AD UDF How to Change default OU

[Mattw11486]

My job requires me to create robotic IDs in AD for multiple domains. Using the _AD_CreateUser, I want to be able to select a checkbox for the 4 different domains we can create the user in. With the current code below it seems to default to OU=Users, how do I change that to go to the OU=SWACo then the GenID subfolder? I also want to then have 4 different checkboxes that would create the robotic ID in other domains same folder path.

 

expandcollapse popup

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Creates and activates a user in a particular OU.
; *****************************************************************************
#include <AD.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>

; Open Connection to the Active Directory
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

Global $sFQDN = _AD_SamAccountNameToFQDN()
Global $sluvParentOU = StringMid($sFQDN, StringInStr($sFQDN, ",OU=") + 1)
Global $iReply = MsgBox(308, "Active Directory Functions - Example 1", "This script creates a new user in the specified OU." & @CRLF & @CRLF & _
        "Are you sure you want to change the Active Directory?")
If $iReply <> 6 Then Exit

; Enter parent OU and user to create
#region ### START Koda GUI section ### Form=
Global $Form1 = GUICreate("Active Directory Functions - Example 1", 714, 124)
GUICtrlCreateLabel("Enter the OU (FQDN):", 8, 10, 231, 17)
GUICtrlCreateLabel("Enter the user to create (samAccountName)", 8, 42, 231, 17)
Global $IOU = GUICtrlCreateInput($sluvParentOU, 241, 8, 459, 21)
Global $IUser = GUICtrlCreateInput("Test-User", 241, 40, 459, 21)
Global $BOK = GUICtrlCreateButton("Create User", 8, 72, 121, 33)
Global $BCancel = GUICtrlCreateButton("Cancel", 628, 72, 73, 33, BitOR($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON))
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###

While 1
    Global $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE, $BCancel
            Exit
        Case $BOK
            Global $sOU = GUICtrlRead($IOU)
            Global $sUser = GUICtrlRead($IUser)
            ExitLoop
    EndSwitch
WEnd

; Create a new user
Global $iValue = _AD_CreateUser($sOU, $sUser, "Doe John")
If $iValue = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "User '" & $sUser & "' in OU '" & $sOU & "' successfully created")
ElseIf @error = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "User '" & $sUser & "' already exists")
ElseIf @error = 2 Then
    MsgBox(64, "Active Directory Functions - Example 1", "OU '" & $sOU & "' does not exist")
ElseIf @error = 3 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Value for CN (e.g. Lastname Firstname) is missing")
ElseIf @error = 4 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Value for $sAD_User is missing")
Else
    MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf

; Close Connection to the Active Directory
_AD_Close()

 

[water]

You already can specify the OU in your GUI. What's wrong with it?

[Mattw11486]

I am sort of a noob, can you show me where or how I can specify it in the GUI? I was trying to specify it in 

Global $sluvParentOU = StringMid($sFQDN, StringInStr($sFQDN, ",OU=") + 1)

but that doesn't seem to be working for me.

[water]

The OU is expected as (example) "OU=sampleou,OU=sampleparent,DC=sampledomain1,DC=sampledomain2".
What do you get in $sluvParentOU?

[Mattw11486]

What I get for that currently is OU=Users,OU=HDQ,OU=SWACO,DC=LUV,DC=AD,DC=SWACORP,DC=com which is an OU in my AD but it's not the one I want to put these user names in. I want it to go to OU=GenID,OU=SWACO,DC=LUV,DC=AD,DC=SWACORP,DC=com

[water]

Does it work when you enter this OU into the GUI and  create a user?

[Mattw11486]

[Mattw11486]

The script seems to be pulling a default OU using _AD_SamAccountNameToFQDN() but I am not sure how to set that to the OU I actually want. I just double checked AD and I do not have a Users > HDQ folder in AD which is why it brings up this error. Not sure how it is defaulting to that OU or if that is a generic one that is defined by _AD_SamAccountNameToFQDN()

[water]

It's not a default OU it is the OU where the currently logged on user is defined.
"1" looks like a ControlID. So I think you pass the ControlID to _AD_Createuser not the value of the Input field. Maybe there is a GUICtrlRead missing or a wrong assignment?

BTW: The AD UDF only supports connecting to one domain at a time. To create a user in 4 different domains you would need to use _AD_Open/_AD_Close for every domain.

[Mattw11486]

Yes, it sounds like I am missing something. How do I define different domains/OUs within the code?

 

It it just going to be something like domain1 = OU=GenID,OU=SWACO,DC=LUV,DC=AD,DC=SWACORP,DC=com?

[water]

You need to specify the domain in the _AD_Open call. Details can be found in the wiki.

[Mattw11486]

Cool thanks maybe I am still missing something but the example doesn't show how to make sure the username is being added to the SWACO>GENID OU within the domain.

Local $iResult = _AD_Open("", "", "DC=subdomain,DC=example,DC=com", "servername.subdomain.example.com", "CN=Configuration,DC=subdomain,DC=example,DC=com")

 

[water]

The example script does error checking after calling _AD_CreateUser. You get a message telling you of success/error.

[Mattw11486]

When I run it with my current code it states it successfully created the user, but when I check AD, I do not see the user listed

[water]

After creating the user you could call _AD_GetObjectProperties. Make sure to check @error after the function call.

$aProperties = _AD_GetObjectProperties(<SamAccountName or FQDN of the created user>)
_ArrayDisplay($aProperties)