Jump to content
Quantumation

[Resolved]How to sort _AD_GetUserGroups to import back into AD

Recommended Posts

Quantumation
#RequireAdmin
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <AD.au3>
#include <Array.au3>
#include <GuiButton.au3>
#include <String.au3>

#Region ### START Koda GUI section ### Form=
Global $Form1_1 = GUICreate("Get User Groups", 419, 501, -1, -1)
Global $Username = GUICtrlCreateInput("", 176, 80, 121, 21)
Global $Button1 = GUICtrlCreateButton("GetGroups", 24, 120, 75, 25)
Global $Groups = GUICtrlCreateEdit("", 24, 168, 369, 313, BitOR($ES_AUTOVSCROLL,$ES_AUTOHSCROLL,$ES_WANTRETURN,$WS_VSCROLL))
GUICtrlSetData(-1, "")
GUICtrlSetData(-1, "")
Global $Label2 = GUICtrlCreateLabel("Copy and paste the text below and add it to the onboarding ticket.", 80, 40, 318, 17)
Global $Cancel = GUICtrlCreateButton("Cancel", 312, 120, 75, 25)
Global $Disable = GUICtrlCreateButton("Copy", 120, 120, 75, 25)
Global $Expire = GUICtrlCreateButton("Expire", 216, 120, 75, 25)
Global $Unique = GUICtrlCreateLabel("Unique Username", 56, 80, 89, 25)
GUISetState(@SW_SHOW)
WinActivate($Form1_1)
_GUICtrlButton_Enable($Username)

#EndRegion ### END Koda GUI section ###

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        Case $Button1
            GroupArray()
        Case $Disable
            Copy()
        Case $Cancel
            Exit
    EndSwitch
WEnd

;~ Functions

Func GroupArray()
    _AD_Open()
    Global $Inputbox = GUICtrlRead($Username)
    If @error Then Exit MsgBox(16, "Active Directory", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)
    ; Get a sorted array of group names (FQDN) that the user is immediately a member of
    Global $aUser = _AD_GetUserGroups($Inputbox)
    If @error > 0 Then
        MsgBox(64, "Active Directory Function", "User '" & $Inputbox & "' has not been assigned to any group or cannot be found.")
    Else
        _ArraySort($aUser, 0, 1)
        $sString = _ArrayToString($aUser, "; ")
        Global $sorted = _StringBetween($sString, "CN=", ",")
        Global $Format = _ArrayToString($sorted, "; ")
        Guictrlsetdata($Groups, $Format)
    EndIf
    ; Close Connection to the Active Directory
    _AD_Close()
EndFunc   ;==>GroupArray

Func Copy()
    $copy = GUICtrlRead($groups)
    ClipPut($copy)
EndFunc

I've found this to be very useful but It only shows the names of the groups in FDQN format.

In order to import multiple groups back into AD The have to be formatted like so:

Domain users; Finance; Domain Admins;

This allows you to copy and paste that back into an AD account where you need add multiple groups to one user.

I've written something to clean it up a bit but i'm new to autoit. I just started like 2 weeks ago and i'm not sure how to sort info. The script i've written allows you to take the appropriate info out but it take a little too much info out. I'm using string between and I'd like to know if there is a way to extract info better from the array used in _AD_GetUserGroups

I've attached my script and GUI but it pulls too much info due to the _stringbetween function. I just need to know if there is a better way?

 

 

 

GetGroups.au3

Edited by Quantumation

Share this post


Link to post
Share on other sites
water

It takes some time but you could loop throught the array and run

$aSam = _AD_GetObjectAttribute($aUser[$i], "samaccountname")

for every entry to get the samaccountname of the group.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Quantumation

Thank you water for your quick reply but I found a solution that's a little quicker.

Func GroupArray()
    GUICtrlSetData($Groups, "")
    _AD_Open()
    Global $Inputbox = GUICtrlRead($Username)
    If @error Then Exit MsgBox(16, "Active Directory", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)
    ; Get a sorted array of group names (FQDN) that the user is immediately a member of
    Global $aUser = _AD_GetUserGroups($Inputbox)
    If @error > 0 Then
        MsgBox(64, "Active Directory Function", "User '" & $Inputbox & "' has not been assigned to any group or cannot be found.")
    Else
        _ArraySort($aUser, 0, 1)

