Sign in to follow this  
Followers 0
mcgill

Active Directory

25 posts in this topic

Hello,

I search the forum for active directory au3 and the articles were helpful. Is there a way I can find out what are all the extensions I can pull from active directory, like to see if an account is locked, username and so forth. I see code like this $UserObj.Department which work no problem when I want to pull that information. But for some reason i use the extension $UserObj.IsAccountLocked it doesn't work. So that is why I want to know all the extensions to active directory. If anyone can help me that would be great. Basically I want to be able to unlock an account in AD by a push of a button but I want to check to see if the account is active or note first. If the account is active then the button is disable. Thanks

Share this post


Link to post
Share on other sites



LDAP doesn't support it i guess...

It does...

Hello,

I search the forum for active directory au3 and the articles were helpful. Is there a way I can find out what are all the extensions I can pull from active directory, like to see if an account is locked, username and so forth. I see code like this $UserObj.Department which work no problem when I want to pull that information. But for some reason i use the extension $UserObj.IsAccountLocked it doesn't work. So that is why I want to know all the extensions to active directory. If anyone can help me that would be great. Basically I want to be able to unlock an account in AD by a push of a button but I want to check to see if the account is active or note first. If the account is active then the button is disable. Thanks

I am using it and is working fine....Can you show the scriptlet that is giving the issue?


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

What I did is use some code from another person code from active directory to test on my system. Through testing I notice that the command .IsAccountLocked does not work. I tried setting up loops for it to check and it would skip the event. It doesn't cause an error so I am wondering if the wording is correct. I am trying to enable/disable the "account is locked" area in active directory. I am running the latest beta version. Is there a listing of all the areas I can pull from in active directory. I appreaciate your help, thanks

AD.au3

Share this post


Link to post
Share on other sites

What I did is use some code from another person code from active directory to test on my system. Through testing I notice that the command .IsAccountLocked does not work. I tried setting up loops for it to check and it would skip the event. It doesn't cause an error so I am wondering if the wording is correct. I am trying to enable/disable the "account is locked" area in active directory. I am running the latest beta version. Is there a listing of all the areas I can pull from in active directory. I appreaciate your help, thanks

Have made several changes in the script and its working for me now... :D

; ----------------------------------------------------------------------------
;
; AutoIt Version: 3.1.0
; Author:         A.N.Other <myemail@nowhere.com>
;
; Script Function:
;   Template AutoIt script.
;
; ----------------------------------------------------------------------------

; Script Start - Add your code below here

#include <GUIConstants.au3>
#include <Misc.au3>

Const $ADS_NAME_INITTYPE_GC = 3
Const $ADS_NAME_TYPE_NT4 = 3
Const $ADS_NAME_TYPE_1779 = 1
Dim $unlock
Dim $mgrvalue
Dim $mgrsplit
Dim $manager
Dim $mgr
Dim $title
Dim $pwdexpires
$username = InputBox("Username", "Please input a username:")
If @error Then Exit
$oMyError = ObjEvent("AutoIt.Error", "ComError")
$objRootDSE = ObjGet("LDAP://RootDSE")
If @error Then
    MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain)
Else
    ; DNS domain name.
    $objTrans = ObjCreate("NameTranslate")
    $objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
    $objTrans.Set ($ADS_NAME_TYPE_1779, @LogonDomain)
    $objTrans.Set ($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & $username)
    $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
    $UserObj = ObjGet("LDAP://" & $strUserDN)
    If @error Then
        MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain)
    Else
        Call("Displayinfo")

    EndIf
EndIf
$UserObj = ""
$oMyError = ObjEvent("AutoIt.Error", "")
;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError


Func Displayinfo()
    GUICreate("Active Directory Information", 500, 600, 300, 300)
    
