Jump to content

Active Directory UDF (II)


water
 Share

Recommended Posts

water,

thank you for your reply and your patience :sweating:

I'm not experiencing "You get @error = 2 in case number 2?" ...

Case 1: All good.
Case 2: Fallback, pick $aPwdInfo[9], resulting in @extended = 8.  All good.
Case X (in case _AD_GetObjectProperties failed): Fallback, pick $aPwdInfo[9], resulting in @extended = 16 (or vice versa).

I mean, why should this function error out if there is a userful fallback by returning [9] for both cases? Yes, MSDS-UserPasswordExpiryTimeComputed is more precise, of course - but [9] is in many cases good enough. instead of erroring out. Therefore, to avoid @error = 2 this case should be handled by another @extended code.

If an error, is an error, is an error... Accordingly should always erroring out - without exception! That's what you mean?

Edited by supersonic
Link to comment
Share on other sites

Thanks for your reply!

D'accord! Will implement your @extended = 16 solution.
 

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

New version of the function. Does this meet your requirements?

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_GetPasswordInfo
; Description ...: Returns password information retrieved from the domain policy and the specified user or computer account.
; Syntax.........: _AD_GetPasswordInfo([$sSamAccountName = @UserName])
; Parameters ....: $sObject - Optional: User or computer account to get password info for (default = @UserName). Format is sAMAccountName or FQDN
; Return values .: Success - Returns a one-based array with the following information:
;                  |1 - Maximum Password Age (days)
;                  |2 - Minimum Password Age (days)
;                  |3 - Enforce Password History (# of passwords remembered)
;                  |4 - Minimum Password Length
;                  |5 - Account Lockout Duration (minutes). 0 means the account has to be unlocked manually by an administrator
;                  |6 - Account Lockout Threshold (invalid logon attempts)
;                  |7 - Reset account lockout counter after (minutes)
;                  |8 - Password last changed (YYYY/MM/DD HH:MM:SS in local time of the calling user) or "1601/01/01 00:00:00" (means "Password has never been set")
;                  |9 - Password expires (YYYY/MM/DD HH:MM:SS in local time of the calling user) or empty when password has not been set before or never expires
;                  |10 - Password last changed (YYYY/MM/DD HH:MM:SS in UTC) or "1601/01/01 00:00:00" (means "Password has never been set")
;                  |11 - Password expires (YYYY/MM/DD HH:MM:SS in UTC) or empty when password has not been set before or never expires
;                  |12 - Password properties. Part of Domain Policy. A bit field to indicate complexity / storage restrictions
;                  |      1 - DOMAIN_PASSWORD_COMPLEX
;                  |      2 - DOMAIN_PASSWORD_NO_ANON_CHANGE
;                  |      4 - DOMAIN_PASSWORD_NO_CLEAR_CHANGE
;                  |      8 - DOMAIN_LOCKOUT_ADMINS
;                  |     16 - DOMAIN_PASSWORD_STORE_CLEARTEXT
;                  |     32 - DOMAIN_REFUSE_PASSWORD_CHANGE
;                  |13 - Calculated password expiration date/time. Identical with element 9 of this array.
;                  |     Returns a value even when fine grained password policy is in use; which means that most of the other elements of this array are blank or 0.
;                  |     This is a Virtual Attribute (aka "Pseudo Attribute", "Constructed Attribute" or "Back-link") where the value is calculated by the LDAP Server Implementation and is not actually part of the LDAP Entry.
;                  Failure - "", sets @error to:
;                  |1 - $sObject not found
;                  Warning - Returns a one-based array (see Success), sets @extended to one of the following values (can be a combination of the following values e.g. 3 = 1 (Password does not expire) + 2 (Password has never been set)
;                  |1 - Password does not expire (User Access Control - UAC - is set)
;                  |2 - Password has never been set
;                  |4 - The Maximum Password Age is set to 0 in the domain. Therefore, the password does not expire
;                  |8 - The version of the accessed DC (needs to be >= 2008) does not support property MSDS-UserPasswordExpiryTimeComputed. Element 13 of the returned array is set to element 9.
;                  |16 - Function _AD_GetObjectProperties returned an error when querying property MSDS-UserPasswordExpiryTimeComputed. The error is ignored and element 13 of the returned array is set to element 9.
; Author ........: water
; Modified.......:
; Remarks .......: For details about password properties please check: http://msdn.microsoft.com/en-us/library/aa375371(v=vs.85).aspx
; Related .......: _AD_IsPasswordExpired, _AD_GetPasswordExpired, _AD_GetPasswordDontExpire, _AD_SetPassword, _AD_DisablePasswordExpire, _AD_EnablePasswordExpire, _AD_EnablePasswordChange,  _AD_DisablePasswordChange
; Link ..........: http://www.autoitscript.com/forum/index.php?showtopic=86247&view=findpost&p=619073, http://windowsitpro.com/article/articleid/81412/jsi-tip-8294-how-can-i-return-the-domain-password-policy-attributes.html
; Example .......: Yes
; ===============================================================================================================================
Func _AD_GetPasswordInfo($sObject = @UserName)

