ACalcutt Posted July 8, 2006 Share Posted July 8, 2006 (edited) I am trying to add a domain user to a local group based on this acticle http://www.microsoft.com/technet/scriptcen...04/hey1008.mspx I thought i could do this $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level) $objUser = ObjGet("WinNT://" & $domain & "/" & $user) $objGroup.Add($objUser.ADsPath) that works for a local user, but when i try to do a domain user i get $objGroup.Add($objUser.ADsPath) $objGroup.Add($objUser.^ERROR Error: Variable must be of type "Object" I'm assuming thats because it needs my credentials to check that the user exists....how whould i provide that information? ;complete function Func _User($action, $user, $pass="", $domain=@ComputerName, $level="") Select Case $action = "ADD" $objLocalComputer = ObjGet("WinNT://" & @ComputerName); Init COM object $objUser = $objLocalComputer.Create ("user", $user); Create user $objUser.SetPassword ($pass) $objUser.SetInfo _User("SET_GROUP", $user, $pass, $domain, $level) Case $action = "REMOVE" ;_Profile("REMOVE", $user, $domain) $objLocalComputer = ObjGet("WinNT://" & @ComputerName); Init COM object $objLocalComputer.Delete("user", $user); Delete user Case $action = "SET_GROUP" $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level) $objUser = ObjGet("WinNT://" & $domain & "/" & $user) $objGroup.Add($objUser.ADsPath) Case $action = "REMOVE_GROUP" $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level) $objUser = ObjGet("WinNT://" & $domain & "/" & $user) $objGroup.Remove($objUser.ADsPath) EndSelect EndFunc;==>_User Edited July 9, 2006 by ACalcutt Andrew Calcutt Http://www.Vistumbler.net Http://www.TechIdiots.net Its not an error, its a undocumented feature Link to comment Share on other sites More sharing options...
Developers Jos Posted July 9, 2006 Developers Share Posted July 9, 2006 what error do you get when you add these lines ? $oMyError = ObjEvent("AutoIt.Error","MyErrFunc") ; Install a custom error handler ; <+++++ You code goes here ++++ ; This is my custom error handler Func MyErrFunc() $HexNumber=hex($oMyError.number,8) Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _ "Number is: " & $HexNumber & @CRLF & _ "Linenbr is: " & $oMyError.scriptline & @CRLF & _ "Description is: " & $oMyError.description & @CRLF & _ "Windescription is: " & $oMyError.windescription ) SetError(1) ; something to check for when this function returns Endfunc SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
ACalcutt Posted July 10, 2006 Author Share Posted July 10, 2006 (edited) A friend from work helped me get it working... i ended up with this Func _User($action, $user, $pass="", $domain=@ComputerName, $level="") Select Case $action = "ADD" $objLocalComputer = ObjGet("WinNT://" & @ComputerName); Init COM object $objUser = $objLocalComputer.Create ("user", $user); Create user $objUser.SetPassword ($pass) $objUser.SetInfo _User("SET_GROUP", $user, $pass, $domain, $level) Case $action = "REMOVE" _Profile("REMOVE", $user, $domain) $objLocalComputer = ObjGet("WinNT://" & @ComputerName); Init COM object $objLocalComputer.Delete("user", $user); Delete user Case $action = "SET_GROUP" $dso = ObjGet("WinNT:") $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level & ",group") $objUser = $dso.OpenDSObject("WinNT://" & $domain & "/" & $user,$domain & "\" & $user, $pass, 1) $objGroup.Add($objUser.ADsPath) Case $action = "REMOVE_GROUP" $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level) $objUser = ObjGet("WinNT://" & $domain & "/" & $user) $objGroup.Remove($objUser.ADsPath) EndSelect EndFunc ;==>_User if i have some spare time i will see what the other code gave me as an error Edited July 10, 2006 by ACalcutt Andrew Calcutt Http://www.Vistumbler.net Http://www.TechIdiots.net Its not an error, its a undocumented feature Link to comment Share on other sites More sharing options...
