Jump to content
goss34

AD UDF - Check Multiple Domains

Recommended Posts

goss34

Hi Guys,

Im having a bit of trouble with the AD UDF - I know its me and not the UDF but i thought i had this working well until i introduced a domain check before my function. It appears at that point my domain check is ignoring my commands and always going with the domain of the currently logged on user ut i dont know why. Here is my code:

#include <File.au3>
#include <MsgBoxConstants.au3>
#include <AD.au3>

Global $sFQDN_User, $Groups, $sUserIdParam, $sPasswordParam, $sDNSDomainParam, $sHostServerParam, $sConfigurationParam

FileWrite(@ScriptDir & "\TestGroups.txt", "SoftwareInstaller-All" & @CRLF)
FileWrite(@ScriptDir & "\TestGroups.txt", "SoftwareInstaller-ProfServ" & @CRLF)
FileWrite(@ScriptDir & "\TestGroups.txt", "SoftwareInstaller-Sales" & @CRLF)

DetectAD()

Func DetectAD()
    If @LogonDNSDomain = "Domain.one.two" Then
        ADCheckOT()
    ElseIf @LogonDNSDomain = "Domain.three" Then
        ADCheckT()
    EndIf
EndFunc

; Syntax.........: _AD_Open([$sUserIdParam = "", $sPasswordParam = ""[, $sDNSDomainParam = "", $sHostServerParam = "", $sConfigurationParam = ""[, $iSecurity = 0]]])

Func ADCheckOT()
            _AD_Open($sUserIdParam = "", $sPasswordParam = "", $sDNSDomainParam = "DC=domain,DC=one,DC=two", $sHostServerParam = "", $sConfigurationParam = "") ;Then

            ; Get the Fully Qualified Domain Name (FQDN) for the current user
            $sFQDN_User = _AD_SamAccountNameToFQDN()

            _FileReadToArray(@ScriptDir & "\TestGroups.txt", $Groups)

            For $i = 1 To $Groups[0]
                $sFQDN_Group = $Groups[$i]

            ; Check the group membership of the specified user for the specified group
            $iResult = _AD_IsMemberOf($sFQDN_Group, $sFQDN_User)
            Select
                Case $iResult = 1
                        If $sFQDN_Group = "SoftwareInstaller-All" Then
                    MsgBox(0,"","SoftwareInstaller-All")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-ProfServ" Then
                    MsgBox(0,"","SoftwareInstaller-ProfServ")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-Sales" Then
                    MsgBox(0,"","SoftwareInstaller-Sales")
                        EndIf
            EndSelect
            Next
            _AD_Close()
EndFunc


Func ADCheckT()
            _AD_Open($sUserIdParam = "", $sPasswordParam = "", $sDNSDomainParam = "DC=domain,DC=three", $sHostServerParam = "", $sConfigurationParam = "") ;Then

            ; Get the Fully Qualified Domain Name (FQDN) for the current user
            $sFQDN_User = _AD_SamAccountNameToFQDN()

            _FileReadToArray(@ScriptDir & "\TestGroups.txt", $Groups)

            For $i = 1 To $Groups[0]
                $sFQDN_Group = $Groups[$i]

            ; Check the group membership of the specified user for the specified group
            $iResult = _AD_IsMemberOf($sFQDN_Group, $sFQDN_User)
            Select
                Case $iResult = 1
                        If $sFQDN_Group = "SoftwareInstaller-All" Then
                    MsgBox(0,"","SoftwareInstaller-All")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-ProfServ" Then
                    MsgBox(0,"","SoftwareInstaller-ProfServ")
                        ElseIf $sFQDN_Group = "SoftwareInstaller-Sales" Then
                    MsgBox(0,"","SoftwareInstaller-Sales")
                        EndIf
            EndSelect
            Next
            _AD_Close()
EndFunc

FileDelete(@ScriptDir & "\TestGroups.txt")

Im pretty sure i dont understand the syntax, I dont want to specify a username or password i just want to specify which domain to check as i should be able to query groups this without having to authenticate. 

The idea is that the script will check which domain they are on first, then connect to the correct domain to check group membership, if they are in 1 of the groups then another function will run - replaced with MsgBoxs for the reproducer.

Can someone point me in the right direction?

Thanks

Share this post


Link to post
Share on other sites
water

The syntax for _AD_Open is not being used correctly. Should be:

_AD_Open("", "", "DC=domain,DC=one,DC=two", "", "")

 


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
goss34

Hi Water,

I was hoping you would reply, pretty sure i found the AD UDF on one of your posts.

I changed the syntax and now get this error on running my script :

"C:\Program Files (x86)\AutoIt3\Include\AD.au3" (464) : ==> Variable must be of type "Object".:
$__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(sAMAccountName=" & $sSamAccountName & ");distinguishedName;subtree"
$__oAD_Command^ ERROR

Pretty sure i got that before which is why i started experimenting by changing bits but havent been able to figure it out.

Any ideas?

Thanks

Share this post


Link to post
Share on other sites
water

When the third parameter is being set then parameter 4 and 5 need to be set as well.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
goss34

Got it, thanks water.