    If $sObject = Default Then $sObject = @UserName
    If _AD_ObjectExists($sObject) = 0 Then Return SetError(1, 0, "")
    If StringMid($sObject, 3, 1) <> "=" Then $sObject = _AD_SamAccountNameToFQDN($sObject) ; sAMAccountName provided
    Local $iExtended = 0, $aPwdInfo[14] = [13], $oObject, $oUser, $sPwdLastChanged, $iUAC, $aTemp
    $oObject = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain)
    $aPwdInfo[1] = Int(__AD_Int8ToSec($oObject.Get("maxPwdAge"))) / 86400 ; Convert to Days
    $aPwdInfo[2] = __AD_Int8ToSec($oObject.Get("minPwdAge")) / 86400 ; Convert to Days
    $aPwdInfo[3] = $oObject.Get("pwdHistoryLength")
    $aPwdInfo[4] = $oObject.Get("minPwdLength")
    ; Account lockout duration: http://msdn.microsoft.com/en-us/library/ms813429.aspx
    ; http://www.autoitscript.com/forum/topic/158419-active-directory-udf-help-support-iii/page-5#entry1173322
    $aPwdInfo[5] = __AD_Int8ToSec($oObject.Get("lockoutDuration")) / 60 ; Convert to Minutes
    If $aPwdInfo[5] < 0 Or $aPwdInfo[5] > 99999 Then $aPwdInfo[5] = 0
    $aPwdInfo[6] = $oObject.Get("lockoutThreshold")
    $aPwdInfo[7] = __AD_Int8ToSec($oObject.Get("lockoutObservationWindow")) / 60 ; Convert to Minutes
    $oUser = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sObject)
    $sPwdLastChanged = $oUser.Get("PwdLastSet")
    $iUAC = $oUser.userAccountControl
    ; Has user account password been changed before?
    If $sPwdLastChanged.LowPart = 0 And $sPwdLastChanged.HighPart = 0 Then
        $iExtended = BitOR($iExtended, 2)
        $aPwdInfo[8] = "1601/01/01 00:00:00"
        $aPwdInfo[10] = "1601/01/01 00:00:00"
    Else
        Local $sTemp = DllStructCreate("dword low;dword high")
        DllStructSetData($sTemp, "Low", $sPwdLastChanged.LowPart)
        DllStructSetData($sTemp, "High", $sPwdLastChanged.HighPart)
        ; Have to convert to SystemTime because _Date_Time_FileTimeToStr has a bug (#1638)
        Local $sTemp2 = _Date_Time_FileTimeToSystemTime(DllStructGetPtr($sTemp))
        $aPwdInfo[10] = _Date_Time_SystemTimeToDateTimeStr($sTemp2, 1)
        ; Convert PwdlastSet from UTC to Local Time
        $sTemp2 = _Date_Time_SystemTimeToTzSpecificLocalTime(DllStructGetPtr($sTemp2))
        $aPwdInfo[8] = _Date_Time_SystemTimeToDateTimeStr($sTemp2, 1)
        ; Is user account password set to expire?
        If BitAND($iUAC, $ADS_UF_DONT_EXPIRE_PASSWD) = $ADS_UF_DONT_EXPIRE_PASSWD Or $aPwdInfo[1] = 0 Then
            If BitAND($iUAC, $ADS_UF_DONT_EXPIRE_PASSWD) = $ADS_UF_DONT_EXPIRE_PASSWD Then $iExtended = BitOR($iExtended, 1)
            If $aPwdInfo[1] = 0 Then $iExtended = BitOR($iExtended, 4) ; The Maximum Password Age is set to 0 in the domain. Therefore, the password does not expire
        Else
            $aPwdInfo[11] = _DateAdd("d", $aPwdInfo[1], $aPwdInfo[10])
            $sTemp2 = _Date_Time_EncodeSystemTime(StringMid($aPwdInfo[11], 6, 2), StringMid($aPwdInfo[11], 9, 2), StringMid($aPwdInfo[11], 1, 4), StringMid($aPwdInfo[11], 12, 2), StringMid($aPwdInfo[11], 15, 2), StringMid($aPwdInfo[11], 18, 2))
            ; Convert PasswordExpires from UTC to Local Time
            $sTemp2 = _Date_Time_SystemTimeToTzSpecificLocalTime(DllStructGetPtr($sTemp2))
            $aPwdInfo[9] = _Date_Time_SystemTimeToDateTimeStr($sTemp2, 1)
        EndIf
    EndIf
    $aPwdInfo[12] = $oObject.Get("pwdProperties")
    $aTemp = _AD_GetObjectProperties($sObject, "MSDS-UserPasswordExpiryTimeComputed")
    If @error = 0 Then
        If UBound($aTemp, 1) > 1 Then
            $aPwdInfo[13] = $aTemp[1][1]
        Else ; Required if DC version < 2008.
            $aPwdInfo[13] = $aPwdInfo[9]
            $iExtended = BitOR($iExtended, 8)
        EndIf
    Else
        $aPwdInfo[13] = $aPwdInfo[9]
        $iExtended = BitOR($iExtended, 16)
    EndIf
    Return SetError(0, $iExtended, $aPwdInfo)