; HERE IS WHERE I HAD TO FIX!!!!!!!!!!!!!!!!!!!!
        $sString = _ArrayToString($aUser, ";")
        Global $sorted = _StringBetween($sString, ";CN=", ",")
        Global $Format = _ArrayToString($sorted, "; ")
        GUICtrlSetData($Groups, $Format)
    EndIf
    ; Close Connection to the Active Directory
    _AD_Close()
EndFunc   ;==>GroupArray

When you do an _arraytostring you use  a Delimiter, you'll see that I used ";"

This separates each row with the semicolon so that each line starts with ";CN="

Then all if you edit the string between real quick to:

Global $sorted = _StringBetween($sString, ";CN=", ",")

That brings back every group name separated by the semicolon and a space so that you can copy it back into AD and every group will resolve.

This works because the first line in the original array tells you the amount of groups the user has instead of a group.

Hopefully this helps someone other than myself.

Share this post


Link to post
Share on other sites
water

Edit the first post and prefix the title with "[Closed]".
But maybe you need to have a minimum number of posts to do so (about 5 or 10). I'm not sure about that.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

:)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • Trinnon
      By Trinnon
      I have a question about the @error logging features in _AD_CreateUser.  Hopefully I am just missing something obvious.
      In my app I am creating a user if it does not exist then manipulating some attributes. 
      If the user does exist I would then call another function to remove groups from the user and modify some attributes.
      My question is...
      If the user already Exists, the _AD_CreateUser option gives $iValue = 0 and @error = 0.
      How can @error = 1 for the condition that the user already exists?
       
      I copied a small ship of the code in question along with my full .au3. 
      I am using AD UDF 1.4.9.0 (Water, thanks for the awesome work on this!!!).
      $iValue = _AD_CreateUser ($sOU, $sUser, $sCN)
      If $iValue = 1 Then
            _FileWriteLog ($Log, "Func UserCheck() - User '" & $sUser & "' successfully created ==> Calling UserAttribsNewUser Function.")
            Call ("NewUser")
      ElseIf @error = 1 Then
            _FileWriteLog ($Log, $sUser & " already exists ==> Calling UserAttribsExistingUser Function.")
            Call ("ExistingUser")
       
      AccountSettingConfigurations-Test1.au3
       
    • water
      By water
      Extensive library to control and manipulate Microsoft Active Directory.

      Threads: Development - General Help & Support - Example Scripts - Wiki
      Previous downloads: 30467
       
      Known Bugs: (last changed: 2018-06-01)
      None  
      Things to come: (last changed: 2018-06-01)
      None
      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
    • rudi
      By rudi
      Hello,
       
      from this posting of @Jos https://www.autoitscript.com/forum/topic/162005-getting-windows-users-account-type/?do=findComment&comment=1176831
      I can smoothly check, if a user is a *DIRECT* group member. Has anybody some code to check also, if a user is a *INDIRECT* member of a cascaded group construct?  Maybe with @Melba23 's AD UDF?
       
      The required rights are granted to group "Dept_B" User John is member of group "Dept_A" Group "Dept_A" is member of the group "Dept_B" So in the AD / NTFS FS environment John finally has the rights of both groups But when checking his "membership to group Dept_B" the result is "no member". The approach I can think of would be, to check all Group Members of group "Dept_B" whether they are of type group, then check again if "John" is member of than " 2nd level group"
      Func UserInGroup($InGroup,$ThisUser=@LogonDomain & "/" & @UserName) Local $objUser = ObjGet("WinNT://" & $ThisUser ) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 EndIf Next Return 0 EndFunc Any suggestions appreciated, regards, Rudi.
    • water
      By water
      ADAT is a tool to simplify common AD administration tasks. Every administration task has its own tab. It is easy to add new functions (tabs) to the tool. Some often used functions are already available: list users, computers, OUs. File ADAT.ini can be customized to hold the AD logon information if necessary.
      Known Bugs:
      2018-03-07: If the Script started from SciTE works but the "Process" button in the compiled exe does not do anything then please add the following line at the top of your script:
      #Au3Stripper_Ignore_Funcs=Process_Tab*
        BTW: If you like this tool please click the "I like this" button. This tells me where to next put my development effort
    • bouzzi
      By bouzzi
      Hi guys,
      I'm trying to make a script that could tell me, from a username list file,  if the username is active, inactive or not existant  in a multi-domain Active Directory....
      I found a few scripts giving me hints but I found nothing to help me to accomplish this task...
      Do you have any ideas !
      Thanks
      Bouzzi!
       
×