I knew it was syntax related :>

Share this post


Link to post
Share on other sites
water

The AD article in the wiki (link can be found in my (hidden) signature) explains how to connect to other domains.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • Blois
      By Blois
      Hey Guys,
      Good?
      I'm ned help to consult in other domain. My three domain contains any domains.
      How do I get this query done?
       
      Tks for the Help!
       
    • rudi
      By rudi
      Hello,
       
      from this posting of @Jos https://www.autoitscript.com/forum/topic/162005-getting-windows-users-account-type/?do=findComment&comment=1176831
      I can smoothly check, if a user is a *DIRECT* group member. Has anybody some code to check also, if a user is a *INDIRECT* member of a cascaded group construct?  Maybe with @Melba23 's AD UDF?
       
      The required rights are granted to group "Dept_B" User John is member of group "Dept_A" Group "Dept_A" is member of the group "Dept_B" So in the AD / NTFS FS environment John finally has the rights of both groups But when checking his "membership to group Dept_B" the result is "no member". The approach I can think of would be, to check all Group Members of group "Dept_B" whether they are of type group, then check again if "John" is member of than " 2nd level group"
      Func UserInGroup($InGroup,$ThisUser=@LogonDomain & "/" & @UserName) Local $objUser = ObjGet("WinNT://" & $ThisUser ) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 EndIf Next Return 0 EndFunc Any suggestions appreciated, regards, Rudi.
    • Grasoft
      By Grasoft
      Hi every one,
      I wrote this code and I want both the edit boxes scroll vertically together.
      I used the form v scroll does not help.
      Then I grouped them together with  v scroll does not help.
      Then inserted radios along side the group also does not help.
      This is a sample code:
      #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> $TitleEdit = GUICreate("Title Editor", 1107, 691, 232, 75, BitOR($GUI_SS_DEFAULT_GUI,$WS_VSCROLL)) $Group1 = GUICtrlCreateGroup("Group1", 8, 40, 1081, 1500, BitOR($GUI_SS_DEFAULT_GROUP,$BS_CENTER,$BS_FLAT,$WS_TABSTOP,$WS_HSCROLL,$WS_VSCROLL,$WS_CLIPSIBLINGS)) GUIStartGroup() $Edit1 = GUICtrlCreateEdit("", 16, 56, 50, 1450) GUICtrlSetData(-1, StringFormat(" 1:\r\n 2:\r\n 3:\r\n 4:\r\n 5:\r\n 6:\r\n 7:\r\n 8:\r\n 9:\r\n10:\r\n11:\r\n12:\r\n13:\r\n14:\r\n15:\r\n16:\r\n17:\r\n18:\r\n19:\r\n20:\r\n21:\r\n22:\r\n23:\r\n24:\r\n25:\r\n26:\r\n27:\r\n28:\r\n29:\r\n30:\r\n31:\r\n32:\r\n33:\r\n34:\r\n35:\r\n36:\r\n37:\r\n38:\r\n39:\r\n40:\r\n41:\r\n42:\r\n43:\r\n44:\r\n45:\r\n46:\r\n47:\r\n48:\r\n49:\r\n50:\r\n51:\r\n52:\r\n53:\r\n54:\r\n55:\r\n56:\r\n57:\r\n58:\r\n59:\r\n60:\r\n61:\r\n62:\r\n63:\r\n64:\r\n65:\r\n66:\r\n67:\r\n68:\r\n69:\r\n70:")) GUICtrlSetFont(-1, 12, 800, 0, "MS Sans Serif") $Edit2 = GUICtrlCreateEdit("", 73, 56, 960, 1450) GUICtrlSetFont(-1, 12, 800, 0, "MS Sans Serif") $Radio0 = GUICtrlCreateRadio("1", 1040, 100, 20, 17) $Radio1 = GUICtrlCreateRadio("1", 1040, 208, 20, 17) $Radio2 = GUICtrlCreateRadio("2", 1040, 300, 20, 17) $Radio3 = GUICtrlCreateRadio("3", 1040, 400, 20, 17) $Radio4 = GUICtrlCreateRadio("4", 1040, 500, 20, 17) $Radio5 = GUICtrlCreateRadio("5", 1040, 600, 20, 17) $Radio6 = GUICtrlCreateRadio("6", 1040, 700, 20, 17) $Radio7 = GUICtrlCreateRadio("7", 1040, 800, 20, 17) $Radio8 = GUICtrlCreateRadio("8", 1040, 900, 20, 17) $Radio9 = GUICtrlCreateRadio("9", 1040, 1000, 20, 17) $Radio10 = GUICtrlCreateRadio("10", 1040, 1100, 20, 17) GUICtrlCreateGroup("", -99, -99, 1, 1) GUISetState(@SW_SHOW) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit EndSwitch WEnd Any help??
    • VIP
      By VIP
      I can not do anything with any user in the "Local Users Group"
      I tried from my account but I could not change my password (ie set new password)!
      But I was able to activate the Administrator account and I logged into the Administrator account and still could not do anything with my account! But I can set the password and disable the Administrator account from my account or Administrator.
      Any ideas? (Ignore the click on the Sign-in option in the Change Accout settings.)
       

×