EndFunc   ;==>_AD_GetPasswordInfo

 

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Happy xmas!

water,

thank you - I really appreciate it. A slight final modification/suggestion:

; ...
$aPwdInfo[13] = $aPwdInfo[9] ; Default/fallback/standard.
$aTemp = _AD_GetObjectProperties($sObject, "MSDS-UserPasswordExpiryTimeComputed")
If @error = 0 Then
    If UBound($aTemp, 1) > 1 Then
        $aPwdInfo[13] = $aTemp[1][1]
    Else ; Required if DC version < 2008.
        $iExtended = BitOR($iExtended, 16)
    EndIf
Else
    $iExtended = BitOR($iExtended, 8)
EndIf
; ...

Only in case DC >= 2008 the line "$aPwdInfo[13] = $aTemp[1][1]" will be executed - otherwise always "[13] = [9]". Therefore I would rearrange it and @extended will be added up if needed. Finally - just my favor - I would swap @extended 8/16 because @error strikes first. Finally it's up to you - I'm already happy how it is now. :)

Edited by supersonic
Link to comment
Share on other sites

  • 2 months later...

I've been using  your Active Directory UDF for several years now in a script I have written to automatically gather information on a computer's user and the computer hardware and software for use when calling our helpdesk. The information it gathers is very complete. I just have one question that has recently been asked by my manager:

When the script is run when the computer is not connected to our domain, it takes at least 20 seconds to determine that it is not connected before continuing. All data gathered from Active Directory is set to "Not connected to domain" when the computer is not connected. However, when run a second time when not connected to the domain, it seems to take only a second or two. In addition to this, when the user connects to our domain using VPN, it takes only a second or two to gather the Active Directory data; however, when run after disconnecting from VPN it repeats the same behavior demonstrated before connecting to VPN: first run about 20 seconds, subsequent runs only a second or two.