    GUICtrlCreateLabel("Username: ", 10, 10, 60, 20)
    GUICtrlCreateLabel("First Name: ", 10, 30, 60, 20)
    GUICtrlCreateLabel("Last Name: ", 200, 30, 60, 20)
    GUICtrlCreateLabel("Display Name: ", 10, 50, 100, 20)
    GUICtrlCreateLabel("Title: ", 10, 70, 100, 20)
    GUICtrlCreateLabel("Manager: ", 10, 90, 100, 20)
    GUICtrlCreateLabel("Description: ", 10, 150, 100, 20)
    GUICtrlCreateLabel("Office: ", 10, 190, 60, 20)
    GUICtrlCreateLabel("Department: ", 10, 250, 100, 20)
    GUICtrlCreateLabel("Telephone Number: ", 10, 290, 90, 40)
    GUICtrlCreateLabel("Mobile Number: ", 10, 320, 100, 20)
    GUICtrlCreateLabel("Home Number: ", 10, 350, 100, 20)
    GUICtrlCreateLabel("Email Address: ", 10, 370, 100, 20)
    GUICtrlCreateLabel("Logon Script: ", 10, 410, 100, 20)
    GUICtrlCreateLabel("Account:", 10, 430, 100, 20)
    GUICtrlCreateLabel("Number of bad logon attempts since last reset: ", 310, 420, 120, 40)
    GUICtrlCreateLabel("Password Last Changed: ", 10, 460, 100, 40)
    GUICtrlCreateLabel("90 Day Password Expiration: ", 10, 490, 100, 40)
    GUICtrlCreateLabel("Last Logon: ", 10, 540, 100, 20)
    
    $font = "Tahoma"
    GUISetFont(9, 600, $font)   ; will display underlined characters
    $unlock = GUICtrlCreateButton("UNLOCK Account", 180, 425, 120, 25)
    GUICtrlSetState($unlock, $Gui_Disable)
    GUICtrlCreateLabel('' & $username, 100, 10, 100, 20)
    GUICtrlSetColor(-1, 0x0000CC)    ; Blue
    GUICtrlCreateLabel('' & $UserObj.FirstName, 100, 30, 100, 20)
    GUICtrlCreateLabel('' & $UserObj.LastName, 300, 30, 100, 20)
    GUICtrlCreateLabel('' & $UserObj.FullName, 100, 50, 300, 20)
    GUICtrlCreateLabel('' & $UserObj.Title, 100, 70, 100, 20)
    $title = GUICtrlRead($title)
    If $title = 0 Then
        GUICtrlCreateLabel('', 100, 70, 100, 20)
    EndIf
    
    $mgr = GUICtrlCreateLabel('' & $UserObj.Manager, 100, 90, 400, 70)
    $mgrvalue = GUICtrlRead($mgr)
    $mgrsplit = StringSplit("" & $mgrvalue, ",")
    $manager = StringTrimLeft('' & $mgrsplit[1], 3)
    GUICtrlCreateLabel('' & $manager, 100, 90, 400, 70)
    GUICtrlCreateLabel('' & $UserObj.Description, 100, 150, 300, 40)
    GUICtrlCreateLabel('' & $UserObj.physicalDeliveryOfficeName, 100, 190, 100, 50)
    GUICtrlCreateLabel('' & $UserObj.Department, 100, 250, 200, 20)
    GUICtrlCreateLabel('' & $UserObj.TelephoneNumber, 100, 300, 250, 20)
    GUICtrlCreateLabel('' & $UserObj.TelephoneMobile, 100, 320, 250, 20)
    GUICtrlCreateLabel('' & $UserObj.TelephoneHome, 120, 350, 250, 20)
    GUICtrlCreateLabel('' & $UserObj.EmailAddress, 100, 370, 300, 20)
    GUICtrlCreateLabel('' & $UserObj.LoginScript, 100, 410, 200, 15)
    $userlocked = GUICtrlCreateLabel("?????", 100, 430, 80, 15)
    If Not $UserObj.IsAccountLocked Then
        GUICtrlSetData($userlocked,"NOT Locked")
        GUICtrlSetBkColor(-1, 0x00ff00);Green
    Else
        GUICtrlSetData($userlocked,"Locked")
        GUICtrlSetBkColor(-1, 0xff0000) ; Red
        GUICtrlSetState($unlock, $Gui_Enable)
        
    EndIf
    $lastchange = $UserObj.PasswordLastChanged
    $Date = StringMid($lastchange, 5, 2) & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4)
    $Time = StringMid($lastchange, 9, 2) & ":" & StringMid($lastchange, 11, 2) & ":" & StringMid($lastchange, 13, 2)
    GUICtrlCreateLabel($Date & " " & $Time, 100, 460, 150, 20)
    $pwdexpires = StringMid($lastchange, 5, 2) + 3 & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4)
    GUICtrlCreateLabel($pwdexpires & ' ' & $Time, 100, 490, 150, 20)

