goss34

AD UDF - Check Multiple Domains

6 posts in this topic

Hi Guys,

Im having a bit of trouble with the AD UDF - I know its me and not the UDF but i thought i had this working well until i introduced a domain check before my function. It appears at that point my domain check is ignoring my commands and always going with the domain of the currently logged on user ut i dont know why. Here is my code:

#include <File.au3>
#include <MsgBoxConstants.au3>
#include <AD.au3>

Global $sFQDN_User, $Groups, $sUserIdParam, $sPasswordParam, $sDNSDomainParam, $sHostServerParam, $sConfigurationParam

FileWrite(@ScriptDir & "\TestGroups.txt", "SoftwareInstaller-All" & @CRLF)
FileWrite(@ScriptDir & "\TestGroups.txt", "SoftwareInstaller-ProfServ" & @CRLF)
FileWrite(@ScriptDir & "\TestGroups.txt", "SoftwareInstaller-Sales" & @CRLF)

DetectAD()

Func DetectAD()
    If @LogonDNSDomain = "Domain.one.two" Then
        ADCheckOT()
    ElseIf @LogonDNSDomain = "Domain.three" Then
        ADCheckT()
    EndIf
EndFunc

; Syntax.........: _AD_Open([$sUserIdParam = "", $sPasswordParam = ""[, $sDNSDomainParam = "", $sHostServerParam = "", $sConfigurationParam = ""[, $iSecurity = 0]]])

Func ADCheckOT()
            _AD_Open($sUserIdParam = "", $sPasswordParam = "", $sDNSDomainParam = "DC=domain,DC=one,DC=two", $sHostServerParam = "", $sConfigurationParam = "") ;Then

            ; Get the Fully Qualified Domain Name (FQDN) for the current user
            $sFQDN_User = _AD_SamAccountNameToFQDN()

            _FileReadToArray(@ScriptDir & "\TestGroups.txt", $Groups)

            For $i = 1 To $Groups[0]
                $sFQDN_Group = $Groups[$i]

            ; Check the group membership of the specified user for the specified group
            $iResult = _AD_IsMemberOf($sFQDN_Group, $sFQDN_User)
            Select
                Case $iResult = 1
                        If $sFQDN_Group = "SoftwareInstaller-All" Then
                    MsgBox(0,"","SoftwareInstaller-All")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-ProfServ" Then
                    MsgBox(0,"","SoftwareInstaller-ProfServ")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-Sales" Then
                    MsgBox(0,"","SoftwareInstaller-Sales")
                        EndIf
            EndSelect
            Next
            _AD_Close()
EndFunc


Func ADCheckT()
            _AD_Open($sUserIdParam = "", $sPasswordParam = "", $sDNSDomainParam = "DC=domain,DC=three", $sHostServerParam = "", $sConfigurationParam = "") ;Then

            ; Get the Fully Qualified Domain Name (FQDN) for the current user
            $sFQDN_User = _AD_SamAccountNameToFQDN()

            _FileReadToArray(@ScriptDir & "\TestGroups.txt", $Groups)

            For $i = 1 To $Groups[0]
                $sFQDN_Group = $Groups[$i]

            ; Check the group membership of the specified user for the specified group
            $iResult = _AD_IsMemberOf($sFQDN_Group, $sFQDN_User)
            Select
                Case $iResult = 1
                        If $sFQDN_Group = "SoftwareInstaller-All" Then
                    MsgBox(0,"","SoftwareInstaller-All")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-ProfServ" Then
                    MsgBox(0,"","SoftwareInstaller-ProfServ")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-Sales" Then
                    MsgBox(0,"","SoftwareInstaller-Sales")
                        EndIf
            EndSelect
            Next
            _AD_Close()
EndFunc

FileDelete(@ScriptDir & "\TestGroups.txt")

Im pretty sure i dont understand the syntax, I dont want to specify a username or password i just want to specify which domain to check as i should be able to query groups this without having to authenticate. 

The idea is that the script will check which domain they are on first, then connect to the correct domain to check group membership, if they are in 1 of the groups then another function will run - replaced with MsgBoxs for the reproducer.

Can someone point me in the right direction?

Thanks

Share this post


Link to post
Share on other sites



The syntax for _AD_Open is not being used correctly. Should be:

_AD_Open("", "", "DC=domain,DC=one,DC=two", "", "")

 


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Hi Water,

I was hoping you would reply, pretty sure i found the AD UDF on one of your posts.

I changed the syntax and now get this error on running my script :

"C:\Program Files (x86)\AutoIt3\Include\AD.au3" (464) : ==> Variable must be of type "Object".:
$__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(sAMAccountName=" & $sSamAccountName & ");distinguishedName;subtree"
$__oAD_Command^ ERROR

Pretty sure i got that before which is why i started experimenting by changing bits but havent been able to figure it out.

Any ideas?

