Jump to content
goss34

AD UDF - Check Multiple Domains

Recommended Posts

goss34

Hi Guys,

Im having a bit of trouble with the AD UDF - I know its me and not the UDF but i thought i had this working well until i introduced a domain check before my function. It appears at that point my domain check is ignoring my commands and always going with the domain of the currently logged on user ut i dont know why. Here is my code:

#include <File.au3>
#include <MsgBoxConstants.au3>
#include <AD.au3>

Global $sFQDN_User, $Groups, $sUserIdParam, $sPasswordParam, $sDNSDomainParam, $sHostServerParam, $sConfigurationParam

FileWrite(@ScriptDir & "\TestGroups.txt", "SoftwareInstaller-All" & @CRLF)
FileWrite(@ScriptDir & "\TestGroups.txt", "SoftwareInstaller-ProfServ" & @CRLF)
FileWrite(@ScriptDir & "\TestGroups.txt", "SoftwareInstaller-Sales" & @CRLF)

DetectAD()

Func DetectAD()
    If @LogonDNSDomain = "Domain.one.two" Then
        ADCheckOT()
    ElseIf @LogonDNSDomain = "Domain.three" Then
        ADCheckT()
    EndIf
EndFunc

; Syntax.........: _AD_Open([$sUserIdParam = "", $sPasswordParam = ""[, $sDNSDomainParam = "", $sHostServerParam = "", $sConfigurationParam = ""[, $iSecurity = 0]]])

Func ADCheckOT()
            _AD_Open($sUserIdParam = "", $sPasswordParam = "", $sDNSDomainParam = "DC=domain,DC=one,DC=two", $sHostServerParam = "", $sConfigurationParam = "") ;Then

            ; Get the Fully Qualified Domain Name (FQDN) for the current user
            $sFQDN_User = _AD_SamAccountNameToFQDN()

            _FileReadToArray(@ScriptDir & "\TestGroups.txt", $Groups)

            For $i = 1 To $Groups[0]
                $sFQDN_Group = $Groups[$i]

            ; Check the group membership of the specified user for the specified group
            $iResult = _AD_IsMemberOf($sFQDN_Group, $sFQDN_User)
            Select
                Case $iResult = 1
                        If $sFQDN_Group = "SoftwareInstaller-All" Then
                    MsgBox(0,"","SoftwareInstaller-All")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-ProfServ" Then
                    MsgBox(0,"","SoftwareInstaller-ProfServ")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-Sales" Then
                    MsgBox(0,"","SoftwareInstaller-Sales")
                        EndIf
            EndSelect
            Next
            _AD_Close()
EndFunc


Func ADCheckT()
            _AD_Open($sUserIdParam = "", $sPasswordParam = "", $sDNSDomainParam = "DC=domain,DC=three", $sHostServerParam = "", $sConfigurationParam = "") ;Then

            ; Get the Fully Qualified Domain Name (FQDN) for the current user
            $sFQDN_User = _AD_SamAccountNameToFQDN()

            _FileReadToArray(@ScriptDir & "\TestGroups.txt", $Groups)

            For $i = 1 To $Groups[0]
                $sFQDN_Group = $Groups[$i]

            ; Check the group membership of the specified user for the specified group
            $iResult = _AD_IsMemberOf($sFQDN_Group, $sFQDN_User)
            Select
                Case $iResult = 1
                        If $sFQDN_Group = "SoftwareInstaller-All" Then
                    MsgBox(0,"","SoftwareInstaller-All")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-ProfServ" Then
                    MsgBox(0,"","SoftwareInstaller-ProfServ")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-Sales" Then
                    MsgBox(0,"","SoftwareInstaller-Sales")
                        EndIf
            EndSelect
            Next
            _AD_Close()
EndFunc

FileDelete(@ScriptDir & "\TestGroups.txt")

Im pretty sure i dont understand the syntax, I dont want to specify a username or password i just want to specify which domain to check as i should be able to query groups this without having to authenticate. 

The idea is that the script will check which domain they are on first, then connect to the correct domain to check group membership, if they are in 1 of the groups then another function will run - replaced with MsgBoxs for the reproducer.

Can someone point me in the right direction?

Thanks

Share this post


Link to post
Share on other sites
water

The syntax for _AD_Open is not being used correctly. Should be:

_AD_Open("", "", "DC=domain,DC=one,DC=two", "", "")

 


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
goss34

Hi Water,

I was hoping you would reply, pretty sure i found the AD UDF on one of your posts.

I changed the syntax and now get this error on running my script :

"C:\Program Files (x86)\AutoIt3\Include\AD.au3" (464) : ==> Variable must be of type "Object".:
$__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(sAMAccountName=" & $sSamAccountName & ");distinguishedName;subtree"
$__oAD_Command^ ERROR

Pretty sure i got that before which is why i started experimenting by changing bits but havent been able to figure it out.

Any ideas?

Thanks

Share this post


Link to post
Share on other sites
water

When the third parameter is being set then parameter 4 and 5 need to be set as well.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
goss34

Got it, thanks water.