Is there some kind of information left by the AD UDF that it is accessing after that? Or is that typical behavior for Windows?

The script is being tested on a Lenovo Yoga X380 with Windows 10.

Who lied and told you life would EVER be fair?

Link to comment
Share on other sites

Never had or have heard of this kind of problem. But I have never tested how the UDF acts if a computer is not connected to a domain.
Maybe it is a global connection setting. According to the MS docu the default to wait for a connection is 15 seconds: https://docs.microsoft.com/en-us/sql/ado/reference/ado-api/connectiontimeout-property-ado?view=sql-server-2017

If a connection is established then it remains open for some time to make execution of commands as fast as possible.

The best way to check if a computer is connected to a domain is to check the AutoIt macro @LogonDomain for a valid domain name. IIRC it is set to the name of the PC if there is no connection to a DC.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Glad to be of service :)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

  • 1 month later...

Hi water,

first of all, you did a really great job with your udf for the Active Directory. Top!!!
I use it in several smaller utilities like an AD-Monitoring/Backup Tool for example.

Actually I'm working - based on your adcu & adcg comparing applications - on a tool which will act a little like the good ol' Norton Commander, but for the AD.
On one side I have one user oder group and on the oder side the second user or group. There I can use the comparision functions and - so my oppinion - the possibility of copying and removing.
In principle, that works, but I have no function in ad.au3 to add groups to other groups. Can you think of a workaround?

Thanks in advance,
Guido

adc_nc.jpg

Link to comment
Share on other sites

_AD_AddUserToGroup should do the trick, I think (can't test at the moment).
The function name and th docu is a bit misleading.
If it works for you I will update the documentation.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

In fact, it works with the function _AD_AddUserToGroup.The problem lies in the combination of the various selected objects, a few of which I still have to intercept, such as user objects on both sides.
Attached is the source code. There are some changes compared to the original adcg.au3 included, especially in the area of ini-file, authorization and maximize functionality. Maybe you find the idea of the ad-commander useful.

 

ADC.au3 ADC.ini

Edited by guidok
Updated code with comments & changes
Link to comment
Share on other sites

Thanks!
Have updated the documentation accordingly.
The misleading function names are inherited from the original ADFunctions UDF written by Jonathan Clelland.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

  • 4 weeks later...

water,

I have an issue using _AD_RenameObject() with FDQN containing special characters. This doesn't work (at least for me):

_AD_RenameObject("CN=geb./test,OU=Users,OU=Computers_W7,OU=GEB,OU=DE,DC=sub01,DC=domain,DC=local", "geb.test")

This will do:

_AD_RenameObject(_AD_FQDNToSamAccountName("CN=geb./test,OU=Users,OU=Computers_W7,OU=GEB,OU=DE,DC=sub01,DC=domain,DC=local"), "geb.test")

Escaping "/" ("CN=geb.\/test,...") won't do any better...

Any other idea to avoid using _AD_FQDNToSamAccountName in this case?

Link to comment
Share on other sites

Sure. Use funcction _AD_FixSpecialChars to escape/unescape those special characters. That's what _AD_FQDNToSamAccountName does under the covers.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Thanks for the reply -

No luck :(

This works:

_AD_FQDNToSamAccountName("CN=geb./test,OU=Users,OU=Computers_W7,OU=GEB,OU=DE,DC=sub01,DC=domain,DC=local")
; Result   "geb.test"   = correct.

_AD_FixSpecialChars("CN=geb./test,OU=Users,OU=Computers_W7,OU=GEB,OU=DE,DC=sub01,DC=domain,DC=local") ; ->
; Result   "CN\=geb.\/test\,OU\=Users\,OU\=Computers_W7\,OU\=GEB\,OU\=DE\,DC\=sub01\,DC\=domain\,DC\=local"   .