    $lastlogin = $UserObj.LastLogin
    
    $Date = StringMid($lastlogin, 5, 2) & "/" & StringMid($lastlogin, 7, 2) & "/" & StringMid($lastlogin, 1, 4)
    $Time = StringMid($lastlogin, 9, 2) & ":" & StringMid($lastlogin, 11, 2) & ":" & StringMid($lastlogin, 13, 2)
    GUICtrlCreateLabel($Date & " " & $Time, 100, 540, 150, 20)
    $badlogin = GUICtrlCreateLabel("" & $UserObj.BadLoginCount, 430, 430, 20, 15)
    If GUICtrlRead($badlogin) = 0 Then
        GUICtrlSetBkColor(-1, 0x00ff00);Green
    Else
        GUICtrlSetBkColor(-1, 0xff0000) ; Red
    EndIf
    
    GUISetState()
    
    While 1
        $msg = GUIGetMsg()
        Select
            Case $msg = $unlock
                If $UserObj.IsAccountLocked Then
                    $UserObj.IsAccountLocked = False
                    $UserObj.SetInfo
                    Sleep(500)
                    If Not $UserObj.IsAccountLocked Then
                        GUICtrlSetData($userlocked,"NOT Locked")
                        GUICtrlSetBkColor($userlocked, 0x00ff00);Green
                    Else
                        GUICtrlSetData($userlocked,"Locked")
                        GUICtrlSetBkColor($userlocked, 0xff0000) ; Red
                        GUICtrlSetState($unlock, $Gui_Enable)
                    EndIf
                EndIf
            Case $msg = $GUI_EVENT_CLOSE
                Exit
        EndSelect
    WEnd
    
    
    
EndFunc   ;==>Displayinfo

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I tried the application and it did not enable the button to let me unlock an account.

Do I have to be logged in as administrator to enable the logged account?

This is how I am currently setup........

I log into a machine with my regular account on a machine domain and I log into Active directory with an admin account when I run the program(ie runas on AD).

I can tell by the code that it is working cause it is pulling all the information but its not liking .IsAccountLocked.

I am running windows 2000.

Share this post


Link to post
Share on other sites

I tried the application and it did not enable the button to let me unlock an account.

Do I have to be logged in as administrator to enable the logged account?

This is how I am currently setup........

I log into a machine with my regular account on a machine domain and I log into Active directory with an admin account when I run the program(ie runas on AD).

I can tell by the code that it is working cause it is pulling all the information but its not liking .IsAccountLocked.

I am running windows 2000.

You will have to run this script with Admin credentials or else it won't work properly... :D


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I logged in with my admin creditials and ran the script. It does not turn the "NOT LOCKED" field red or enable the guibutton. I know it is working on your side but I can't think why it's not working on my side. Talk about frustrating. Let me know if there is anything else I can try, please , thanks

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

I logged in with my admin creditials and ran the script. It does not turn the "NOT LOCKED" field red or enable the guibutton. I know it is working on your side but I can't think why it's not working on my side. Talk about frustrating. Let me know if there is anything else I can try, please , thanks

The buton will only be activated,Red and display Locked when the account is locked else it will be diabled,green and display NotLocked.....

Not sure I understand how you test ....

I tested the following way:

Locked a test account by doing a runas a couple of times.

Start the script

It showed Red/Locked and unlocked the account after clicking the button..

Edited by JdeB

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

This is the way I tested:

I did a runas and locked up an id

Ran the script and tool gui displays the same way as not being locked except the color turns red for how many attempts were made.

I am running windows 2000 service pack 4

Share this post


Link to post
Share on other sites

This is the way I tested:

I did a runas and locked up an id

Ran the script and tool gui displays the same way as not being locked except the color turns red for how many attempts were made.

