mcgill Posted July 11, 2006 Share Posted July 11, 2006 Hello, I search the forum for active directory au3 and the articles were helpful. Is there a way I can find out what are all the extensions I can pull from active directory, like to see if an account is locked, username and so forth. I see code like this $UserObj.Department which work no problem when I want to pull that information. But for some reason i use the extension $UserObj.IsAccountLocked it doesn't work. So that is why I want to know all the extensions to active directory. If anyone can help me that would be great. Basically I want to be able to unlock an account in AD by a push of a button but I want to check to see if the account is active or note first. If the account is active then the button is disable. Thanks Link to comment Share on other sites More sharing options...
evilertoaster Posted July 12, 2006 Share Posted July 12, 2006 It may be your provider-http://msdn.microsoft.com/library/default....unt_lockout.aspLDAP doesn't support it i guess... Link to comment Share on other sites More sharing options...
Developers Jos Posted July 12, 2006 Developers Share Posted July 12, 2006 LDAP doesn't support it i guess...It does...Hello, I search the forum for active directory au3 and the articles were helpful. Is there a way I can find out what are all the extensions I can pull from active directory, like to see if an account is locked, username and so forth. I see code like this $UserObj.Department which work no problem when I want to pull that information. But for some reason i use the extension $UserObj.IsAccountLocked it doesn't work. So that is why I want to know all the extensions to active directory. If anyone can help me that would be great. Basically I want to be able to unlock an account in AD by a push of a button but I want to check to see if the account is active or note first. If the account is active then the button is disable. ThanksI am using it and is working fine....Can you show the scriptlet that is giving the issue? SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
mcgill Posted July 18, 2006 Author Share Posted July 18, 2006 What I did is use some code from another person code from active directory to test on my system. Through testing I notice that the command .IsAccountLocked does not work. I tried setting up loops for it to check and it would skip the event. It doesn't cause an error so I am wondering if the wording is correct. I am trying to enable/disable the "account is locked" area in active directory. I am running the latest beta version. Is there a listing of all the areas I can pull from in active directory. I appreaciate your help, thanksAD.au3 Link to comment Share on other sites More sharing options...
Developers Jos Posted July 18, 2006 Developers Share Posted July 18, 2006 What I did is use some code from another person code from active directory to test on my system. Through testing I notice that the command .IsAccountLocked does not work. I tried setting up loops for it to check and it would skip the event. It doesn't cause an error so I am wondering if the wording is correct. I am trying to enable/disable the "account is locked" area in active directory. I am running the latest beta version. Is there a listing of all the areas I can pull from in active directory. I appreaciate your help, thanksHave made several changes in the script and its working for me now... expandcollapse popup; ---------------------------------------------------------------------------- ; ; AutoIt Version: 3.1.0 ; Author: A.N.Other <myemail@nowhere.com> ; ; Script Function: ; Template AutoIt script. ; ; ---------------------------------------------------------------------------- ; Script Start - Add your code below here #include <GUIConstants.au3> #include <Misc.au3> Const $ADS_NAME_INITTYPE_GC = 3 Const $ADS_NAME_TYPE_NT4 = 3 Const $ADS_NAME_TYPE_1779 = 1 Dim $unlock Dim $mgrvalue Dim $mgrsplit Dim $manager Dim $mgr Dim $title Dim $pwdexpires $username = InputBox("Username", "Please input a username:") If @error Then Exit $oMyError = ObjEvent("AutoIt.Error", "ComError") $objRootDSE = ObjGet("LDAP://RootDSE") If @error Then MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain) Else ; DNS domain name. $objTrans = ObjCreate("NameTranslate") $objTrans.Init ($ADS_NAME_INITTYPE_GC, "") $objTrans.Set ($ADS_NAME_TYPE_1779, @LogonDomain) $objTrans.Set ($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & $username) $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779) $UserObj = ObjGet("LDAP://" & $strUserDN) If @error Then MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain) Else Call("Displayinfo") EndIf EndIf $UserObj = "" $oMyError = ObjEvent("AutoIt.Error", "") ;COM Error function Func ComError() If IsObj($oMyError) Then $HexNumber = Hex($oMyError.number, 8) SetError($HexNumber) Else SetError(1) EndIf Return 0 EndFunc ;==>ComError Func Displayinfo() GUICreate("Active Directory Information", 500, 600, 300, 300) GUICtrlCreateLabel("Username: ", 10, 10, 60, 20) GUICtrlCreateLabel("First Name: ", 10, 30, 60, 20) GUICtrlCreateLabel("Last Name: ", 200, 30, 60, 20) GUICtrlCreateLabel("Display Name: ", 10, 50, 100, 20) GUICtrlCreateLabel("Title: ", 10, 70, 100, 20) GUICtrlCreateLabel("Manager: ", 10, 90, 100, 20) GUICtrlCreateLabel("Description: ", 10, 150, 100, 20) GUICtrlCreateLabel("Office: ", 10, 190, 60, 20) GUICtrlCreateLabel("Department: ", 10, 250, 100, 20) GUICtrlCreateLabel("Telephone Number: ", 10, 290, 90, 40) GUICtrlCreateLabel("Mobile Number: ", 10, 320, 100, 20) GUICtrlCreateLabel("Home Number: ", 10, 350, 100, 20) GUICtrlCreateLabel("Email Address: ", 10, 370, 100, 20) GUICtrlCreateLabel("Logon Script: ", 10, 410, 100, 20) GUICtrlCreateLabel("Account:", 10, 430, 100, 20) GUICtrlCreateLabel("Number of bad logon attempts since last reset: ", 310, 420, 120, 40) GUICtrlCreateLabel("Password Last Changed: ", 10, 460, 100, 40) GUICtrlCreateLabel("90 Day Password Expiration: ", 10, 490, 100, 40) GUICtrlCreateLabel("Last Logon: ", 10, 540, 100, 20) $font = "Tahoma" GUISetFont(9, 600, $font) ; will display underlined characters $unlock = GUICtrlCreateButton("UNLOCK Account", 180, 425, 120, 25) GUICtrlSetState($unlock, $Gui_Disable) GUICtrlCreateLabel('' & $username, 100, 10, 100, 20) GUICtrlSetColor(-1, 0x0000CC) ; Blue GUICtrlCreateLabel('' & $UserObj.FirstName, 100, 30, 100, 20) GUICtrlCreateLabel('' & $UserObj.LastName, 300, 30, 100, 20) GUICtrlCreateLabel('' & $UserObj.FullName, 100, 50, 300, 20) GUICtrlCreateLabel('' & $UserObj.Title, 100, 70, 100, 20) $title = GUICtrlRead($title) If $title = 0 Then GUICtrlCreateLabel('', 100, 70, 100, 20) EndIf $mgr = GUICtrlCreateLabel('' & $UserObj.Manager, 100, 90, 400, 70) $mgrvalue = GUICtrlRead($mgr) $mgrsplit = StringSplit("" & $mgrvalue, ",") $manager = StringTrimLeft('' & $mgrsplit[1], 3) GUICtrlCreateLabel('' & $manager, 100, 90, 400, 70) GUICtrlCreateLabel('' & $UserObj.Description, 100, 150, 300, 40) GUICtrlCreateLabel('' & $UserObj.physicalDeliveryOfficeName, 100, 190, 100, 50) GUICtrlCreateLabel('' & $UserObj.Department, 100, 250, 200, 20) GUICtrlCreateLabel('' & $UserObj.TelephoneNumber, 100, 300, 250, 20) GUICtrlCreateLabel('' & $UserObj.TelephoneMobile, 100, 320, 250, 20) GUICtrlCreateLabel('' & $UserObj.TelephoneHome, 120, 350, 250, 20) GUICtrlCreateLabel('' & $UserObj.EmailAddress, 100, 370, 300, 20) GUICtrlCreateLabel('' & $UserObj.LoginScript, 100, 410, 200, 15) $userlocked = GUICtrlCreateLabel("?????", 100, 430, 80, 15) If Not $UserObj.IsAccountLocked Then GUICtrlSetData($userlocked,"NOT Locked") GUICtrlSetBkColor(-1, 0x00ff00);Green Else GUICtrlSetData($userlocked,"Locked") GUICtrlSetBkColor(-1, 0xff0000) ; Red GUICtrlSetState($unlock, $Gui_Enable) EndIf $lastchange = $UserObj.PasswordLastChanged $Date = StringMid($lastchange, 5, 2) & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4) $Time = StringMid($lastchange, 9, 2) & ":" & StringMid($lastchange, 11, 2) & ":" & StringMid($lastchange, 13, 2) GUICtrlCreateLabel($Date & " " & $Time, 100, 460, 150, 20) $pwdexpires = StringMid($lastchange, 5, 2) + 3 & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4) GUICtrlCreateLabel($pwdexpires & ' ' & $Time, 100, 490, 150, 20) $lastlogin = $UserObj.LastLogin $Date = StringMid($lastlogin, 5, 2) & "/" & StringMid($lastlogin, 7, 2) & "/" & StringMid($lastlogin, 1, 4) $Time = StringMid($lastlogin, 9, 2) & ":" & StringMid($lastlogin, 11, 2) & ":" & StringMid($lastlogin, 13, 2) GUICtrlCreateLabel($Date & " " & $Time, 100, 540, 150, 20) $badlogin = GUICtrlCreateLabel("" & $UserObj.BadLoginCount, 430, 430, 20, 15) If GUICtrlRead($badlogin) = 0 Then GUICtrlSetBkColor(-1, 0x00ff00);Green Else GUICtrlSetBkColor(-1, 0xff0000) ; Red EndIf GUISetState() While 1 $msg = GUIGetMsg() Select Case $msg = $unlock If $UserObj.IsAccountLocked Then $UserObj.IsAccountLocked = False $UserObj.SetInfo Sleep(500) If Not $UserObj.IsAccountLocked Then GUICtrlSetData($userlocked,"NOT Locked") GUICtrlSetBkColor($userlocked, 0x00ff00);Green Else GUICtrlSetData($userlocked,"Locked") GUICtrlSetBkColor($userlocked, 0xff0000) ; Red GUICtrlSetState($unlock, $Gui_Enable) EndIf EndIf Case $msg = $GUI_EVENT_CLOSE Exit EndSelect WEnd EndFunc ;==>Displayinfo SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
mcgill Posted July 19, 2006 Author Share Posted July 19, 2006 I tried the application and it did not enable the button to let me unlock an account. Do I have to be logged in as administrator to enable the logged account? This is how I am currently setup........ I log into a machine with my regular account on a machine domain and I log into Active directory with an admin account when I run the program(ie runas on AD). I can tell by the code that it is working cause it is pulling all the information but its not liking .IsAccountLocked. I am running windows 2000. Link to comment Share on other sites More sharing options...
Developers Jos Posted July 19, 2006 Developers Share Posted July 19, 2006 I tried the application and it did not enable the button to let me unlock an account.Do I have to be logged in as administrator to enable the logged account?This is how I am currently setup........I log into a machine with my regular account on a machine domain and I log into Active directory with an admin account when I run the program(ie runas on AD). I can tell by the code that it is working cause it is pulling all the information but its not liking .IsAccountLocked. I am running windows 2000.You will have to run this script with Admin credentials or else it won't work properly... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
mcgill Posted July 19, 2006 Author Share Posted July 19, 2006 I logged in with my admin creditials and ran the script. It does not turn the "NOT LOCKED" field red or enable the guibutton. I know it is working on your side but I can't think why it's not working on my side. Talk about frustrating. Let me know if there is anything else I can try, please , thanks Link to comment Share on other sites More sharing options...
Developers Jos Posted July 19, 2006 Developers Share Posted July 19, 2006 (edited) I logged in with my admin creditials and ran the script. It does not turn the "NOT LOCKED" field red or enable the guibutton. I know it is working on your side but I can't think why it's not working on my side. Talk about frustrating. Let me know if there is anything else I can try, please , thanksThe buton will only be activated,Red and display Locked when the account is locked else it will be diabled,green and display NotLocked.....Not sure I understand how you test ....I tested the following way:Locked a test account by doing a runas a couple of times.Start the scriptIt showed Red/Locked and unlocked the account after clicking the button.. Edited July 19, 2006 by JdeB SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
mcgill Posted July 19, 2006 Author Share Posted July 19, 2006 This is the way I tested: I did a runas and locked up an id Ran the script and tool gui displays the same way as not being locked except the color turns red for how many attempts were made. I am running windows 2000 service pack 4 Link to comment Share on other sites More sharing options...
