Jump to content
jp10558

Find out computer domain from local account

Recommended Posts

jp10558

So I'm writing a post install script for my Win7 boxes, and I log in as a local user the first time to do some things that only seem to work from within a user account. I want to check that the domain join succeeded or try it again, but the obvious @LogonDomain or @LogonDNSDomain only show if the account currently logged in is part of the domain - which it isn't. How can I check the domain name from a local user account? If I right click on Computer and go to Properties, it says "Domain" and shows the domain name "example.com"... I want to check "example.com" against a value, but I'm not sure how to pull that value?

Share this post


Link to post
Share on other sites
water

Does this script - generated by Scriptomatic - give you the needed information?

; Generated by AutoIt Scriptomatic

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = "localhost"

$Output=""
$Output = $Output & "Computer: " & $strComputer  & @CRLF
$Output = $Output & "==========================================" & @CRLF
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NTDomain", "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

If IsObj($colItems) then
   For $objItem In $colItems
      $Output = $Output & "Caption: " & $objItem.Caption & @CRLF
      $Output = $Output & "ClientSiteName: " & $objItem.ClientSiteName & @CRLF
      $Output = $Output & "CreationClassName: " & $objItem.CreationClassName & @CRLF
      $Output = $Output & "DcSiteName: " & $objItem.DcSiteName & @CRLF
      $Output = $Output & "Description: " & $objItem.Description & @CRLF
      $Output = $Output & "DnsForestName: " & $objItem.DnsForestName & @CRLF
      $Output = $Output & "DomainControllerAddress: " & $objItem.DomainControllerAddress & @CRLF
      $Output = $Output & "DomainControllerAddressType: " & $objItem.DomainControllerAddressType & @CRLF
      $Output = $Output & "DomainControllerName: " & $objItem.DomainControllerName & @CRLF
      $Output = $Output & "DomainGuid: " & $objItem.DomainGuid & @CRLF
      $Output = $Output & "DomainName: " & $objItem.DomainName & @CRLF
      $Output = $Output & "DSDirectoryServiceFlag: " & $objItem.DSDirectoryServiceFlag & @CRLF
      $Output = $Output & "DSDnsControllerFlag: " & $objItem.DSDnsControllerFlag & @CRLF
      $Output = $Output & "DSDnsDomainFlag: " & $objItem.DSDnsDomainFlag & @CRLF
      $Output = $Output & "DSDnsForestFlag: " & $objItem.DSDnsForestFlag & @CRLF
      $Output = $Output & "DSGlobalCatalogFlag: " & $objItem.DSGlobalCatalogFlag & @CRLF
      $Output = $Output & "DSKerberosDistributionCenterFlag: " & $objItem.DSKerberosDistributionCenterFlag & @CRLF
      $Output = $Output & "DSPrimaryDomainControllerFlag: " & $objItem.DSPrimaryDomainControllerFlag & @CRLF
      $Output = $Output & "DSTimeServiceFlag: " & $objItem.DSTimeServiceFlag & @CRLF
      $Output = $Output & "DSWritableFlag: " & $objItem.DSWritableFlag & @CRLF
      $Output = $Output & "InstallDate: " & WMIDateStringToDate($objItem.InstallDate) & @CRLF
      $Output = $Output & "Name: " & $objItem.Name & @CRLF
      $Output = $Output & "NameFormat: " & $objItem.NameFormat & @CRLF
      $Output = $Output & "PrimaryOwnerContact: " & $objItem.PrimaryOwnerContact & @CRLF
      $Output = $Output & "PrimaryOwnerName: " & $objItem.PrimaryOwnerName & @CRLF
      $strRoles = $objItem.Roles(0)
      $Output = $Output & "Roles: " & $strRoles & @CRLF
      $Output = $Output & "Status: " & $objItem.Status & @CRLF
      if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop
      $Output=""
   Next
Else
   Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_NTDomain" )
Endif

Func WMIDateStringToDate($dtmDate)

    Return (StringMid($dtmDate, 5, 2) & "/" & _
    StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _
    & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2))
EndFunc

 


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
jp10558

It does! Thanks!

Share this post


Link to post
Share on other sites
JLogan3o13

I guess I don't understand why @LogonDomain doesn't work for you? If you do something like this, it should give you the answer you're after:

MsgBox(0, "", (@LogonDomain = @ComputerName) ? "Domain Join Failed!" : "Domain Join Successful!")