I am running windows 2000 service pack 4

I made some more changes to the GUI ... see if thats what you want:

; ----------------------------------------------------------------------------
;
; AutoIt Version: 3.1.0
; Author:         A.N.Other <myemail@nowhere.com>
;
; Script Function:
;   Template AutoIt script.
;
; ----------------------------------------------------------------------------

; Script Start - Add your code below here

#include <GUIConstants.au3>
#include <Misc.au3>

Const $ADS_NAME_INITTYPE_GC = 3
Const $ADS_NAME_TYPE_NT4 = 3
Const $ADS_NAME_TYPE_1779 = 1
Dim $unlock
Dim $mgrvalue
Dim $mgrsplit
Dim $manager
Dim $mgr
Dim $title
Dim $pwdexpires
$username = InputBox("Username", "Please input a username:")
If @error Then Exit
$oMyError = ObjEvent("AutoIt.Error", "ComError")
$objRootDSE = ObjGet("LDAP://RootDSE")
If @error Then
    MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain)
Else
    ; DNS domain name.
    $objTrans = ObjCreate("NameTranslate")
    $objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
    $objTrans.Set ($ADS_NAME_TYPE_1779, @LogonDomain)
    $objTrans.Set ($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & $username)
    $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
    $UserObj = ObjGet("LDAP://" & $strUserDN)
    If @error Then
        MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain)
    Else
        Call("Displayinfo")

    EndIf
EndIf
$UserObj = ""
$oMyError = ObjEvent("AutoIt.Error", "")
;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError


Func Displayinfo()
    GUICreate("Active Directory Information", 500, 600, 300, 300)
    
    GUICtrlCreateLabel("Username: ", 10, 10, 60, 20)
    GUICtrlCreateLabel("First Name: ", 10, 30, 60, 20)
    GUICtrlCreateLabel("Last Name: ", 200, 30, 60, 20)
    GUICtrlCreateLabel("Display Name: ", 10, 50, 100, 20)
    GUICtrlCreateLabel("Title: ", 10, 70, 100, 20)
    GUICtrlCreateLabel("Manager: ", 10, 90, 100, 20)
    GUICtrlCreateLabel("Description: ", 10, 150, 100, 20)
    GUICtrlCreateLabel("Office: ", 10, 190, 60, 20)
    GUICtrlCreateLabel("Department: ", 10, 250, 100, 20)
    GUICtrlCreateLabel("Telephone Number: ", 10, 290, 90, 40)
    GUICtrlCreateLabel("Mobile Number: ", 10, 320, 100, 20)
    GUICtrlCreateLabel("Home Number: ", 10, 350, 100, 20)
    GUICtrlCreateLabel("Email Address: ", 10, 370, 100, 20)
    GUICtrlCreateLabel("Logon Script: ", 10, 410, 100, 20)
    GUICtrlCreateLabel("Account:", 10, 430, 100, 20)
    GUICtrlCreateLabel("Number of bad logon attempts since last reset: ", 310, 420, 120, 40)
    GUICtrlCreateLabel("Password Last Changed: ", 10, 460, 100, 40)
    GUICtrlCreateLabel("90 Day Password Expiration: ", 10, 490, 100, 40)
    GUICtrlCreateLabel("Last Logon: ", 10, 540, 100, 20)
    
    $font = "Tahoma"
    GUISetFont(9, 600, $font)   ; will display underlined characters
    $unlock = GUICtrlCreateButton("UNLOCK Account", 180, 425, 120, 25)
    GUICtrlSetState($unlock, $Gui_Disable)
    GUICtrlCreateLabel('' & $username, 100, 10, 100, 20)
    GUICtrlSetColor(-1, 0x0000CC)    ; Blue
    GUICtrlCreateLabel('' & $UserObj.FirstName, 100, 30, 100, 20)
    GUICtrlCreateLabel('' & $UserObj.LastName, 300, 30, 100, 20)
    GUICtrlCreateLabel('' & $UserObj.FullName, 100, 50, 300, 20)
    GUICtrlCreateLabel('' & $UserObj.Title, 100, 70, 100, 20)
    $title = GUICtrlRead($title)
    If $title = 0 Then
        GUICtrlCreateLabel('', 100, 70, 100, 20)
    EndIf
    
