Subz Posted June 24, 2022 Posted June 24, 2022 If the following doesn't return accountExpiry info, then maybe you don't have the permissions to read that attribute? #include <AD.au3> _AD_Open() If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended) Local $aProperties = _AD_GetObjectProperties(@UserName) _ArrayDisplay($aProperties, "Active Directory Functions - Example 1 - Properties for user '" & @UserName & "'") _AD_Close()
antmar904 Posted June 24, 2022 Author Posted June 24, 2022 Yes it does return the "accountExpire" attribute when I run that code.
Subz Posted June 24, 2022 Posted June 24, 2022 Can you try one of the contractor accounts samAccountNames in place of @Username? Also just noticed that your third parameter was blank, try using: _AD_GetObjectProperties(@UserName, "accountExpires", True, True) Although the first code I posted returns the information alot faster.
antmar904 Posted June 24, 2022 Author Posted June 24, 2022 (edited) If I use a contractors samAccountName it works fine and only returns the accountExpire data _AD_GetObjectProperties("ausername", "accountExpires", True, True) If I run this, It does return the first array of users but fails with error code 1 when running the loop to return the accountExpires date. #include <AD.au3> #include <File.au3> Global $Users = @ScriptDir & "\ADUsers.txt" _GetUsers() Func _GetUsers() ; Open Connection to the Active Directory. _AD_Open() If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended) ; Search all of AD for contractors and exclude _DT accounts. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName") ;$hADUsers = FileOpen ($Users, $FO_APPEND) ;_FileWriteFromArray ($hADUsers, $aUserObjects) _ArrayDisplay($aUserObjects) ;Test array and display For $i = 0 To UBound($aUserObjects) - 1 ;MsgBox(0, "", $aUserObjects[$i]) $aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True) If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_GetObjectProperties encountered a problem. @error = " & @error & ", @extended = " & @extended) Next _ArrayDisplay ($aExpires) _AD_Close() EndFunc ;==>_GetUsers Edited June 24, 2022 by antmar904
Subz Posted June 24, 2022 Posted June 24, 2022 You would need to use _ArrayDisplay($aExpires) within the loop to show each contractor, however what happens when you use my original code? The _GetADDateTime() function is a lot faster than using _AD_GetObjectProperties as you're querying each user. However you don't mind waiting for the results just use something like: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName") _ArrayColInsert($aUserObjects, 1) For $i = 0 To UBound($aUserObjects) - 1 $aExpires = _AD_GetObjectProperties($aUserObjects[$i][0], "accountExpires", True, True) If Not @error Then $aUserObjects[$i][1] = $aExpires[1][1] Next _ArrayDisplay($aUserObjects)
water Posted June 25, 2022 Posted June 25, 2022 (edited) _AD_GetObjectsInOU returns a one-based array. So element 0 holds the number of entries. Start processing the array with element 1 and the problem should be gone Edited June 25, 2022 by water My UDFs and Tutorials: Reveal hidden contents UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
antmar904 Posted June 27, 2022 Author Posted June 27, 2022 Hi @waterI tried that also and that did not work. Here is the current code and the error code I'm getting in the SciTE console output: "C:\Temp\Dev\non-FTE out of compliance.au3" (31) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.: $aExpires = _AD_GetObjectProperties($aUserObjects[$i][1], "accountExpires", True, True) $aExpires = _AD_GetObjectProperties(^ ERROR #include <AD.au3> #include <File.au3> Global $Users = @ScriptDir & "\ADUsers.txt" _GetUsers() Func _GetUsers() ; Open Connection to the Active Directory. _AD_Open() If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended) ; Search all of AD for contractors and exclude _DT accounts. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName") ;$hADUsers = FileOpen ($Users, $FO_APPEND) ;_FileWriteFromArray ($hADUsers, $aUserObjects) _ArrayDisplay($aUserObjects) ;Test array and display For $i = 0 To UBound($aUserObjects) - 1 ;MsgBox(0, "", $aUserObjects[$i]) $aExpires = _AD_GetObjectProperties($aUserObjects[$i][1], "accountExpires", True, True) If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_GetObjectProperties encountered a problem. @error = " & @error & ", @extended = " & @extended) Next _ArrayDisplay ($aExpires) _AD_Close() EndFunc ;==>_GetUsers
water Posted June 27, 2022 Posted June 27, 2022 Please see my previous post! You need For $i = 1 To UBound($aUserObjects) not For $i = 0 To UBound($aUserObjects) - 1 My UDFs and Tutorials: Reveal hidden contents UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
antmar904 Posted June 27, 2022 Author Posted June 27, 2022 ah I misunderstood you. Sry. I thought you meant start the array here [1] $aExpires = _AD_GetObjectProperties($aUserObjects[$i][1], "accountExpires", True, True)
water Posted June 27, 2022 Posted June 27, 2022 No, as _AD_GetObjectsInOU only returns a single property you have to use $aExpires = _AD_GetObjectProperties($aUserObjects[$i][0], "accountExpires", True, True) and $i has to start with 1. My UDFs and Tutorials: Reveal hidden contents UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
