Jump to content
Sign in to follow this  
joshiieeii

Active Directory Helper

Recommended Posts

DISCLAIMER: As always be careful when messing with scripts that can manipulate AD data :D

This little tool with basically display what you get when you go to "Active Directory Users and Computers" in Adminpack and look at a user's profile.

It enables you to unlock the account (UNTESTED) and view information about a user.

*Updated 7-19-2006

#include <GUIConstants.au3>
#include <Misc.au3>
Const $ADS_NAME_INITTYPE_GC = 3
Const $ADS_NAME_TYPE_NT4 = 3
Const $ADS_NAME_TYPE_1779 = 1
DIM $unlock
DIM $mgrvalue
DIM $mgrsplit
DIM $manager
DIM $mgr
DIM $title
DIM $pwdexpires
$oMyError = ObjEvent("AutoIt.Error", "ComError")
$objRootDSE = ObjGet("LDAP://RootDSE")
$username = InputBox("Username","Please input a username:")  
If @error Then
    MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain)
Else
; DNS domain name.
    $objTrans = ObjCreate("NameTranslate")
    $objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
    $objTrans.Set ($ADS_NAME_TYPE_1779, @LogonDomain)
    $objTrans.Set ($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & $username)
    $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
    $UserObj = ObjGet("LDAP://" & $strUserDN)
    If @error Then
        MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain)
    Else
        ;MsgBox(0, 'test', 'test:  ' & $test)
        Call ("Displayinfo")
        
    
    EndIf
EndIf
$UserObj = ""
$oMyError = ObjEvent("AutoIt.Error", "")
;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc ;==>ComError


Func Displayinfo()
    GUICreate ( "Active Directory Information", 500, 600, 300, 300)
    
    GUICtrlCreateLabel ("Username: ", 10, 10, 60, 20)   
    GUICtrlCreateLabel ("First Name: ", 10, 30, 60, 20) 
    GUICtrlCreateLabel ("Last Name: ", 200, 30, 60, 20) 
    GUICtrlCreateLabel ("Display Name: ", 10, 50, 100, 20)  
    GUICtrlCreateLabel ("Title: ", 10, 70, 100, 20) 
    GUICtrlCreateLabel ("Manager: ", 10, 90, 100, 20)   
    GUICtrlCreateLabel ("Description: ", 10, 150, 100, 20)  
    GUICtrlCreateLabel ("Office: ", 10, 190, 60, 20)    
    GUICtrlCreateLabel ("Department: ", 10, 250, 100, 20)   
    GUICtrlCreateLabel ("Telephone Number: ", 10, 290, 90, 40)  
    GUICtrlCreateLabel ("Mobile Number: ", 10, 320, 100, 20)    
    GUICtrlCreateLabel ("Home Number: ", 10, 350, 100, 20)  
    GUICtrlCreateLabel ("Email Address: ", 10, 370, 100, 20)    
    GUICtrlCreateLabel ("Logon Script: ", 10, 410, 100, 20)
    GUICtrlCreateLabel ("Account:", 10, 430, 100, 20)
    GUICtrlCreateLabel ("Number of bad logon attempts since last reset: ", 310, 420, 120, 40)
    GUICtrlCreateLabel ("Password Last Changed: ", 10, 460, 100, 40)
    GUICtrlCreateLabel ("90 Day Password Expiration: ", 10, 490, 100, 40)
    GUICtrlCreateLabel ("Last Logon: ", 10, 540, 100, 20)   

$font="Tahoma"
GUISetFont (9, 600, $font)   ; will display underlined characters
$unlock = GUICtrlCreateButton ( "UNLOCK Account", 180, 425, 120, 25)
GUICtrlSetState ( $unlock, $Gui_Disable )
GUICtrlCreateLabel ( ''& $username, 100, 10, 100, 20)
GUICtrlSetColor(-1,0x0000CC)    ; Blue
GUICtrlCreateLabel (''& $UserObj.FirstName, 100, 30, 100, 20)   
GUICtrlCreateLabel (''& $UserObj.LastName, 300, 30, 100, 20)    
GUICtrlCreateLabel (''& $UserObj.FullName, 100, 50, 300, 20)    
GUICtrlCreateLabel (''& $UserObj.Title, 100, 70, 100, 20)
$title = GUICtrlRead ( $title )
If $title = 0 Then
    GUICtrlCreateLabel ('', 100, 70, 100, 20)
Endif