    $mgr = GUICtrlCreateLabel('' & $UserObj.Manager, 100, 90, 400, 70)
    $mgrvalue = GUICtrlRead($mgr)
    $mgrsplit = StringSplit("" & $mgrvalue, ",")
    $manager = StringTrimLeft('' & $mgrsplit[1], 3)
    GUICtrlCreateLabel('' & $manager, 100, 90, 400, 70)
    GUICtrlCreateLabel('' & $UserObj.Description, 100, 150, 300, 40)
    GUICtrlCreateLabel('' & $UserObj.physicalDeliveryOfficeName, 100, 190, 100, 50)
    GUICtrlCreateLabel('' & $UserObj.Department, 100, 250, 200, 20)
    GUICtrlCreateLabel('' & $UserObj.TelephoneNumber, 100, 300, 250, 20)
    GUICtrlCreateLabel('' & $UserObj.TelephoneMobile, 100, 320, 250, 20)
    GUICtrlCreateLabel('' & $UserObj.TelephoneHome, 120, 350, 250, 20)
    GUICtrlCreateLabel('' & $UserObj.EmailAddress, 100, 370, 300, 20)
    GUICtrlCreateLabel('' & $UserObj.LoginScript, 100, 410, 200, 15)
    $userlocked = GUICtrlCreateLabel("?????", 100, 430, 80, 15)
    If Not $UserObj.IsAccountLocked Then
        GUICtrlSetData($userlocked,"NOT Locked")
        GUICtrlSetBkColor($userlocked, 0x00ff00);Green
        GUICtrlSetState($unlock, $Gui_Disable)
    Else
        GUICtrlSetData($userlocked,"Locked")
        GUICtrlSetBkColor($userlocked, 0xff0000) ; Red
        GUICtrlSetState($unlock, $Gui_Enable)      
    EndIf
    $lastchange = $UserObj.PasswordLastChanged
    $Date = StringMid($lastchange, 5, 2) & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4)
    $Time = StringMid($lastchange, 9, 2) & ":" & StringMid($lastchange, 11, 2) & ":" & StringMid($lastchange, 13, 2)
    GUICtrlCreateLabel($Date & " " & $Time, 100, 460, 150, 20)
    $pwdexpires = StringMid($lastchange, 5, 2) + 3 & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4)
    GUICtrlCreateLabel($pwdexpires & ' ' & $Time, 100, 490, 150, 20)

    $lastlogin = $UserObj.LastLogin
    
    $Date = StringMid($lastlogin, 5, 2) & "/" & StringMid($lastlogin, 7, 2) & "/" & StringMid($lastlogin, 1, 4)
    $Time = StringMid($lastlogin, 9, 2) & ":" & StringMid($lastlogin, 11, 2) & ":" & StringMid($lastlogin, 13, 2)
    GUICtrlCreateLabel($Date & " " & $Time, 100, 540, 150, 20)
    $badlogin = GUICtrlCreateLabel("" & $UserObj.BadLoginCount, 430, 430, 20, 15)
    If GUICtrlRead($badlogin) = 0 Then
        GUICtrlSetBkColor(-1, 0x00ff00);Green
    Else
        GUICtrlSetBkColor(-1, 0xff0000) ; Red
    EndIf
    
    GUISetState()
    
    While 1
        $msg = GUIGetMsg()
        Select
            Case $msg = $unlock
                If $UserObj.IsAccountLocked Then
                    $UserObj.IsAccountLocked = False
                    $UserObj.SetInfo
                    Sleep(500)
                    If Not $UserObj.IsAccountLocked Then
                        GUICtrlSetData($userlocked,"NOT Locked")
                        GUICtrlSetBkColor($userlocked, 0x00ff00);Green
                        GUICtrlSetState($unlock, $Gui_Disable)
                    Else
                        GUICtrlSetData($userlocked,"Locked")
                        GUICtrlSetBkColor($userlocked, 0xff0000) ; Red
                        GUICtrlSetState($unlock, $Gui_Enable)      
                    EndIf                
                    GUICtrlSetData($badlogin,$UserObj.BadLoginCount)
                    If GUICtrlRead($badlogin) = 0 Then
                        GUICtrlSetBkColor(-1, 0x00ff00);Green
                    Else
                        GUICtrlSetBkColor(-1, 0xff0000) ; Red
                    EndIf
                EndIf
            Case $msg = $GUI_EVENT_CLOSE
                Exit
        EndSelect
    WEnd
    
    
    
EndFunc   ;==>Displayinfo

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Tested with updated code and no change. Does the .IsAccountLocked read as a variable when it is checked or not checked? When I run the code and the account is locked it still goes into the first loop in the if statement even though it is locked.