HaeMHuK Posted January 20, 2011 Share Posted January 20, 2011 (edited) Hi! I'm trying to use your script. It goes to en error "The requested action with this object has failed". $level = 'Administrators' $domain = 'domainname' $user = 'domainadmin' $password = 'domainpassword' $user1 = 'username' $dso = ObjGet("WinNT:") $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level & ",group") $objUser1 = $dso.OpenDSObject("WinNT://" & $fulldomain & "/" & $user1,$domain & "\" & $user, $password, 1) $objGroup.Add ($objUser1.AdsPath) Could you please help me to reedit it? Edited January 20, 2011 by HaeMHuK Link to comment Share on other sites More sharing options...
water Posted January 20, 2011 Share Posted January 20, 2011 All Active Directory related functions can be done using the Active Directory UDF (for download please see my signature) as well. My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
HaeMHuK Posted January 20, 2011 Share Posted January 20, 2011 All Active Directory related functions can be done using the Active Directory UDF (for download please see my signature) as well.Thanks for UDF. I've already created script for me based on it.But I didn't find there what I've mentioned before. Link to comment Share on other sites More sharing options...
water Posted January 20, 2011 Share Posted January 20, 2011 But I didn't find there what I've mentioned before.That's true. The only WINNT stuff is related to the functions to join/unjoin a computer to the domain.But with the AD UDF you can at least get the ADSPATH of the user. My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
HaeMHuK Posted January 20, 2011 Share Posted January 20, 2011 That's true. The only WINNT stuff is related to the functions to join/unjoin a computer to the domain.But with the AD UDF you can at least get the ADSPATH of the user.I don't need to add pc to domain. I just only need to add domain user to local group. How can I do it with AD UDF? Link to comment Share on other sites More sharing options...
water Posted January 20, 2011 Share Posted January 20, 2011 (edited) #include <ad.au3> _AD_Open() ; Get ADSPath for specified user $user = @UserName $sFQDN = _AD_SamAccountNameToFQDN($user) $sADSPath = "LDAP://" & $sAD_HostServer & "/" & $sFQDN _AD_Close() ; access group $level = 'Administrators' $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level & ",group") ; Add user to group $objGroup.Add ($sADSPath) This example runs with the credentials of the current user. If you need a userid/password to access the AD then pass them as parameters to _AD_Open(). If you get: Test.au3 (13) : ==> The requested action with this object has failed.: $objGroup.Add ($sADSPath) $objGroup.Add ($sADSPath)^ ERRORthen you're missing the necessary rights to add the user to the local group. Edited January 20, 2011 by water My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
HaeMHuK Posted January 20, 2011 Share Posted January 20, 2011 (edited) *****.au3 (12) : ==> The requested action with this object has failed.: $objGroup.Add ($sADSPath) $objGroup.Add ($sADSPath)^ ERROR Maybe I'm doing something wrong? I have this rights. There is something else. Edited January 20, 2011 by HaeMHuK Link to comment Share on other sites More sharing options...
water Posted January 20, 2011 Share Posted January 20, 2011 *****.au3 (12) : ==> The requested action with this object has failed.:$objGroup.Add ($sADSPath)$objGroup.Add ($sADSPath)^ ERRORMaybe I'm doing something wrong?No, I think you're just missing the necessary rights to add the user to the local group. I tested that the $objGroup exists.To ensure that you aren't doing anything wrong with AutoIt you could download a VB script from the internet and test. My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
HaeMHuK Posted January 20, 2011 Share Posted January 20, 2011 No, I think you're just missing the necessary rights to add the user to the local group. I tested that the $objGroup exists.To ensure that you aren't doing anything wrong with AutoIt you could download a VB script from the internet and test.Well. After rebooting this works fine:$dso = ObjGet("WinNT:")$objGroup = ObjGet("WinNT://" & @ComputerName & "/" & $level & ",group") $objUser = $dso.OpenDSObject("WinNT://" & $fulldomain & "/" & $user1,$domain & "\" & $user, $password, 1) $objGroup.Add($objUser.ADsPath) MsgBox(0, "111", "User added")Sometimes it works sometimes not.What is the reason, do you have any suggestions? Link to comment Share on other sites More sharing options...
water Posted January 20, 2011 Share Posted January 20, 2011 (edited) Sometimes it works sometimes not.What is the reason, do you have any suggestions?Unfortunately I have no idea. That's not my area of expertise Anyone else? Edited January 20, 2011 by water My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
Juvigy Posted January 21, 2011 Share Posted January 21, 2011 Try in cmd : "Net localgroup administrators domain\user /add" If this works just RUNDOS it with autoit. Link to comment Share on other sites More sharing options...