Developers Jos Posted July 19, 2006 Developers Share Posted July 19, 2006 This is the way I tested: I did a runas and locked up an id Ran the script and tool gui displays the same way as not being locked except the color turns red for how many attempts were made. I am running windows 2000 service pack 4I made some more changes to the GUI ... see if thats what you want: expandcollapse popup; ---------------------------------------------------------------------------- ; ; AutoIt Version: 3.1.0 ; Author: A.N.Other <myemail@nowhere.com> ; ; Script Function: ; Template AutoIt script. ; ; ---------------------------------------------------------------------------- ; Script Start - Add your code below here #include <GUIConstants.au3> #include <Misc.au3> Const $ADS_NAME_INITTYPE_GC = 3 Const $ADS_NAME_TYPE_NT4 = 3 Const $ADS_NAME_TYPE_1779 = 1 Dim $unlock Dim $mgrvalue Dim $mgrsplit Dim $manager Dim $mgr Dim $title Dim $pwdexpires $username = InputBox("Username", "Please input a username:") If @error Then Exit $oMyError = ObjEvent("AutoIt.Error", "ComError") $objRootDSE = ObjGet("LDAP://RootDSE") If @error Then MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain) Else ; DNS domain name. $objTrans = ObjCreate("NameTranslate") $objTrans.Init ($ADS_NAME_INITTYPE_GC, "") $objTrans.Set ($ADS_NAME_TYPE_1779, @LogonDomain) $objTrans.Set ($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & $username) $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779) $UserObj = ObjGet("LDAP://" & $strUserDN) If @error Then MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain) Else Call("Displayinfo") EndIf EndIf $UserObj = "" $oMyError = ObjEvent("AutoIt.Error", "") ;COM Error function Func ComError() If IsObj($oMyError) Then $HexNumber = Hex($oMyError.number, 8) SetError($HexNumber) Else SetError(1) EndIf Return 0 EndFunc ;==>ComError Func Displayinfo() GUICreate("Active Directory Information", 500, 600, 300, 300) GUICtrlCreateLabel("Username: ", 10, 10, 60, 20) GUICtrlCreateLabel("First Name: ", 10, 30, 60, 20) GUICtrlCreateLabel("Last Name: ", 200, 30, 60, 20) GUICtrlCreateLabel("Display Name: ", 10, 50, 100, 20) GUICtrlCreateLabel("Title: ", 10, 70, 100, 20) GUICtrlCreateLabel("Manager: ", 10, 90, 100, 20) GUICtrlCreateLabel("Description: ", 10, 150, 100, 20) GUICtrlCreateLabel("Office: ", 10, 190, 60, 20) GUICtrlCreateLabel("Department: ", 10, 250, 100, 20) GUICtrlCreateLabel("Telephone Number: ", 10, 290, 90, 40) GUICtrlCreateLabel("Mobile Number: ", 10, 320, 100, 20) GUICtrlCreateLabel("Home Number: ", 10, 350, 100, 20) GUICtrlCreateLabel("Email Address: ", 10, 370, 100, 20) GUICtrlCreateLabel("Logon Script: ", 10, 410, 100, 20) GUICtrlCreateLabel("Account:", 10, 430, 100, 20) GUICtrlCreateLabel("Number of bad logon attempts since last reset: ", 310, 420, 120, 40) GUICtrlCreateLabel("Password Last Changed: ", 10, 460, 100, 40) GUICtrlCreateLabel("90 Day Password Expiration: ", 10, 490, 100, 40) GUICtrlCreateLabel("Last Logon: ", 10, 540, 100, 20) $font = "Tahoma" GUISetFont(9, 600, $font) ; will display underlined characters $unlock = GUICtrlCreateButton("UNLOCK Account", 180, 425, 120, 25) GUICtrlSetState($unlock, $Gui_Disable) GUICtrlCreateLabel('' & $username, 100, 10, 100, 20) GUICtrlSetColor(-1, 0x0000CC) ; Blue GUICtrlCreateLabel('' & $UserObj.FirstName, 100, 30, 100, 20) GUICtrlCreateLabel('' & $UserObj.LastName, 300, 30, 100, 20) GUICtrlCreateLabel('' & $UserObj.FullName, 100, 50, 300, 20) GUICtrlCreateLabel('' & $UserObj.Title, 100, 70, 100, 20) $title = GUICtrlRead($title) If $title = 0 Then GUICtrlCreateLabel('', 