If Not $UserObj.IsAccountLocked Then

GUICtrlSetData($userlocked,"NOT Locked")

GUICtrlSetBkColor($userlocked, 0x00ff00);Green

GUICtrlSetState($unlock, $Gui_Disable)

Else

GUICtrlSetData($userlocked,"Locked")

GUICtrlSetBkColor($userlocked, 0xff0000) ; Red

GUICtrlSetState($unlock, $Gui_Enable)

EndIf

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

Tested with updated code and no change. Does the .IsAccountLocked read as a variable when it is checked or not checked? When I run the code and the account is locked it still goes into the first loop in the if statement even though it is locked.

If Not $UserObj.IsAccountLocked Then

GUICtrlSetData($userlocked,"NOT Locked")

GUICtrlSetBkColor($userlocked, 0x00ff00);Green

GUICtrlSetState($unlock, $Gui_Disable)

Else

GUICtrlSetData($userlocked,"Locked")

GUICtrlSetBkColor($userlocked, 0xff0000) ; Red

GUICtrlSetState($unlock, $Gui_Enable)

EndIf

Maybe you can add a ConsoleWrite() to the ComErrorHandler to see if the $UserObj.IsAccountLocked is giving an error for you..... Edited by JdeB

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

From my experience with this tool, as I helped author it, it take roughly 10- 15 minutes for LDAP to recognize that the account is unlocked. If you go into the AD users and computers tool, it will show unlocked.

I updated my AD helper in my signature

Edited by joshiieeii

Share this post


Link to post
Share on other sites

From my experience with this tool, as I helped author it, it take roughly 10- 15 minutes for LDAP to recognize that the account is unlocked. If you go into the AD users and computers tool, it will show unlocked.

That really shouldn't be the case unless you are pointing to different DC's and they still need to replicate the info arround. Thats is the only time i see differences .

I use a MS tool to list the status of a User on all DC's in a domain called: LockoutStatus.exe


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

That really shouldn't be the case unless you are pointing to different DC's and they still need to replicate the info arround. Thats is the only time i see differences .

I use a MS tool to list the status of a User on all DC's in a domain called: LockoutStatus.exe

That could be the case in my situation then, when I actually got the chance to try it, I remember that it still showed up as locked for atleast 5 minutes. I have about 8 DC's so that may account for the delay. *shrugs*

Share this post


Link to post
Share on other sites

First of all I would like to say thanks for all help so far with helping me.

I have done some testing with LDAP and WinNT. When I use WinNT and check for an account being locked I am able to detect it and unlock an account with a push of a button. When I try to do it with LDAP it doesn't work. So I tested to see what .IsAccountLocked variable was, I found with LDAP it is always 0, the number doesn't change if its locked or unlocked. But if I use WinNT the .IsAccountLocked variable changes and it works. I heard that LDAP is much better so thats why I want to get it working with LDAP. The only problem with WinNT is I am not able to pull the same information from AD. Any ideas?

These are the ones I could pull from WinNT:

.FullName

.Description

.LoginScript

These are the ones I could not pull from WinNT:

.FirstName

.LastName

.Title

.physicalDeliveryOfficeName

.department

.TelephoneNumber

.TelephoneMobile

.TelephoneHome

.EmailAddress

Share this post


Link to post
Share on other sites

First of all I would like to say thanks for all help so far with helping me.

I have done some testing with LDAP and WinNT. When I use WinNT and check for an account being locked I am able to detect it and unlock an account with a push of a button. When I try to do it with LDAP it doesn't work. So I tested to see what .IsAccountLocked variable was, I found with LDAP it is always 0, the number doesn't change if its locked or unlocked. But if I use WinNT the .IsAccountLocked variable changes and it works. I heard that LDAP is much better so thats why I want to get it working with LDAP. The only problem with WinNT is I am not able to pull the same information from AD. Any ideas?

These are the ones I could pull from WinNT:

.FullName

.Description

.LoginScript

These are the ones I could not pull from WinNT:

.FirstName

.LastName

.Title

.physicalDeliveryOfficeName

.department

.TelephoneNumber

.TelephoneMobile

.TelephoneHome

.EmailAddress

Anyway to get Global Group Membership lists using this method?

