water Posted March 3, 2023 Posted March 3, 2023 I wonder why you get "mydomain.internal/Users/Service Contractor" The LDAP query should return something like this: "cn=John Doe,ou=People,dc=sun.com" My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
antmar904 Posted March 3, 2023 Author Posted March 3, 2023 (edited) Here is the quick test script: #include <AD.au3> #include <MsgBoxConstants.au3> _AD_Open() If @error Then Exit MsgBox("", "", "Active Directory Error. Function _AD_Open encountered a problem. Error: " & @error & " extended error: " & @extended) $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(cn=*Contractor*))", 2, "sAMAccountName,Name") ;Debug _ArrayDisplay($aUserObjects) _AD_Close() Exit I'm using AD.au3 version 1.6.1.0 Edited March 3, 2023 by antmar904
water Posted March 3, 2023 Posted March 3, 2023 Does the domain controller (DC) you connect to hold more than one contractor user? Can you modify the _AD_Open statement in your last post to connect to the Global Catalogue (GC)? My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
antmar904 Posted March 3, 2023 Author Posted March 3, 2023 Yes, the DC holds more accounts with either "consultants" or "contractor" in their cn. I modified to connect to GC on port 3269 and still only returned one results.
antmar904 Posted March 3, 2023 Author Posted March 3, 2023 Also, when I use powershell "Get-Aduser username -pr *" the CN attribute retuned is the whole users display name BUT the CanonicalName attribute returns what I want to search for in my script...
water Posted March 4, 2023 Posted March 4, 2023 "The distinguished name http://msdn.microsoft.com/en-us/library/windows/desktop/aa366101(v=vs.85).aspx is the hierarchical path where you will find the object within AD for example "CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM" The canonical name is the same as the distinguished one but in different writing, with slashes and ordered the other way around: COM/FABRIKAM/SALES/SMITH for example." The canonicalName attribute is constructed, also called operational. This means the value is not actually saved in AD, but is constructed by the DC when you request the value.Thats why you can't search for the canonicalName attribute. Unfortunately you can't use a wildcard with a distinguishedName (according to the X.500 standards). So you have to do it yourself. I suggest to grab displayname, title, description and samAccountname for all users with the (!userAccountControl:1.2.840.113556.1.4.803:=2) and then then loop through the returned array to grab the users you want to process (means test the displayname and the expiration date). I further suggest to re-structure your AD. Put all Contractors in a separate OU and all Consultants in another OU. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now