Does'nt work:

_AD_RenameObject(_AD_FixSpecialChars("CN=geb./test,OU=Users,OU=Computers_W7,OU=GEB,OU=DE,DC=sub01,DC=domain,DC=local"), "geb.test")


_AD_RenameObject("CN=geb.\/test,OU=Users,OU=Computers_W7,OU=GEB,OU=DE,DC=sub01,DC=domain,DC=local", "geb.test")


_AD_RenameObject("CN\=geb.\/test\,OU\=Users\,OU\=Computers_W7\,OU\=GEB\,OU\=DE\,DC\=sub01\,DC\=domain\,DC\=local", "geb.test")

Why returns _AD_FQDNToSamAccountName() a correct SamAccountName while _AD_RenameObject() cannot handle this (valid) DN?

Link to comment
Share on other sites

Do not escape ALL special characters as function _AD_FQDNToSamAccountName does:

$sFQDN = _AD_FixSpecialChars($sFQDN, 0, "/#") ; Escape special characters in the FQDN

 

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I took a deeper look into AD.au3 -

The function _AD_RenameObject() fails if _AD_FixSpecialChars() is called before. If so, 'If Not _AD_ObjectExists($sObject) ...' fails. It seems that _AD_ObjectExists() doesn't need _AD_FixSpecialChars() ...

IMHO _AD_RenameObject() should be extended like this:

Func _AD_RenameObject($sObject, $sCN)

    If Not _AD_ObjectExists($sObject) Then Return SetError(1, 0, 0)
    If StringMid($sObject, 3, 1) <> "=" Then $sObject = _AD_SamAccountNameToFQDN($sObject) ; sAMAccountName provided
    If StringMid($sObject, 3, 1) = "=" Then $sObject = _AD_FixSpecialChars($sObject, 0, "/#") ; <<<<<<<<<<
    Local $oObject = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sObject)
    Local $oOU = __AD_ObjGet($oObject.Parent) ; Get the object of the OU/CN where the object resides
    $sCN = "CN=" & _AD_FixSpecialChars($sCN) ; escape all special characters
    $oOU.MoveHere("LDAP://" & $sAD_HostServer & "/" & $sObject, $sCN)
    If @error Then Return SetError(@error, 0, 0)
    Return 1

EndFunc   ;==>_AD_RenameObject

What do you think?

Is there a way to detect if a string is already escaped?

Edited by supersonic
Link to comment
Share on other sites

20 hours ago, supersonic said:

Any other idea to avoid using _AD_FQDNToSamAccountName in this case?

Any reason you want to avoid _AD_FQDNToSamAccountName in this case?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

water,

just a misunderstanding. Please, let me try to explain once more:

The function _AD_RenameObject() is as good as it is. But if calling this function e. g. like that (in order to consider special characters):

_AD_RenameObject(_AD_FixSpecialChars("CN=geb./test,OU=Users,OU=Computers_W7,OU=GEB,OU=DE,DC=sub01,DC=domain,DC=local", 0, "#/"), "geb.test")

... the very fist line of this function:

If Not _AD_ObjectExists($sObject) Then Return SetError(1, 0, 0)

... runs into SetError() in my attempts (@error = 1). It seems that _AD_ObjectExists() can handle spec. chars. by itself - without the help of _AD_FixSpecialChars(). In code that means this fails:

_AD_ObjectExists(_AD_FixSpecialChars("CN=geb./test,OU=Users,OU=Computers_W7,OU=GEB,OU=DE,DC=sub01,DC=domain,DC=local", 0, "/#"))

... but this works:

_AD_ObjectExists("CN=geb./test,OU=Users,OU=Computers_W7,OU=GEB,OU=DE,DC=sub01,DC=domain,DC=local")

Do you have an environment to test? Would be greatly appreciate 🙂

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...