 

Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
water

As long as you do not need to know the name of the domain your solution should work as well.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
jguinch

Also, you can use the WinAPI NetGetJoinInformation function :

Const Enum $NetSetupUnknownStatus = 0, $NetSetupUnjoined, $NetSetupWorkgroupName, $NetSetupDomainName

Local $sJoinType

Local $aNetGetJoinInformation = _WinAPI_NetGetJoinInformation()
Switch $aNetGetJoinInformation[0]
    Case $NetSetupUnknownStatus
        $sJoinType = "The status is unknown."
    Case $NetSetupUnjoined
        $sJoinType = "The computer is not joined."
    Case $NetSetupWorkgroupName
        $sJoinType = "The computer is joined to a workgroup : " & $aNetGetJoinInformation[1]
    Case $NetSetupDomainName
        $sJoinType = "The computer is joined to a domain : " & $aNetGetJoinInformation[1]
EndSwitch

MsgBox(0, "NetGetJoinInformation", $sJoinType)


; #FUNCTION# ====================================================================================================================
; Name ..........: _WinAPI_NetGetJoinInformation
; Description ...: Retrieves join status information for the specified computer.
; Syntax ........: _WinAPI_NetGetJoinInformation([$sComputerName = ""])
; Parameters ....: $sComputerName       - [optional] Computer name (default is the local computer)
; Return values .: Success : an array :
;                    - $array[0] = Join status of the specified compute (see remarks)
;                    - $array[1] = Name of the domain or workgroup to which the computer is joined
; Remarks .......: $array[0] can contain the following values :
;                   - $NetSetupUnknownStatus : The status is unknown.
;                   - $NetSetupUnjoined      : The computer is not joined.
;                   - $NetSetupWorkgroupName : The computer is joined to a workgroup.
;                   - $NetSetupDomainName    : The computer is joined to a domain.
; ===============================================================================================================================
Func _WinAPI_NetGetJoinInformation($sComputerName = "")
    Local $aRet = DllCall("Netapi32.dll", "int", "NetGetJoinInformation", "wstr", $sComputerName, "ptr*", "", "int*", 0)
    If @error Then Return SetError(@error, 0, 0)

    Local $pNameBuffer = $aRet[2]
    Local $tName = DllStructCreate("wchar[" & _BufferSize($pNameBuffer) &"]", $pNameBuffer)
    Local $sName = DllStructGetData($tName, 1)

    DllCall("netapi32.dll", "int", "NetApiBufferFree", "ptr", $pNameBuffer)

    Local $aReturn[2] = [ Int($aRet[3]), $sName ]
    Return $aReturn
EndFunc



Func _BufferSize($pBuffer)
    Local $aResult = DllCall("Netapi32.dll", "int", "NetApiBufferSize", "ptr", $pBuffer, "dword*", 0)

    If @error OR  $aResult[0] <> 0 Then Return SetError(@error, @extended, 0)
    Return $aResult[2]
EndFunc

 

Edited by jguinch

Share this post


Link to post
Share on other sites
water

Thanks for that. Might come in handy in the future :)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
orbs

although the WinAPI method beats, there is also the registry way:

Local $sDomain=RegRead('HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters','Domain')
If @error Then ConsoleWrite('Error: unable to get domain from registry' & @LF)
If $sDomain='' Then ConsoleWrite('not joined to a domain' & @LF)

 

Share this post


Link to post
Share on other sites
JLogan3o13

As long as you do not need to know the name of the domain your solution should work as well.

Agreed, I was taking it as a yes/no requirement only - did the domain join work or not. Perhaps the bigger question, however, is how the OP is doing his domain join. If he is doing that as part of the script, he should be checking the error at the point of calling the function rather than after a reboot.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • Blois
      By Blois
      Hey Guys,
      Good?
      I'm ned help to consult in other domain. My three domain contains any domains.
      How do I get this query done?
       
      Tks for the Help!
       
    • rudi
      By rudi
      Hello,
       
      from this posting of @Jos https://www.autoitscript.com/forum/topic/162005-getting-windows-users-account-type/?do=findComment&comment=1176831
      I can smoothly check, if a user is a *DIRECT* group member. Has anybody some code to check also, if a user is a *INDIRECT* member of a cascaded group construct?  Maybe with @Melba23 's AD UDF?
       
