Jump to content

List all users in AD


Recommended Posts

If the following doesn't return accountExpiry info, then maybe you don't have the permissions to read that attribute?

#include <AD.au3>
_AD_Open()
    If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

    Local $aProperties = _AD_GetObjectProperties(@UserName)
    _ArrayDisplay($aProperties, "Active Directory Functions - Example 1 - Properties for user '" & @UserName & "'")

_AD_Close()

 

Link to comment
Share on other sites

  • Replies 48
  • Created
  • Last Reply

Top Posters In This Topic

If I use a contractors samAccountName it works fine and only returns the accountExpire data

_AD_GetObjectProperties("ausername", "accountExpires", True, True)

If I run this, It does return the first array of users but fails with error code 1 when running the loop to return the accountExpires date.

#include <AD.au3>
#include <File.au3>

Global $Users = @ScriptDir & "\ADUsers.txt"

_GetUsers()

Func _GetUsers()

    ; Open Connection to the Active Directory.
    _AD_Open()
    If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

    ; Search all of AD for contractors and exclude _DT accounts.
    $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName")
    ;$hADUsers = FileOpen ($Users, $FO_APPEND)
    ;_FileWriteFromArray ($hADUsers, $aUserObjects)
    _ArrayDisplay($aUserObjects) ;Test array and display

    For $i = 0 To UBound($aUserObjects) - 1
        ;MsgBox(0, "", $aUserObjects[$i])
        $aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True)
         If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_GetObjectProperties encountered a problem. @error = " & @error & ", @extended = " & @extended)
    Next

    _ArrayDisplay ($aExpires)

    _AD_Close()

EndFunc   ;==>_GetUsers

 

Edited by antmar904
Link to comment
Share on other sites

You would need to use _ArrayDisplay($aExpires) within the loop to show each contractor, however what happens when you use my original code?  The _GetADDateTime() function is a lot faster than using _AD_GetObjectProperties as you're querying each user.  However you don't mind waiting for the results just use something like:

$aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName")
    _ArrayColInsert($aUserObjects, 1)
    For $i = 0 To UBound($aUserObjects) - 1
        $aExpires = _AD_GetObjectProperties($aUserObjects[$i][0], "accountExpires", True, True)
        If Not @error Then $aUserObjects[$i][1] = $aExpires[1][1]
    Next

    _ArrayDisplay($aUserObjects)

 

Link to comment
Share on other sites

_AD_GetObjectsInOU returns a one-based array. So element 0 holds the number of entries.
Start processing the array with element 1 and the problem should be gone :) 

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Hi @waterI tried that also and that did not work.  Here is the current code and the error code I'm getting in the SciTE console output:

"C:\Temp\Dev\non-FTE out of compliance.au3" (31) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$aExpires = _AD_GetObjectProperties($aUserObjects[$i][1], "accountExpires", True, True)
$aExpires = _AD_GetObjectProperties(^ ERROR

 

#include <AD.au3>
#include <File.au3>

Global $Users = @ScriptDir & "\ADUsers.txt"

_GetUsers()

Func _GetUsers()

    ; Open Connection to the Active Directory.
    _AD_Open()
    If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

    ; Search all of AD for contractors and exclude _DT accounts.
    $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName")
    ;$hADUsers = FileOpen ($Users, $FO_APPEND)
    ;_FileWriteFromArray ($hADUsers, $aUserObjects)
    _ArrayDisplay($aUserObjects) ;Test array and display

    For $i = 0 To UBound($aUserObjects) - 1
        ;MsgBox(0, "", $aUserObjects[$i])
        $aExpires = _AD_GetObjectProperties($aUserObjects[$i][1], "accountExpires", True, True)
         If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_GetObjectProperties encountered a problem. @error = " & @error & ", @extended = " & @extended)
    Next

    _ArrayDisplay ($aExpires)

    _AD_Close()

EndFunc   ;==>_GetUsers

 

Link to comment
Share on other sites

Please see my previous post!
You need 

For $i = 1 To UBound($aUserObjects)

not 

For $i = 0 To UBound($aUserObjects) - 1

 

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

No, as _AD_GetObjectsInOU only returns a single property you have to use

$aExpires = _AD_GetObjectProperties($aUserObjects[$i][0], "accountExpires", True, True)

and $i has to start with 1.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I made those changes and I'm getting the same error.

