Should the Active Directory UDF support fine grained password policies?
6 members have voted
I'd like to write a piece of tool that would allow me to update a certain field in our Active Directory from a comma separated csv file composed like this:
This file, automatically generated, can hold more than 10k lines.
Thus, I need column A to be in one variable, column B in a second one and column C in a third one.
I'm really missing this part as updating the AD is fairly easy once the 3 variable are populated.
I see things like this:
Here's my attempts at the moment:
#include <File.au3> #include <Array.au3> Global $csv_file = @DesktopDir & "\Book1.csv" Global $aRecords If Not _FileReadToArray($csv_file,$aRecords) Then MsgBox(4096,"Error", " Error reading log to Array error:" & @error) Exit EndIf For $x = 1 to $aRecords Msgbox(0,'Record:' & $x, $aRecords[$x]) ; Shows the line that was read from file $csv_line_values = StringSplit($aRecords[$x], ",",1) ; Splits the line into 2 or more variables and puts them in an array ; _ArrayDisplay($csv_line_values) ; Shows what's in the array you just created. ; $csv_line_values holds the number of elements in array ; $csv_line_values holds the value ; $csv_line_values holds the value ; etc Msgbox(0, 0, $csv_line_values) Next Any help on this please?
Thanks in advance
I have 5 DCs, and I need to create a scheduled task to run a script that will test the authentication time for each one of them, once every minute. (Then I'll use it within a log analyser to create graphics).
I came up with a script using the great AD UDF (by water). First I tried using "for" and an array, but something was messing up the results, then I went for the dumb old fashioned way:
#Include <ad.au3> #include <MsgBoxConstants.au3> Global $AdTestTime = "" Global $Timer1, $Timer2, $Timer3, $Timer4, $Timer5 = "" Global $sAD1 = "MYSERVER109" Global $sAD2 = "MYSERVER110" Global $sAD3 = "MYSERVER111" Global $sAD4 = "MYSERVER112" Global $sAD5 = "MYSERVER113" $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2 = Timerinit() _AD_Open("", "", $sAD2) _AD_Close() Local $fDiff2 = TimerDiff($Timer2) $Timer3 = Timerinit() _AD_Open("", "", $sAD3) _AD_Close() Local $fDiff3 = TimerDiff($Timer3) $Timer4 = Timerinit() _AD_Open("", "", $sAD4) _AD_Close() Local $fDiff4 = TimerDiff($Timer4) $Timer5 = Timerinit() _AD_Open("", "", $sAD5) _AD_Close() Local $fDiff5 = TimerDiff($Timer5) MsgBox(0,"", "MYSERVER109=" & $fDiff1) MsgBox(0,"", "MYSERVER110=" & $fDiff2) MsgBox(0,"", "MYSERVER111=" & $fDiff3) MsgBox(0,"", "MYSERVER112=" & $fDiff4) MsgBox(0,"", "MYSERVER113=" & $fDiff5) Still, something is off here.
The first AD to be tested is always the slowest one, by far, like 20 times slower. Then I started to suspect that the first one starts the "negotiation", and the following ones ride the gravy train.
If I repeat the first code twice, All servers seem to have a similar result.
$Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2.... Am I right?
Also, is there a better way to test the authentication time?
Thanks for the help.
As the Active Directory UDF - Help & Support thread has grown too big, I start a new one.
The original thread can be found here.
I've been playing with the AD UDF (by water) and I'm really not sure how it works (even after playing for several hours) and I'm hoping that someone can point me in the right direction on this.
What I want to do is make it so if I give a network username, it returns back the information about said user (IE name, org, dept, etc). I know the info is in AD, I just don't know how to pull it using the UDF. Anyone have suggestions?
#RequireAdmin #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <AD.au3> #include <Array.au3> #include <GuiButton.au3> #include <String.au3> #Region ### START Koda GUI section ### Form= Global $Form1_1 = GUICreate("Get User Groups", 419, 501, -1, -1) Global $Username = GUICtrlCreateInput("", 176, 80, 121, 21) Global $Button1 = GUICtrlCreateButton("GetGroups", 24, 120, 75, 25) Global $Groups = GUICtrlCreateEdit("", 24, 168, 369, 313, BitOR($ES_AUTOVSCROLL,$ES_AUTOHSCROLL,$ES_WANTRETURN,$WS_VSCROLL)) GUICtrlSetData(-1, "") GUICtrlSetData(-1, "") Global $Label2 = GUICtrlCreateLabel("Copy and paste the text below and add it to the onboarding ticket.", 80, 40, 318, 17) Global $Cancel = GUICtrlCreateButton("Cancel", 312, 120, 75, 25) Global $Disable = GUICtrlCreateButton("Copy", 120, 120, 75, 25) Global $Expire = GUICtrlCreateButton("Expire", 216, 120, 75, 25) Global $Unique = GUICtrlCreateLabel("Unique Username", 56, 80, 89, 25) GUISetState(@SW_SHOW) WinActivate($Form1_1) _GUICtrlButton_Enable($Username) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button1 GroupArray() Case $Disable Copy() Case $Cancel Exit EndSwitch WEnd ;~ Functions Func GroupArray() _AD_Open() Global $Inputbox = GUICtrlRead($Username) If @error Then Exit MsgBox(16, "Active Directory", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended) ; Get a sorted array of group names (FQDN) that the user is immediately a member of Global $aUser = _AD_GetUserGroups($Inputbox) If @error > 0 Then MsgBox(64, "Active Directory Function", "User '" & $Inputbox & "' has not been assigned to any group or cannot be found.") Else _ArraySort($aUser, 0, 1) $sString = _ArrayToString($aUser, "; ") Global $sorted = _StringBetween($sString, "CN=", ",") Global $Format = _ArrayToString($sorted, "; ") Guictrlsetdata($Groups, $Format) EndIf ; Close Connection to the Active Directory _AD_Close() EndFunc ;==>GroupArray Func Copy() $copy = GUICtrlRead($groups) ClipPut($copy) EndFunc I've found this to be very useful but It only shows the names of the groups in FDQN format.
In order to import multiple groups back into AD The have to be formatted like so:
Domain users; Finance; Domain Admins;
This allows you to copy and paste that back into an AD account where you need add multiple groups to one user.
I've written something to clean it up a bit but i'm new to autoit. I just started like 2 weeks ago and i'm not sure how to sort info. The script i've written allows you to take the appropriate info out but it take a little too much info out. I'm using string between and I'd like to know if there is a way to extract info better from the array used in _AD_GetUserGroups
I've attached my script and GUI but it pulls too much info due to the _stringbetween function. I just need to know if there is a better way?