100, 70, 100, 20) EndIf $mgr = GUICtrlCreateLabel('' & $UserObj.Manager, 100, 90, 400, 70) $mgrvalue = GUICtrlRead($mgr) $mgrsplit = StringSplit("" & $mgrvalue, ",") $manager = StringTrimLeft('' & $mgrsplit[1], 3) GUICtrlCreateLabel('' & $manager, 100, 90, 400, 70) GUICtrlCreateLabel('' & $UserObj.Description, 100, 150, 300, 40) GUICtrlCreateLabel('' & $UserObj.physicalDeliveryOfficeName, 100, 190, 100, 50) GUICtrlCreateLabel('' & $UserObj.Department, 100, 250, 200, 20) GUICtrlCreateLabel('' & $UserObj.TelephoneNumber, 100, 300, 250, 20) GUICtrlCreateLabel('' & $UserObj.TelephoneMobile, 100, 320, 250, 20) GUICtrlCreateLabel('' & $UserObj.TelephoneHome, 120, 350, 250, 20) GUICtrlCreateLabel('' & $UserObj.EmailAddress, 100, 370, 300, 20) GUICtrlCreateLabel('' & $UserObj.LoginScript, 100, 410, 200, 15) $userlocked = GUICtrlCreateLabel("?????", 100, 430, 80, 15) If Not $UserObj.IsAccountLocked Then GUICtrlSetData($userlocked,"NOT Locked") GUICtrlSetBkColor($userlocked, 0x00ff00);Green GUICtrlSetState($unlock, $Gui_Disable) Else GUICtrlSetData($userlocked,"Locked") GUICtrlSetBkColor($userlocked, 0xff0000) ; Red GUICtrlSetState($unlock, $Gui_Enable) EndIf $lastchange = $UserObj.PasswordLastChanged $Date = StringMid($lastchange, 5, 2) & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4) $Time = StringMid($lastchange, 9, 2) & ":" & StringMid($lastchange, 11, 2) & ":" & StringMid($lastchange, 13, 2) GUICtrlCreateLabel($Date & " " & $Time, 100, 460, 150, 20) $pwdexpires = StringMid($lastchange, 5, 2) + 3 & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4) GUICtrlCreateLabel($pwdexpires & ' ' & $Time, 100, 490, 150, 20) $lastlogin = $UserObj.LastLogin $Date = StringMid($lastlogin, 5, 2) & "/" & StringMid($lastlogin, 7, 2) & "/" & StringMid($lastlogin, 1, 4) $Time = StringMid($lastlogin, 9, 2) & ":" & StringMid($lastlogin, 11, 2) & ":" & StringMid($lastlogin, 13, 2) GUICtrlCreateLabel($Date & " " & $Time, 100, 540, 150, 20) $badlogin = GUICtrlCreateLabel("" & $UserObj.BadLoginCount, 430, 430, 20, 15) If GUICtrlRead($badlogin) = 0 Then GUICtrlSetBkColor(-1, 0x00ff00);Green Else GUICtrlSetBkColor(-1, 0xff0000) ; Red EndIf GUISetState() While 1 $msg = GUIGetMsg() Select Case $msg = $unlock If $UserObj.IsAccountLocked Then $UserObj.IsAccountLocked = False $UserObj.SetInfo Sleep(500) If Not $UserObj.IsAccountLocked Then GUICtrlSetData($userlocked,"NOT Locked") GUICtrlSetBkColor($userlocked, 0x00ff00);Green GUICtrlSetState($unlock, $Gui_Disable) Else GUICtrlSetData($userlocked,"Locked") GUICtrlSetBkColor($userlocked, 0xff0000) ; Red GUICtrlSetState($unlock, $Gui_Enable) EndIf GUICtrlSetData($badlogin,$UserObj.BadLoginCount) If GUICtrlRead($badlogin) = 0 Then GUICtrlSetBkColor(-1, 0x00ff00);Green Else GUICtrlSetBkColor(-1, 0xff0000) ; Red EndIf EndIf Case $msg = $GUI_EVENT_CLOSE Exit EndSelect WEnd EndFunc ;==>Displayinfo SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
mcgill Posted July 19, 2006 Author Share Posted July 19, 2006 Tested with updated code and no change. Does the .IsAccountLocked read as a variable when it is checked or not checked? When I run the code and the account is locked it still goes into the first loop in the if statement even though it is locked. If Not $UserObj.IsAccountLocked Then GUICtrlSetData($userlocked,"NOT Locked") GUICtrlSetBkColor($userlocked, 0x00ff00);Green GUICtrlSetState($unlock, $Gui_Disable) Else GUICtrlSetData($userlocked,"Locked") GUICtrlSetBkColor($userlocked, 0xff0000) ; Red GUICtrlSetState($unlock, $Gui_Enable) EndIf Link to comment Share on other sites More sharing options...
