_AD_IsMemberOf_ - (Moved)

[tweakster2010]

Hello All,

It has been a long time since I posted, role changes etc involving work and I finally am back to modifying a program I write in AutoIt that has AD integration. I am at a point where we are modifying our structure where I am validating users access via what Distribution List they belong to in our AD OU's. What I have run into is the OU is a sub OU of a sub OU now. Meaning: CN=team, OU=DL, OU=Groups, DC=business.com(working), is now CN=Team, OU=SubDL, OU=DL, OU=Groups, DC=business.com (Not working).  Just curious if the AD functionality should be able to read it or maybe I am missing something?

 

ElseIf _AD_IsMemberOf("CN=Team,OU=Distribution Lists,OU=Groups,DC=business,DC=com", $sFQDN_User) Then
#works for primary Distro

ElseIf _AD_IsMemberOf("CN=Team,OU=SubDL,OU=Distribution Lists,OU=Groups,DC=business,DC=com", $sFQDN_User) Then
#fails for subOU of DL

How I am accessing AD to get the information:

_AD_Open()
    Global $aUser = _AD_GetObjectsInOU("", "(&(objectCategory=person)(objectClass=user)(samaccountname=" & @UserName & "))", 2, "ADsPath,Displayname,distinguishedName")
    Global $sDisplayName0 = $aUser[1][1] ; Displayname
    ;MsgBox(0,"", $sDisplayName0)
    If StringLeft($sDisplayName0, 2) = "9-" Then
        $Displaynamestring = StringTrimLeft($sDisplayName0, 2)
        $Displaynamestring1 = StringTrimRight($Displaynamestring, 6)

The error code generated is a 1 with a 0 extended. I assume it is because it cannot find the SubOU.

 

Thanks for any assistance.

[Jos]

Moved to the appropriate forum.

Moderation Team

[water]

@error = 1 for _AD_IsMemberOf means that the specified group does not exist.
You are sure the group exists and the FQDN is written correctly?

[tweakster2010]

This was something you helped me write back in the day, only recently did our distribution lists jump 1 more sub OU as well as we shifted to a multitenant domain where some are suggesting certain OUs are not able to seen in others. Our DNS team doesn't think thats the issue that maybe I am writing the OU tags incorrectly, which I suspect might be the case as I am able to access the OU in Groups but not the next 1 under Distribution Lists. In theory though shouldn't CN=name, OU=Subsubou, OU=Subou, OU=Groups, DC=Comp.com be accurate?

[water]

Are there any special characters in the FQDN? This are:

  Quote

"\/#,+<>;=

Expand  

 

[tweakster2010]

@water No special characters.

[water]

When you run _AD_Example_GetOUTreeView.au3 do you see both OUs?

[tweakster2010]

I am running it now waiting for it to finish populating my information.

 

My concern though is that I can get to a subOU already but not 1 more down. That is what is causing my concern :/

 

EDIT

 

I confirmed the subOU is listed in the _AD_Example_GetOUTreeView.au3

Edited September 26, 2018 by tweakster2010

[water]

Great! So lets do a simple check:

#include <AD.au3>
_AD_Open()
Global $iReturn = _AD_ObjectExists("your FQDN goes here")
MsgBox(0, "Result", "Return value=" & $iReturn & ", @error=" & @error & ", @extended=" & @extended)