Thanks

Share this post


Link to post
Share on other sites

When the third parameter is being set then parameter 4 and 5 need to be set as well.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Got it, thanks water.

I knew it was syntax related :>

Share this post


Link to post
Share on other sites

The AD article in the wiki (link can be found in my (hidden) signature) explains how to connect to other domains.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • VIP
      By VIP
      I can not do anything with any user in the "Local Users Group"
      I tried from my account but I could not change my password (ie set new password)!
      But I was able to activate the Administrator account and I logged into the Administrator account and still could not do anything with my account! But I can set the password and disable the Administrator account from my account or Administrator.
      Any ideas? (Ignore the click on the Sign-in option in the Change Accout settings.)
       

    • 31290
      By 31290
      Hi guys, 
      I'd like to write a piece of tool that would allow me to update a certain field in our Active Directory from a comma separated csv file composed like this:

      This file, automatically generated, can hold more than 10k lines.
      Thus, I need column A to be in one variable, column B in a second one and column C in a third one.
      I'm really missing this part as updating the AD is fairly easy once the 3 variable are populated. 
      I see things like this:
      Here's my attempts at the moment:
      #include <File.au3> #include <Array.au3> Global $csv_file = @DesktopDir & "\Book1.csv" Global $aRecords If Not _FileReadToArray($csv_file,$aRecords) Then MsgBox(4096,"Error", " Error reading log to Array error:" & @error) Exit EndIf For $x = 1 to $aRecords[0] Msgbox(0,'Record:' & $x, $aRecords[$x]) ; Shows the line that was read from file $csv_line_values = StringSplit($aRecords[$x], ",",1) ; Splits the line into 2 or more variables and puts them in an array ; _ArrayDisplay($csv_line_values) ; Shows what's in the array you just created. ; $csv_line_values[0] holds the number of elements in array ; $csv_line_values[1] holds the value ; $csv_line_values[2] holds the value ; etc Msgbox(0, 0, $csv_line_values[1]) Next Any help on this please? 
      Thanks in advance
      -31290-
    • FrancescoDiMuro
      By FrancescoDiMuro
      Good morning guys
      How are you? Hope you're fine
      I'm doing some field checking...
      Can you suggest me something? Something like: If the user doesn't prompt anything in a field, MsgBox and focus on the "blank" field, else, keep up with the script.
      I thought on a nested If...Else, but I have something like 10+ edit to control...
      Thanks guys! 
      EDIT:
      And I would like to know either how to retrieve all listview item ( 2 columns ) from a ListView...
      Column A|Column B
      abcd         | 1234
      bcda         | 1432
      How can I retrieve an array with abcd|1234|bcda|1432 ?
      Thanks  
       
    • water
      By water
      Should the AD UDF support the fine grained password policy available since Windows Server 2012?
      What do fine-grained password policies do?
      You can use fine-grained password policies to specify multiple password policies in a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain.
    • DavidLago
      By DavidLago
      Hello. 
      I have 5 DCs, and I need to create a scheduled task to run a script that will test the authentication time for each one of them, once every minute. (Then I'll use it within a log analyser to create graphics).
      I came up with a script using the great AD UDF (by water). First I tried using "for" and an array, but something was messing up the results, then I went for the dumb old fashioned way:
      #Include <ad.au3> #include <MsgBoxConstants.au3> Global $AdTestTime = "" Global $Timer1, $Timer2, $Timer3, $Timer4, $Timer5 = "" Global $sAD1 = "MYSERVER109" Global $sAD2 = "MYSERVER110" Global $sAD3 = "MYSERVER111" Global $sAD4 = "MYSERVER112" Global $sAD5 = "MYSERVER113" $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2 = Timerinit() _AD_Open("", "", $sAD2) _AD_Close() Local $fDiff2 = TimerDiff($Timer2) $Timer3 = Timerinit() _AD_Open("", "", $sAD3) _AD_Close() Local $fDiff3 = TimerDiff($Timer3) $Timer4 = Timerinit() _AD_Open("", "", $sAD4) _AD_Close() Local $fDiff4 = TimerDiff($Timer4) $Timer5 = Timerinit() _AD_Open("", "", $sAD5) _AD_Close() Local $fDiff5 = TimerDiff($Timer5) MsgBox(0,"", "MYSERVER109=" & $fDiff1) MsgBox(0,"", "MYSERVER110=" & $fDiff2) MsgBox(0,"", "MYSERVER111=" & $fDiff3) MsgBox(0,"", "MYSERVER112=" & $fDiff4) MsgBox(0,"", "MYSERVER113=" & $fDiff5) Still, something is off here. 
      The first AD to be tested is always the slowest one, by far, like 20 times slower. Then I started to suspect that the first one starts the "negotiation", and the following ones ride the gravy train.
      If I repeat the first code twice, All servers seem to have a similar result.
      $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2.... Am I right?
      Also, is there a better way to test the authentication time?
      Thanks for the help.
      - Dave