Developers Jos Posted July 19, 2006 Developers Share Posted July 19, 2006 (edited) Tested with updated code and no change. Does the .IsAccountLocked read as a variable when it is checked or not checked? When I run the code and the account is locked it still goes into the first loop in the if statement even though it is locked. If Not $UserObj.IsAccountLocked Then GUICtrlSetData($userlocked,"NOT Locked") GUICtrlSetBkColor($userlocked, 0x00ff00);Green GUICtrlSetState($unlock, $Gui_Disable) Else GUICtrlSetData($userlocked,"Locked") GUICtrlSetBkColor($userlocked, 0xff0000) ; Red GUICtrlSetState($unlock, $Gui_Enable) EndIfMaybe you can add a ConsoleWrite() to the ComErrorHandler to see if the $UserObj.IsAccountLocked is giving an error for you..... Edited July 19, 2006 by JdeB SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
joshiieeii Posted July 19, 2006 Share Posted July 19, 2006 (edited) From my experience with this tool, as I helped author it, it take roughly 10- 15 minutes for LDAP to recognize that the account is unlocked. If you go into the AD users and computers tool, it will show unlocked. I updated my AD helper in my signature Edited July 19, 2006 by joshiieeii Projects:Vista Gui ImageX Deployment Tool - CompletedActive Directory Helper - CompletedGlobalized Outlook and OWA Signature Project - Completed Link to comment Share on other sites More sharing options...
Developers Jos Posted July 19, 2006 Developers Share Posted July 19, 2006 From my experience with this tool, as I helped author it, it take roughly 10- 15 minutes for LDAP to recognize that the account is unlocked. If you go into the AD users and computers tool, it will show unlocked.That really shouldn't be the case unless you are pointing to different DC's and they still need to replicate the info arround. Thats is the only time i see differences .I use a MS tool to list the status of a User on all DC's in a domain called: LockoutStatus.exe SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
joshiieeii Posted July 19, 2006 Share Posted July 19, 2006 That really shouldn't be the case unless you are pointing to different DC's and they still need to replicate the info arround. Thats is the only time i see differences .I use a MS tool to list the status of a User on all DC's in a domain called: LockoutStatus.exeThat could be the case in my situation then, when I actually got the chance to try it, I remember that it still showed up as locked for atleast 5 minutes. I have about 8 DC's so that may account for the delay. *shrugs* Projects:Vista Gui ImageX Deployment Tool - CompletedActive Directory Helper - CompletedGlobalized Outlook and OWA Signature Project - Completed Link to comment Share on other sites More sharing options...
mcgill Posted July 20, 2006 Author Share Posted July 20, 2006 First of all I would like to say thanks for all help so far with helping me. I have done some testing with LDAP and WinNT. When I use WinNT and check for an account being locked I am able to detect it and unlock an account with a push of a button. When I try to do it with LDAP it doesn't work. So I tested to see what .IsAccountLocked variable was, I found with LDAP it is always 0, the number doesn't change if its locked or unlocked. But if I use WinNT the .IsAccountLocked variable changes and it works. I heard that LDAP is much better so thats why I want to get it working with LDAP. The only problem with WinNT is I am not able to pull the same information from AD. Any ideas? These are the ones I could pull from WinNT: .FullName .Description .LoginScript These are the ones I could not pull from WinNT: .FirstName .LastName .Title .physicalDeliveryOfficeName .department .TelephoneNumber .TelephoneMobile .TelephoneHome .EmailAddress Link to comment Share on other sites More sharing options...
powaking Posted July 21, 2006 Share Posted July 21, 2006 First of all I would like to say thanks for all help so far with helping me.I have done some testing with LDAP and WinNT. When I use WinNT and check for an account being locked I am able to detect it and unlock an account with a push of a button. When I try to do it with LDAP it doesn't work. So I tested to see what .IsAccountLocked variable was, I found with LDAP it is always 0, the number doesn't change if its locked or unlocked. But if I use WinNT the .IsAccountLocked variable changes and it works. I heard that LDAP is much better so thats why I want to get it working with LDAP. The only problem with WinNT is I am not able to pull the same information from AD. Any ideas?These are the ones I could pull from WinNT:.FullName.Description.LoginScriptThese are the ones I could not pull from WinNT:.FirstName.LastName.Title.physicalDeliveryOfficeName.department.TelephoneNumber.TelephoneMobile.TelephoneHome.EmailAddressAnyway to get Global Group Membership lists using this method? Link to comment Share on other sites More sharing options...