 

"C:\Temp\Dev\non-FTE out of compliance.au3" (31) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$aExpires = _AD_GetObjectProperties($aUserObjects[$i][0], "accountExpires", True, True)
$aExpires = _AD_GetObjectProperties(^ ERROR

Link to comment
Share on other sites

My bad. When you only retrieve a single property then you get a 1D array.
Hence you need: 

$aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True)

 

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I run the script, the array returns with the samaccount names, I X out of the first array then it runs for about 4 min and fails with this error:

"C:\Temp\Dev\non-FTE out of compliance.au3" (31) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True)
$aExpires = _AD_GetObjectProperties(^ ERROR

Link to comment
Share on other sites

Believe Water meant you to use:

For $i = 1 To UBound($aUserObjects) - 1

Still not sure why you don't just use as per my first post and then convert it into a readable date.

$aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName,accountExpires")

 

Link to comment
Share on other sites

Sure :>

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

3 hours ago, Subz said:

Believe Water meant you to use:

For $i = 1 To UBound($aUserObjects) - 1

Still not sure why you don't just use as per my first post and then convert it into a readable date.

$aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName,accountExpires")

 

Doesn't _AD_GetObjectProperties $bTranslate = True convert the data into readable data?

Link to comment
Share on other sites

1 hour ago, antmar904 said:

Doesn't _AD_GetObjectProperties $bTranslate = True convert the data into readable data?

Correct

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

This is not working for me.

It's just returning ONE accountExpire date in the array after 4 min of running...

 

#include <AD.au3>
#include <File.au3>

Global $Users = @ScriptDir & "\ADUsers.txt"

_GetUsers()

Func _GetUsers()

    ; Open Connection to the Active Directory.
    _AD_Open()
    If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

    ; Search all of AD for contractors and exclude _DT accounts.
    $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName")
    ;$hADUsers = FileOpen ($Users, $FO_APPEND)
    ;_FileWriteFromArray ($hADUsers, $aUserObjects)
    _ArrayDisplay($aUserObjects) ;Test array and display

    For $i = 1 To UBound($aUserObjects) - 1
        ;MsgBox(0, "", $aUserObjects[$i])
        $aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True)
         If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_GetObjectProperties encountered a problem. @error = " & @error & ", @extended = " & @extended)
    Next

    _ArrayDisplay ($aExpires)

    _AD_Close()

EndFunc   ;==>_GetUsers

 

Link to comment
Share on other sites

As I mentioned in a previous post your only displaying the last entry because _ArrayDisplay($aExpires) is outside of the loop.

Quote

Doesn't _AD_GetObjectProperties $bTranslate = True convert the data into readable data?

While this is true, if your first query returns 200 contractors samAccount names, you're then making 200 additional queries to get the account expiry date within the loop, meaning it's going to take several minutes to complete.  By only using the single query and then converting it to a date as per my original post, it only takes several seconds to complete.

Link to comment
Share on other sites

1 hour ago, Subz said:

As I mentioned in a previous post your only displaying the last entry because _ArrayDisplay($aExpires) is outside of the loop.

While this is true, if your first query returns 200 contractors samAccount names, you're then making 200 additional queries to get the account expiry date within the loop, meaning it's going to take several minutes to complete.  By only using the single query and then converting it to a date as per my original post, it only takes several seconds to complete.

Hey @Subz

I was originally just trying to use the AD UDFs.  I did just test out your script and it worked well (~4 seconds)!.  Thank you for your assistance.  A couple of things I'm going to try and add is 1) exclude any "Disabled" AD accounts so we don't have to process them 2) my end goal is to only alert/report on any account that does not have a expire date of 90 days from the AD account creation date.  Any help is greatly appreciated!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...