HaeMHuK Posted January 21, 2011 Share Posted January 21, 2011 Guys, nevermind. Now works fine! Thanks a lot for help. Link to comment Share on other sites More sharing options...
CrabChuck Posted November 12, 2018 Share Posted November 12, 2018 (edited) I'm stuck, again. I have an application that uses local group membership to control the user roles. Nesting AD groups into those local groups doesn't work, so my plan is to use a scheduled task to sync the AD group members to the local group. I've got about 20 machines that need to keep synced, and it's been a pain doing it machine by machine. I'm to the point where I can get the FQDN list of users out of AD, but I'm too new at this to understand how to take that list and add them to the local group. Here's what I've got so far trying to make it work based on various threads. Yes, I am an admin on the PC where I'm running it. I think I read somewhere about an escape character in the FQDN that was needed, but can't find it again. $ADresult = _AD_Open("MYacct","MYpassword","","","",3) $ADlist = _ad_getgroupmembers("PSuser") _ad_Close() $objGroup = ObjGet("WinNT://" & @ComputerName & "/" & "PSoperator") For $i=1 to $ADlist[0] step +1 $uADS = "LDAP://" & $sAD_HostServer & "/" & $ADlist[$i] $objGroup.add ($ADlist[$i]) Next I get this: "The requested action with this object has failed.:" $objGroup^ ERROR Edited November 12, 2018 by CrabChuck Link to comment Share on other sites More sharing options...
AdamUL Posted November 12, 2018 Share Posted November 12, 2018 I have had consistent results using "net localgroup" to add AD groups and users to a local groups. Example below. #RequireAdmin #include <Constants.au3> ;~ _AddADAccountToLocalGroup("AD\GroupName", "Administrators") ;~ If @error Then MsgBox($MB_ICONERROR, "Error", "Error adding user/group to local group.") _AddADAccountToLocalGroup("AD\PSUser", "PSoperator") If @error Then MsgBox($MB_ICONERROR, "Error", "Error adding user/group to local group.") Func _AddADAccountToLocalGroup($sAccountName, $sLocalGroup) If StringLeft($sAccountName, 3) = "AD\" Then $sAccountName = StringTrimLeft($sAccountName, 3) Local $iPIDNet = Run('net localgroup ' & $sLocalGroup & ' ' & $sAccountName & ' /add', @SystemDir, @SW_HIDE, $STDERR_MERGED) ProcessWaitClose($iPIDNet) Local $sNetOutput = StringStripWS(StdoutRead($iPIDNet), $STR_STRIPLEADING + $STR_STRIPTRAILING) If Not (StringInStr($sNetOutput, "The command completed successfully.") Or StringInStr($sNetOutput, "The specified account name is already a member of the group.")) Then Return SetError(1, 0, False) Return True EndFunc ;==>_AddToLocalAdminGroup Adam Link to comment Share on other sites More sharing options...
CrabChuck Posted November 12, 2018 Share Posted November 12, 2018 What's the format of your $sAccountName variable? I'm still working to try and solve my own issue, and discovered one problem with the $sAD_HostServer variable. I capture it while I have my AD connection open. That got my $uADS variable looking better. I've got a debug message box where I return $objGroup.name and it's giving me the name of the group I want to update, so I'm pretty sure my group object is okay. That means what I'm passing it isn't. Right now, $uADS looks like this: LDAP://server123.bob.company.com/CN=Mike Jones,OU=Users,OU=Americas,DC=bob,DC=company,DC=com Link to comment Share on other sites More sharing options...
AdamUL Posted November 12, 2018 Share Posted November 12, 2018 The $sAccounName is the format for the SamAccountName. You can use _AD_FQDNToSamAccountName to convert it to the proper format. Adam Link to comment Share on other sites More sharing options...
CrabChuck Posted November 12, 2018 Share Posted November 12, 2018 (edited) 9 minutes ago, AdamUL said: The $sAccounName is the format for the SamAccountName. You can use _AD_FQDNToSamAccountName to convert it to the proper format. Adam That's what I was just reading about. Problem is, all I can get it to return is still the FQDN. If I wrap my FQDN in quotes, it returns the FQDN. If I don't, it returns an error. I've also been playing with _AD_GetObjectProperties but I can't get it to return anything. Edited November 12, 2018 by CrabChuck Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now