I knew it was syntax related :>

Share this post


Link to post
Share on other sites
water

The AD article in the wiki (link can be found in my (hidden) signature) explains how to connect to other domains.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • Grasoft
      By Grasoft
      Hi every one,
      I wrote this code and I want both the edit boxes scroll vertically together.
      I used the form v scroll does not help.
      Then I grouped them together with  v scroll does not help.
      Then inserted radios along side the group also does not help.
      This is a sample code:
      #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> $TitleEdit = GUICreate("Title Editor", 1107, 691, 232, 75, BitOR($GUI_SS_DEFAULT_GUI,$WS_VSCROLL)) $Group1 = GUICtrlCreateGroup("Group1", 8, 40, 1081, 1500, BitOR($GUI_SS_DEFAULT_GROUP,$BS_CENTER,$BS_FLAT,$WS_TABSTOP,$WS_HSCROLL,$WS_VSCROLL,$WS_CLIPSIBLINGS)) GUIStartGroup() $Edit1 = GUICtrlCreateEdit("", 16, 56, 50, 1450) GUICtrlSetData(-1, StringFormat(" 1:\r\n 2:\r\n 3:\r\n 4:\r\n 5:\r\n 6:\r\n 7:\r\n 8:\r\n 9:\r\n10:\r\n11:\r\n12:\r\n13:\r\n14:\r\n15:\r\n16:\r\n17:\r\n18:\r\n19:\r\n20:\r\n21:\r\n22:\r\n23:\r\n24:\r\n25:\r\n26:\r\n27:\r\n28:\r\n29:\r\n30:\r\n31:\r\n32:\r\n33:\r\n34:\r\n35:\r\n36:\r\n37:\r\n38:\r\n39:\r\n40:\r\n41:\r\n42:\r\n43:\r\n44:\r\n45:\r\n46:\r\n47:\r\n48:\r\n49:\r\n50:\r\n51:\r\n52:\r\n53:\r\n54:\r\n55:\r\n56:\r\n57:\r\n58:\r\n59:\r\n60:\r\n61:\r\n62:\r\n63:\r\n64:\r\n65:\r\n66:\r\n67:\r\n68:\r\n69:\r\n70:")) GUICtrlSetFont(-1, 12, 800, 0, "MS Sans Serif") $Edit2 = GUICtrlCreateEdit("", 73, 56, 960, 1450) GUICtrlSetFont(-1, 12, 800, 0, "MS Sans Serif") $Radio0 = GUICtrlCreateRadio("1", 1040, 100, 20, 17) $Radio1 = GUICtrlCreateRadio("1", 1040, 208, 20, 17) $Radio2 = GUICtrlCreateRadio("2", 1040, 300, 20, 17) $Radio3 = GUICtrlCreateRadio("3", 1040, 400, 20, 17) $Radio4 = GUICtrlCreateRadio("4", 1040, 500, 20, 17) $Radio5 = GUICtrlCreateRadio("5", 1040, 600, 20, 17) $Radio6 = GUICtrlCreateRadio("6", 1040, 700, 20, 17) $Radio7 = GUICtrlCreateRadio("7", 1040, 800, 20, 17) $Radio8 = GUICtrlCreateRadio("8", 1040, 900, 20, 17) $Radio9 = GUICtrlCreateRadio("9", 1040, 1000, 20, 17) $Radio10 = GUICtrlCreateRadio("10", 1040, 1100, 20, 17) GUICtrlCreateGroup("", -99, -99, 1, 1) GUISetState(@SW_SHOW) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit EndSwitch WEnd Any help??
    • VIP
      By VIP
      I can not do anything with any user in the "Local Users Group"
      I tried from my account but I could not change my password (ie set new password)!
      But I was able to activate the Administrator account and I logged into the Administrator account and still could not do anything with my account! But I can set the password and disable the Administrator account from my account or Administrator.
      Any ideas? (Ignore the click on the Sign-in option in the Change Accout settings.)
       

    • 31290
      By 31290
       
      Hi guys, 
      I'd like to write a piece of tool that would allow me to update a certain field in our Active Directory from a comma separated csv file composed like this:

      This file, automatically generated, can hold more than 10k lines.
      Thus, I need column A to be in one variable, column B in a second one and column C in a third one.
      I'm really missing this part as updating the AD is fairly easy once the 3 variable are populated. 
      I see things like this:
      Here's my attempts at the moment:
      #include <File.au3> #include <Array.au3> Global $csv_file = @DesktopDir & "\Book1.csv" Global $aRecords If Not _FileReadToArray($csv_file,$aRecords) Then MsgBox(4096,"Error", " Error reading log to Array error:" & @error) Exit EndIf For $x = 1 to $aRecords[0] Msgbox(0,'Record:' & $x, $aRecords[$x]) ; Shows the line that was read from file $csv_line_values = StringSplit($aRecords[$x], ",",1) ; Splits the line into 2 or more variables and puts them in an array ; _ArrayDisplay($csv_line_values) ; Shows what's in the array you just created. ; $csv_line_values[0] holds the number of elements in array ; $csv_line_values[1] holds the value ; $csv_line_values[2] holds the value ; etc Msgbox(0, 0, $csv_line_values[1]) Next Any help on this please? 
      Thanks in advance
      -31290-
    • FrancescoDiMuro
      By FrancescoDiMuro
      Good morning guys
      How are you? Hope you're fine
      I'm doing some field checking...
      Can you suggest me something? Something like: If the user doesn't prompt anything in a field, MsgBox and focus on the "blank" field, else, keep up with the script.
      I thought on a nested If...Else, but I have something like 10+ edit to control...
      Thanks guys! 
      EDIT:
      And I would like to know either how to retrieve all listview item ( 2 columns ) from a ListView...
      Column A|Column B
      abcd         | 1234
      bcda         | 1432
      How can I retrieve an array with abcd|1234|bcda|1432 ?
      Thanks  
       
    • water
      By water
      Should the AD UDF support the fine grained password policy available since Windows Server 2012?
      What do fine-grained password policies do?
      You can use fine-grained password policies to specify multiple password policies in a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain.
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.