water

Active Directory UDF (II)

105 posts in this topic

As the Active Directory UDF thread has grown too big, I start a new one.
The original thread can be found here.

1 person likes this

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Sometimes when unlocking AD users, and only if they are locked out, I will get a error:

http://i.imgur.com/x0EPzwH.png

the function looks like this:

Func user_unlock()
        _AD_Open()
        Local $object1 = InputBox("Brugernavn", "Indtast brugernavn", "")
        if @error Then Exit

        Local $object = StringStripWS($object1, $STR_STRIPALL)

        $is_locked = _AD_IsObjectLocked($object)
        if $is_locked = 1 Then
        $is_locked = "Ja"
        Else
        $is_locked = "Nej"
        EndIf

        Local $displayname = _AD_GetObjectAttribute($object, "displayName")
        Local $ivalue = _ad_unlockobject($object)
        If $ivalue = 1 Then

        _FileWriteToLine($programfilesdir & "\RDTray\log.txt", 1, @MDAY & "-" & @MON & "-" & @YEAR & " - " & @HOUR & ":" & @min & ":" & @SEC & " : " & "Låst op: " & $object, 0)

        ClipPut($object)

            MsgBox(64 + 262144, "Låst op", "Brugeren er blevet låst op: " & $object & @CRLF & @CRLF & "Navn: " & $displayname & @CRLF & @CRLF & "Var          brugeren låst i forvejen: " & $is_locked)
        ElseIf @error = 1 Then
            MsgBox(64 + 262144, "info", "Bruger eksisterer ikke: " & $object,2)
            user_unlock()
        Else
            MsgBox(64 + 262144, "rettigheds problem", "Den bruger du er logget ind med, har ikke rettigheder til at låse brugeren op - Log ind på din admin konto",3)
        EndIf
        _AD_Close()
EndFunc

Can you see why i sometimes might get the error :)? It's not always, but only sometimes, and only if the account is locked out

Edited by legend

Share this post


Link to post
Share on other sites

This has to be somewhere in your script because the AD UDF only has about 4800 lines.

Use

_AD_ErrorNotify(3)

to write detailed error information into a log file.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

This has to be somewhere in your script because the AD UDF only has about 4800 lines.

Use

_AD_ErrorNotify(3)

to write detailed error information into a log file.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

The line number is because I have a lot of autoit includes,

I will try to put _AD_ErrorNotify(3, "C:\log.txt") under: Local $ivalue = _ad_unlockobject($object)

 

Thank's for your help water :) 

Share this post


Link to post
Share on other sites

Use

_AD_ErrorNotify(3, "C:\log.txt")
Local $ivalue = _AD_UnlockObject($object)

and make sure that you have write permission on the target directory.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
43 minutes ago, water said:

Use

_AD_ErrorNotify(3, "C:\log.txt")
Local $ivalue = _AD_UnlockObject($object)

and make sure that you have write permission on the target directory.

hmm i just tried that, i tried writing to a log file on the desktop, and I got a error just now, by unlocking a locked out account,

But it didn't write anything to the log file

Share this post


Link to post
Share on other sites

Which version of the AD UDF do you run?
Which version of AutoIt do you run?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

both the latest one, autoit: 3.3.14.2

and AD UDF: 1.4.6.0

(note: i'm always running the script as another user. We are logged in as users without administrators or domain administrator rights)

So when we need them, we use our admin accounts, can that give any problems regarding this issue :)?

Edited by legend

Share this post


Link to post
Share on other sites

There is no error checking in your script. You should always check @error after calling an AD function:

Func user_unlock()
        _AD_Open()
        If @error Then Exit MsgBox(0, "Error", "Error calling _AD_Open: @error = " & @error & ",  @extended = " & @extended)
        Local $object1 = InputBox("Brugernavn", "Indtast brugernavn", "")
        If @error Then Exit
        Local $object = StringStripWS($object1, $STR_STRIPALL)
        $is_locked = _AD_IsObjectLocked($object)
        If @error Then Exit MsgBox(0, "Error", "Error calling _AD_IsObjectLocked: @error = " & @error & ",  @extended = " & @extended)
        If $is_locked = 1 Then
            $is_locked = "Ja"
        Else
            $is_locked = "Nej"
        EndIf
        Local $displayname = _AD_GetObjectAttribute($object, "displayName")
        Local $ivalue = _AD_UnlockObject($object)
        If @error Then Exit MsgBox(0, "Error", "Error calling _AD_UnlockObject: @error = " & @error & ",  @extended = " & @extended)
        If $ivalue = 1 Then
        _FileWriteToLine($programfilesdir & "\RDTray\log.txt", 1, @MDAY & "-" & @MON & "-" & @YEAR & " - " & @HOUR & ":" & @min & ":" & @SEC & " : " & "Låst op: " & $object, 0)
        ClipPut($object)
        MsgBox(64 + 262144, "Låst op", "Brugeren er blevet låst op: " & $object & @CRLF & @CRLF & "Navn: " & $displayname & @CRLF & @CRLF & "Var          brugeren låst i forvejen: " & $is_locked)
        ElseIf @error = 1 Then
            MsgBox(64 + 262144, "info", "Bruger eksisterer ikke: " & $object,2)
            user_unlock()
        Else
            MsgBox(64 + 262144, "rettigheds problem", "Den bruger du er logget ind med, har ikke rettigheder til at låse brugeren op - Log ind på din admin konto",3)
        EndIf
        _AD_Close()
EndFunc

 


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Now I got an error when I tried to unlock a user object, 

Up3Q5ZI.png

 

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Looking at the _IsObjectLocked source, the only time it should return an error code that is not 1 or -1 is when the object is locked and $sResetLockoutTime >= $sNow (line 1802).
 

Edited by spudw2k

Share this post


Link to post
Share on other sites
9 hours ago, spudw2k said:

Looking at the _IsObjectLocked source, the only time it should return an error code that is not 1 or -1 is when the object is locked and $sResetLockoutTime >= $sNow (line 1802).
 

So it seems it's a problem with checking if the object is locked or not,

When I get the error: x0EPzwH.png

 

It will unlock the user object, no matter if the error above appears or not

Share this post


Link to post
Share on other sites

I'm still looking for what is causing the problem ^^ anyone got an idea what it can be? :)

Share this post


Link to post
Share on other sites

I'm on vacation right now. Will check after 3rd of January. 


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
1 hour ago, water said:

I'm on vacation right now. Will check after 3rd of January. 

Wishing you a nice holiday, enjoy good weather hopefully :)

Share this post


Link to post
Share on other sites

#17 ·  Posted

Hi Water :) 

Can you think of what my cause it, 

We use the unlock function everyday, but it's very often that it gives and error when the account is locked out.

From what I can see it only happens when checking if the object is locked or not: 

_AD_IsObjectLocked

I will try to remove _AD-IsObjectLocked and simply use _AD_UnlockObject, to see if the problem dissapears, however it would be nice to see

if the user object was locked or not when unlocking it :) 

 

Share this post


Link to post
Share on other sites

#18 ·  Posted

Do you use the AD fine grained password policy?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#19 ·  Posted

18 hours ago, water said:

Do you use the AD fine grained password policy?

Yeah, i am :) but how should  that impact checking if it's locked or not? 

Share this post


Link to post
Share on other sites

#20 ·  Posted

_AD_IsObjectLocked retrieves the LockoutTime from AD. Then it uses function _AD_GetPasswordInfo to retrieve the Lockout Duration to calculate the time when the object gets unlocked again.
The AD UDF does not support fine grained password policy - which means that this causes the current problem.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now