$mgr = GUICtrlCreateLabel (''& $UserObj.Manager, 100, 90, 400, 70)  
$mgrvalue = GUICtrlRead ( $mgr )
$mgrsplit = StringSplit ( ""& $mgrvalue, ",")
$manager = StringTrimLeft ( ''& $mgrsplit[1], 3 )
GUICtrlCreateLabel (''& $manager, 100, 90, 400, 70)
GUICtrlCreateLabel (''& $UserObj.Description, 100, 150, 300, 40)    
GUICtrlCreateLabel (''& $UserObj.physicalDeliveryOfficeName, 100, 190, 100, 50) 
GUICtrlCreateLabel (''& $UserObj.Department, 100, 250, 200, 20) 
GUICtrlCreateLabel (''& $UserObj.TelephoneNumber, 100, 300, 250, 20)    
GUICtrlCreateLabel (''& $UserObj.TelephoneMobile, 100, 320, 250, 20)    
GUICtrlCreateLabel (''& $UserObj.TelephoneHome, 120, 350, 250, 20)  
GUICtrlCreateLabel (''& $UserObj.EmailAddress, 100, 370, 300, 20)   
GUICtrlCreateLabel (''& $UserObj.LoginScript, 100, 410, 200, 15)
$locked = GUICtrlCreateLabel (""& $UserObj.IsAccountLocked, 100, 430, 10, 20)
If GuiCtrlread ($locked) = 0 or 39 Then
GUICtrlCreateLabel ("NOT Locked", 100, 430, 80, 15)
GUICtrlSetBkColor(-1, 0x00ff00);Green
Else
    MsgBox(0, 'INFO', "User Account Lock value is: "& $locked)
GUICtrlCreateLabel ("LOCKED", 10, 430, 60, 15)
GUICtrlSetBkColor(-1, 0xff0000) ; Red
GUICtrlSetState ( $unlock, $Gui_Enable )

EndIf
$lastchange = $UserObj.PasswordLastChanged

$Date = StringMid($lastchange, 5, 2) & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4)
$Time = StringMid($lastchange, 9, 2) & ":" & StringMid($lastchange, 11, 2) & ":" & StringMid($lastchange, 13, 2)
GUICtrlCreateLabel ($Date & " "& $Time, 100, 460, 150, 20)
$pwdexpires = StringMid($lastchange, 5, 2) + 3 & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4)
GUICtrlCreateLabel ( $pwdexpires & ' ' & $Time, 100, 490, 150, 20)





$lastlogin = $UserObj.LastLogin

$Date = StringMid($lastlogin, 5, 2) & "/" & StringMid($lastlogin, 7, 2) & "/" & StringMid($lastlogin, 1, 4)
$Time = StringMid($lastlogin, 9, 2) & ":" & StringMid($lastlogin, 11, 2) & ":" & StringMid($lastlogin, 13, 2)
GUICtrlCreateLabel ($Date & " "& $Time, 100, 540, 150, 20)
$badlogin = GUICtrlCreateLabel (""& $UserObj.BadLoginCount, 430, 430, 20, 15)
If GuiCtrlread ($badlogin) = 0 Then
GUICtrlSetBkColor(-1, 0x00ff00);Green
Else
GUICtrlSetBkColor(-1, 0xff0000) ; Red
EndIf

    GUISetState ()
    
    
    
 While 1
        $msg = GUIGetMsg()
        Select
            Case $msg = $unlock
                If $UserObj.IsAccountLocked Then
                $UserObj.IsAccountLocked = False
                $UserObj.SetInfo
                MsgBox(0, 'INFO', "User Account was Unlocked. It will take approximately 5 mins to reflect this change.")
                GUICtrlCreateLabel (""& $UserObj.IsAccountLocked, 100, 430, 10, 20)
                EndIf
            
            Case $msg = $GUI_EVENT_CLOSE
            Exit
        EndSelect
    WEnd
    
    
    
    EndFunc
Edited by joshiieeii

Share this post


Link to post
Share on other sites

This is a nice quick way of looking up specific AD info. Where did you go to find a list of LDAP Attributes? I need to know what the attribute is for the Home Drive connect to path. Also, would you know how to list all of the groups a user is a member of?

Thanks

Share this post


Link to post
Share on other sites

This is a nice quick way of looking up specific AD info. Where did you go to find a list of LDAP Attributes? I need to know what the attribute is for the Home Drive connect to path. Also, would you know how to list all of the groups a user is a member of?

Thanks

Here's one

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

This is a nice quick way of looking up specific AD info. Where did you go to find a list of LDAP Attributes? I need to know what the attribute is for the Home Drive connect to path. Also, would you know how to list all of the groups a user is a member of?

Thanks

Code for returning an array that has the groupnames that the logged in user is a member of;

Takes an array by reference and outputs it with the zeroth element as the count of groups and elements 1 to Ubound-1 as the group names. Doesn't sort them, just gets them in the order AD provides them. Let me know if you find it helpful...

Func GetUserGroups(ByRef $usergroups)

Dim $objConnection, $oUsr

Dim $usergroups[1], $i = 1

$objConnection = ObjCreate("ADODB.Connection") ; Create COM object to AD

$objConnection.Provider = "ADsDSOObject"

$objConnection.Open ("Active Directory Provider") ; Open connection to AD

$objRootDSE = ObjGet("LDAP://RootDSE")

Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext") ; Retrieve the current AD domain name

$strQuery = "<LDAP://" & $strDNSDomain & ">;(sAMAccountName=" & @UserName & ");ADsPath;subtree"

$objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the logged on user

$ldap_entry = $objRecordSet.fields (0).value

$oUsr = ObjGet($ldap_entry) ; Retrieve the COM Object for the logged on user

$groups = $oUsr.groups ; Get the list of group objects from the user

For $groupname In $groups

ReDim $usergroups[uBound($usergroups) + 1]

$usergroups[0] += 1 ; Increment the count of groups

$usergroups[$i] = StringTrimLeft($groupname.name, 3)

$i += 1

Next

EndFunc ;==>GetUserGroups

Edited by Johny Clelland

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...