 1.4.0
@AutoItVersion = 3.3.8.1
@AutoItX64 = 0
@Compiled = 0
@OSArch = X86
@OSVersion = WIN_7
Scriptline = 640
NumberHex = 80020009
Number = -2147352567
WinDescription =
Description = The directory property cannot be found in the cache.
Source = Active Directory
HelpFile =
HelpContext = 0
LastDllError = 0
========================================================
>Exit code: 0 Time: 13.300

Full Code

#NoTrayIcon
#include <AD.au3>
#include <Date.au3>

Global $aUsers, $sUsername, $sLogin, $sModified, $iLogin, $iModified, $sAttribute, $aResult
Global $iStaffDays = 180 ; days
Global $iStudentDays = 90 ; days

_AD_Open() ; open connection to AD
$aUsers = _AD_GetObjectsInOU("OU=Purgatory,DC=ad,DC=domain,DC=org", "(objectCategory=user)") ; read users in purgatory into an array
For $i = 1 to UBound($aUsers) - 1
    $sUsername = $aUsers[$i]
    $sModified = StringRegExpReplace(_AD_GetObjectAttribute($sUsername, "whenChanged"), "(\d{4})(\d{2})(\d{2}).+", "$1/$2/$3") ; convert YYYYMMDDHHMMSS into YYYY/MM/DD
    $iModified = _DateDiff("D", $sModified, _NowCalcDate()) ; compare dates
    $sAttribute = _AD_GetObjectAttribute($sUsername, "extensionAttribute2")
    If @error Or $sAttribute = "" Then ExitLoop
    If $sAttribute <> "student" Then
        If $iModified >= $iStudentDays Then ; if last modified is more than X days
            ConsoleWrite("> Deleting user " & $sUsername & @CR)
            _ArrayAdd($aResult, $sUsername)
        EndIf
    Else
        If $iModified >= $iStaffDays Then ; if last modified is more than X days
            ConsoleWrite("> Deleting user " & $sUsername & @CR)
            _ArrayAdd($aResult, $sUsername)
        EndIf
    EndIf
Next
_AD_Close() ; close connection to AD
_ArrayDisplay($aResult)

Sign In

Active Directory UDF - Help & Support (III)

Recommended Posts

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Similar Content