Share this post


Link to post
Share on other sites

Here is my code which is detected the account being locked. But certain extensions of AD are not working..

; Script Start - Add your code below here

#include <GuiConstants.au3>

#include <Misc.au3>

; Init objects

$UserName = 'amcgill'

$oMyError = ObjEvent("AutoIt.Error","MyErrFunc") ; Install a custom error handler

$strDomain = @LogonDomain

$strComputer = @UserName ;@ComputerName

$Userobj= ObjGet("WinNT://" & $strDomain & "/" & $strComputer) ;& " ,user")

GUICreate("Active Directory Information", 325, 300, 300, 300)

GUICtrlCreateLabel("Username: ", 10, 10, 90, 20)

GUICtrlCreateLabel("Full Name: ", 10, 30, 90, 20)

GUICtrlCreateLabel("Description: ", 10, 50, 90, 20)

GUICtrlCreateLabel("Office: ", 10, 70, 90, 20)

GUICtrlCreateLabel("?????: ", 10, 90, 90, 20)

GUICtrlCreateLabel("Department: ", 10, 110, 90, 20)

GUICtrlCreateLabel("Telephone#: ", 10, 130, 90, 20)

GUICtrlCreateLabel("Mobile#: ", 10, 150, 90, 20)

GUICtrlCreateLabel("Home#: ", 10, 170, 90, 20)

GUICtrlCreateLabel("Email Address: ", 10, 190, 90, 20)

GUICtrlCreateLabel("Login Script: ", 10, 210, 90, 20)

$unlock = GUICtrlCreateButton("UNLOCK Account", 200, 80, 100 , 20)

GUICtrlCreateLabel('' & $strComputer, 100, 10, 300, 20) ;

GUICtrlCreateLabel('' & $Userobj.FullName, 100, 30, 300, 20) ;Display Name

GUICtrlCreateLabel('' & $Userobj.Description, 100, 50, 300, 20) ;Description

;GUICtrlCreateLabel('' & $Userobj.Title, 100, 70, 300, 20)

;GUICtrlCreateLabel('' & $Userobj.physicalDeliveryOfficeName, 100, 90, 300, 20)

;GUICtrlCreateLabel('' & $Userobj.Department, 100, 110, 300, 20)

;GUICtrlCreateLabel('' & $Userobj.TelephoneNumber, 100, 130, 300, 20)

;GUICtrlCreateLabel('' & $Userobj.TelephoneMobile, 100, 150, 300, 20)

;GUICtrlCreateLabel('' & $Userobj.TelephoneHome, 100, 170, 300, 20)

;GUICtrlCreateLabel('' & $Userobj.EmailAddress, 100, 190, 300, 20)

GUICtrlCreateLabel('' & $Userobj.LoginScript, 100, 210, 300, 20)

$userlocked = GUICtrlCreateLabel ("??????", 200, 110, 100, 20)

If $Userobj.IsAccountLocked = 0 Then

GUICtrlSetData($userlocked, "NOT Locked")

GUICtrlSetBkColor($userlocked, 0x00ff00) ;Green

GUICtrlSetState($unlock, $Gui_Disable)

Else

GUICtrlSetData($userlocked, "Locked")

GUICtrlSetBkColor($userlocked, 0xff0000) ;Red

GUICtrlSetState($unlock, $Gui_Enable)

EndIf

GUISetState()

While 1

$msg = GUIGetMsg()

Select

Case $msg = $unlock

If $Userobj.IsAccountLocked = 0 Then

MsgBox (0,"Account Not Locked", "The Account is not locked")

Else

$Userobj.IsAccountLocked = 0

GUICtrlSetData($userlocked, "NOT Locked")

GUICtrlSetBkColor($userlocked, 0x00ff00) ;Green

GUICtrlSetState($unlock, $Gui_Disable)

$Userobj.SetInfo

;If err.number = 0 Then

MsgBox(0, "Account Unlocked", "The Account was unlocked successfully")

;Else

; MsgBox("Failed to unlock the account" )

;EndIf

EndIf

Case $msg = $GUI_EVENT_CLOSE

Exit

EndSelect

WEnd

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0