mcgill Posted July 21, 2006 Author Share Posted July 21, 2006 Here is my code which is detected the account being locked. But certain extensions of AD are not working.. ; Script Start - Add your code below here #include <GuiConstants.au3> #include <Misc.au3> ; Init objects $UserName = 'amcgill' $oMyError = ObjEvent("AutoIt.Error","MyErrFunc") ; Install a custom error handler $strDomain = @LogonDomain $strComputer = @UserName ;@ComputerName $Userobj= ObjGet("WinNT://" & $strDomain & "/" & $strComputer) ;& " ,user") GUICreate("Active Directory Information", 325, 300, 300, 300) GUICtrlCreateLabel("Username: ", 10, 10, 90, 20) GUICtrlCreateLabel("Full Name: ", 10, 30, 90, 20) GUICtrlCreateLabel("Description: ", 10, 50, 90, 20) GUICtrlCreateLabel("Office: ", 10, 70, 90, 20) GUICtrlCreateLabel("?????: ", 10, 90, 90, 20) GUICtrlCreateLabel("Department: ", 10, 110, 90, 20) GUICtrlCreateLabel("Telephone#: ", 10, 130, 90, 20) GUICtrlCreateLabel("Mobile#: ", 10, 150, 90, 20) GUICtrlCreateLabel("Home#: ", 10, 170, 90, 20) GUICtrlCreateLabel("Email Address: ", 10, 190, 90, 20) GUICtrlCreateLabel("Login Script: ", 10, 210, 90, 20) $unlock = GUICtrlCreateButton("UNLOCK Account", 200, 80, 100 , 20) GUICtrlCreateLabel('' & $strComputer, 100, 10, 300, 20) ; GUICtrlCreateLabel('' & $Userobj.FullName, 100, 30, 300, 20) ;Display Name GUICtrlCreateLabel('' & $Userobj.Description, 100, 50, 300, 20) ;Description ;GUICtrlCreateLabel('' & $Userobj.Title, 100, 70, 300, 20) ;GUICtrlCreateLabel('' & $Userobj.physicalDeliveryOfficeName, 100, 90, 300, 20) ;GUICtrlCreateLabel('' & $Userobj.Department, 100, 110, 300, 20) ;GUICtrlCreateLabel('' & $Userobj.TelephoneNumber, 100, 130, 300, 20) ;GUICtrlCreateLabel('' & $Userobj.TelephoneMobile, 100, 150, 300, 20) ;GUICtrlCreateLabel('' & $Userobj.TelephoneHome, 100, 170, 300, 20) ;GUICtrlCreateLabel('' & $Userobj.EmailAddress, 100, 190, 300, 20) GUICtrlCreateLabel('' & $Userobj.LoginScript, 100, 210, 300, 20) $userlocked = GUICtrlCreateLabel ("??????", 200, 110, 100, 20) If $Userobj.IsAccountLocked = 0 Then GUICtrlSetData($userlocked, "NOT Locked") GUICtrlSetBkColor($userlocked, 0x00ff00) ;Green GUICtrlSetState($unlock, $Gui_Disable) Else GUICtrlSetData($userlocked, "Locked") GUICtrlSetBkColor($userlocked, 0xff0000) ;Red GUICtrlSetState($unlock, $Gui_Enable) EndIf GUISetState() While 1 $msg = GUIGetMsg() Select Case $msg = $unlock If $Userobj.IsAccountLocked = 0 Then MsgBox (0,"Account Not Locked", "The Account is not locked") Else $Userobj.IsAccountLocked = 0 GUICtrlSetData($userlocked, "NOT Locked") GUICtrlSetBkColor($userlocked, 0x00ff00) ;Green GUICtrlSetState($unlock, $Gui_Disable) $Userobj.SetInfo ;If err.number = 0 Then MsgBox(0, "Account Unlocked", "The Account was unlocked successfully") ;Else ; MsgBox("Failed to unlock the account" ) ;EndIf EndIf Case $msg = $GUI_EVENT_CLOSE Exit EndSelect WEnd Link to comment Share on other sites More sharing options...
Developers Jos Posted July 21, 2006 Developers Share Posted July 21, 2006 try : $Userobj.get("FieldName") for those fields and see if that works .. SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now