      The required rights are granted to group "Dept_B" User John is member of group "Dept_A" Group "Dept_A" is member of the group "Dept_B" So in the AD / NTFS FS environment John finally has the rights of both groups But when checking his "membership to group Dept_B" the result is "no member". The approach I can think of would be, to check all Group Members of group "Dept_B" whether they are of type group, then check again if "John" is member of than " 2nd level group"
      Func UserInGroup($InGroup,$ThisUser=@LogonDomain & "/" & @UserName) Local $objUser = ObjGet("WinNT://" & $ThisUser ) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 EndIf Next Return 0 EndFunc Any suggestions appreciated, regards, Rudi.
    • 31290
      By 31290
       
      Hi guys, 
      I'd like to write a piece of tool that would allow me to update a certain field in our Active Directory from a comma separated csv file composed like this:

      This file, automatically generated, can hold more than 10k lines.
      Thus, I need column A to be in one variable, column B in a second one and column C in a third one.
      I'm really missing this part as updating the AD is fairly easy once the 3 variable are populated. 
      I see things like this:
      Here's my attempts at the moment:
      #include <File.au3> #include <Array.au3> Global $csv_file = @DesktopDir & "\Book1.csv" Global $aRecords If Not _FileReadToArray($csv_file,$aRecords) Then MsgBox(4096,"Error", " Error reading log to Array error:" & @error) Exit EndIf For $x = 1 to $aRecords[0] Msgbox(0,'Record:' & $x, $aRecords[$x]) ; Shows the line that was read from file $csv_line_values = StringSplit($aRecords[$x], ",",1) ; Splits the line into 2 or more variables and puts them in an array ; _ArrayDisplay($csv_line_values) ; Shows what's in the array you just created. ; $csv_line_values[0] holds the number of elements in array ; $csv_line_values[1] holds the value ; $csv_line_values[2] holds the value ; etc Msgbox(0, 0, $csv_line_values[1]) Next Any help on this please? 
      Thanks in advance
      -31290-
    • water
      By water
      Should the AD UDF support the fine grained password policy available since Windows Server 2012?
      What do fine-grained password policies do?
      You can use fine-grained password policies to specify multiple password policies in a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain.
    • DavidLago
      By DavidLago
      Hello. 
      I have 5 DCs, and I need to create a scheduled task to run a script that will test the authentication time for each one of them, once every minute. (Then I'll use it within a log analyser to create graphics).
      I came up with a script using the great AD UDF (by water). First I tried using "for" and an array, but something was messing up the results, then I went for the dumb old fashioned way:
      #Include <ad.au3> #include <MsgBoxConstants.au3> Global $AdTestTime = "" Global $Timer1, $Timer2, $Timer3, $Timer4, $Timer5 = "" Global $sAD1 = "MYSERVER109" Global $sAD2 = "MYSERVER110" Global $sAD3 = "MYSERVER111" Global $sAD4 = "MYSERVER112" Global $sAD5 = "MYSERVER113" $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2 = Timerinit() _AD_Open("", "", $sAD2) _AD_Close() Local $fDiff2 = TimerDiff($Timer2) $Timer3 = Timerinit() _AD_Open("", "", $sAD3) _AD_Close() Local $fDiff3 = TimerDiff($Timer3) $Timer4 = Timerinit() _AD_Open("", "", $sAD4) _AD_Close() Local $fDiff4 = TimerDiff($Timer4) $Timer5 = Timerinit() _AD_Open("", "", $sAD5) _AD_Close() Local $fDiff5 = TimerDiff($Timer5) MsgBox(0,"", "MYSERVER109=" & $fDiff1) MsgBox(0,"", "MYSERVER110=" & $fDiff2) MsgBox(0,"", "MYSERVER111=" & $fDiff3) MsgBox(0,"", "MYSERVER112=" & $fDiff4) MsgBox(0,"", "MYSERVER113=" & $fDiff5) Still, something is off here. 
      The first AD to be tested is always the slowest one, by far, like 20 times slower. Then I started to suspect that the first one starts the "negotiation", and the following ones ride the gravy train.
      If I repeat the first code twice, All servers seem to have a similar result.
      $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2.... Am I right?
      Also, is there a better way to test the authentication time?
      Thanks for the help.
      - Dave
×