antmar904 Posted June 27, 2022 Author Posted June 27, 2022 I made those changes and I'm getting the same error. "C:\Temp\Dev\non-FTE out of compliance.au3" (31) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.: $aExpires = _AD_GetObjectProperties($aUserObjects[$i][0], "accountExpires", True, True) $aExpires = _AD_GetObjectProperties(^ ERROR
water Posted June 27, 2022 Posted June 27, 2022 (edited) My bad. When you only retrieve a single property then you get a 1D array. Hence you need: $aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True) Edited June 27, 2022 by water My UDFs and Tutorials: Reveal hidden contents UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
antmar904 Posted June 27, 2022 Author Posted June 27, 2022 I run the script, the array returns with the samaccount names, I X out of the first array then it runs for about 4 min and fails with this error: "C:\Temp\Dev\non-FTE out of compliance.au3" (31) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.: $aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True) $aExpires = _AD_GetObjectProperties(^ ERROR
Subz Posted June 27, 2022 Posted June 27, 2022 Believe Water meant you to use: For $i = 1 To UBound($aUserObjects) - 1 Still not sure why you don't just use as per my first post and then convert it into a readable date. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName,accountExpires")
water Posted June 27, 2022 Posted June 27, 2022 Sure My UDFs and Tutorials: Reveal hidden contents UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
antmar904 Posted June 27, 2022 Author Posted June 27, 2022 On 6/27/2022 at 3:53 PM, Subz said: Believe Water meant you to use: For $i = 1 To UBound($aUserObjects) - 1 Still not sure why you don't just use as per my first post and then convert it into a readable date. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName,accountExpires") Expand Doesn't _AD_GetObjectProperties $bTranslate = True convert the data into readable data?
water Posted June 27, 2022 Posted June 27, 2022 On 6/27/2022 at 7:30 PM, antmar904 said: Doesn't _AD_GetObjectProperties $bTranslate = True convert the data into readable data? Expand Correct My UDFs and Tutorials: Reveal hidden contents UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
antmar904 Posted June 27, 2022 Author Posted June 27, 2022 This is not working for me. It's just returning ONE accountExpire date in the array after 4 min of running... #include <AD.au3> #include <File.au3> Global $Users = @ScriptDir & "\ADUsers.txt" _GetUsers() Func _GetUsers() ; Open Connection to the Active Directory. _AD_Open() If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended) ; Search all of AD for contractors and exclude _DT accounts. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName") ;$hADUsers = FileOpen ($Users, $FO_APPEND) ;_FileWriteFromArray ($hADUsers, $aUserObjects) _ArrayDisplay($aUserObjects) ;Test array and display For $i = 1 To UBound($aUserObjects) - 1 ;MsgBox(0, "", $aUserObjects[$i]) $aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True) If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_GetObjectProperties encountered a problem. @error = " & @error & ", @extended = " & @extended) Next _ArrayDisplay ($aExpires) _AD_Close() EndFunc ;==>_GetUsers
Subz Posted June 27, 2022 Posted June 27, 2022 As I mentioned in a previous post your only displaying the last entry because _ArrayDisplay($aExpires) is outside of the loop. Quote Doesn't _AD_GetObjectProperties $bTranslate = True convert the data into readable data? Expand While this is true, if your first query returns 200 contractors samAccount names, you're then making 200 additional queries to get the account expiry date within the loop, meaning it's going to take several minutes to complete. By only using the single query and then converting it to a date as per my original post, it only takes several seconds to complete.
antmar904 Posted June 27, 2022 Author Posted June 27, 2022 On 6/27/2022 at 8:55 PM, Subz said: As I mentioned in a previous post your only displaying the last entry because _ArrayDisplay($aExpires) is outside of the loop. While this is true, if your first query returns 200 contractors samAccount names, you're then making 200 additional queries to get the account expiry date within the loop, meaning it's going to take several minutes to complete. By only using the single query and then converting it to a date as per my original post, it only takes several seconds to complete. Expand Hey @Subz I was originally just trying to use the AD UDFs. I did just test out your script and it worked well (~4 seconds)!. Thank you for your assistance. A couple of things I'm going to try and add is 1) exclude any "Disabled" AD accounts so we don't have to process them 2) my end goal is to only alert/report on any account that does not have a expire date of 90 days from the AD account creation date. Any help is greatly appreciated!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now