Jump to content

LDAP Attribute Help


Recommended Posts

no problem guy ^^

i'm an expert in ADSI now

ok the property memberof is not indexed but you can do two things :

you know the ldap path so you do :

$tmp=objget("LDAP://youruserldappath")
$members=$tmp.getex("memberof")
for $member in $members
consolewrite($member & @cr)
next

oÝ÷ ÚØ^¢Ø^¯²ëÊ¢}ý¶IèÂØ^ºÇ«¥«a²¨¹ÚºÚ"µÍÌÍÛØÛXZ[HØÙ]
    ][ÝÓTËÔÛÝÙI][ÝÊBÌÍÛÛYÛXZ[HH   ÌÍÛØÛXZ[Ù]
    ][ÝÙY][[Z[ØÛÛ^ ][ÝÊBÛØ[    ÌÍÕÙÛXZ[H  ÌÍÛÛYÛXZ[BØØ[    ÌÍÛØÛÛ[X[HØÜX]J ][ÝÐQÑÛÛ[X[    ][ÝÊBSØØ[   ÌÍÛØÛÛXÝ[ÛHØÜX]J  ][ÝÐQÑÛÛXÝ[Û][ÝÊBIÌÍÛØÛÛXÝ[ÛÝYH   ][ÝÐQÑÓÓØXÝ  ][ÝÂIÌÍÛØÛÛXÝ[ÛÜ[
    ][ÝÐXÝ]HXÝÜHÝY][ÝÊBIÌÍÛØÛÛ[X[XÝ]PÛÛXÝ[ÛH ÌÍÛØÛÛXÝ[ÛSØØ[    ÌÍÜÝÙHH    ][ÝÉÓTËÉ][ÝÈ [È ÌÍÕÙÛXZ[   [È ][ÝÉÝÉ][ÝÂSØØ[  ÌÍÜÝ[H  ][ÝÊ  [ÊØXÝØ]YÛÜOÛÛJI][ÝÂSØØ[ ÌÍÜÝ]X]ÈH  ][ÝØÛÐSPXØÛÝ[[YKY[XÙ][ÝÂSØØ[    ÌÍÜÝ]YHH    ÌÍÜÝÙH [È ][ÝÎÉ][ÝÈ  [È ÌÍÜÝ[   [È ][ÝÎÉ][ÝÈ  [È ÌÍÜÝ]X]È   [È ][ÝÎÜÝXYI][ÝÂIÌÍÛØÛÛ[X[ÛÛ[X[^H    ÌÍÜÝ]YBIÌÍÛØÛÛ[X[ÜYÈ
    ][ÝÔYÙHÚ^I][ÝÊHHLIÌÍÛØÛÛ[X[ÜYÊ    ][ÝÔÛÜÛ][ÝÊHH    ][ÝØÛ][ÝÂIÌÍÛØÛÛ[X[ÜYÈ
    ][ÝÕ[Y[Ý]    ][ÝÊHHÌIÌÍÛØÛÛ[X[ÜYÈ
    ][ÝÐØXÚHÝ[É][ÝÊHH[ÙBIÌÍÐQ×ÔÐÓÔWÔÕPQHHIÌÍÛØÛÛ[X[ÜYÈ
    ][ÝÜÙXÚØÛÜI][ÝÊHH  ÌÍÐQ×ÔÐÓÔWÔÕPQBSØØ[ ÌÍÛØXÛÜÙ]H   ÌÍÛØÛÛ[X[^XÝ]BUÚ[HÝ    ÌÍÛØXÛÜÙ]SÑBIÌÍÜÝ[YHH   ÌÍÛØXÛÜÙ]Y[È
    ][ÝØÛ][ÝÊK[YBBIÌÍÜÝÓH ÌÍÛØXÛÜÙ]Y[È
    ][ÝÜÐSPXØÛÝ[[YI][ÝÊK[YBBIÌÍÛY[XÈH   ÌÍÛØXÛÜÙ]Y[È
    ][ÝÛY[XÙ][ÝÊK[YBBYÜ   ÌÍÛY[X[  ÌÍÛY[XÂBXÛÛÛÛ]Ü]J  ÌÍÛY[X   [ÈÜBB[^BIÌÍÛØXÛÜÙ][ÝS^UÑ[

c u

and remember that adsi takes time to understand, so don't worry ^^

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Link to comment
Share on other sites

arcker, would you know how to lookup Computer objects? In particular the "Fully qualified domain name of object". It would be nice to lookup other attributes of computers but at least the above item would be a great place to start.

Thanks

Link to comment
Share on other sites

  • Developers

e.g.:

Local $strFilter = "(&(objectCategory=computer)(objectClass=computer)(Name=" & $l_PCName & "*))"
Edited by JdeB

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

arcker, thanks for the example scripts. Respectfully, isn't your COM example for the user missing a filter for the username? Something like changing this:

Local $strFilter = "(&(objectCategory=person))"
oÝ÷ Ûú®¢×­¢Øb±«­¢+Ù1½°ÀÌØíÍÑÉ¥±ÑÈôÅÕ½Ðì µÀ졽©Ñ
ѽÉäõÁÉͽ¸¤¡9µôÅÕ½ÐìµÀìUÍÉ9µµÀìÅÕ½Ðì¤ÅÕ½Ðì

Or am I totally missing something? It looks like your script will return all group names for all users. I don't have a domain that I can test on right now to see.

BlueBearrOddly enough, this is what I do for fun.
Link to comment
Share on other sites

  • Developers

Or am I totally missing something? It looks like your script will return all group names for all users. I don't have a domain that I can test on right now to see.

Correct, It wll return all person records showing the groups for each.

:whistle:

Edited by JdeB

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Your example works great, however, when I try to lookup other info like "operatingSystemVersion", I get the following error:

The requested action with this object has failed.: 
$strtest = $objRecordSet.Fields ("operatingSystemVersion").value 
$strtest = $objRecordSet.Fields ("operatingSystemVersion")^ ERROR
>AutoIT3.exe ended.

Here is the code: (I am entering a valid Domain and PC name for the variables)

$UserDomain = "some domain"
$l_PCName = "some PC name"
Dim $Counter
Dim $H2_Search


Local $objCommand = ObjCreate("ADODB.Command")
Local $objConnection = ObjCreate("ADODB.Connection")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection
Local $strBase = "<LDAP://" & $UserDomain & ">"
Local $strFilter = "(&(objectCategory=computer)(objectClass=computer)(Name=" & $l_PCName & "*))"
Local $strAttributes = "cn,Name,displayName,sn,distinguishedName"
Local $strQuery = $strBase & ";" & $strFilter & ";" & $strAttributes & ";subtree"
$objCommand.CommandText = $strQuery
$objCommand.Properties ("Page Size") = 100
$objCommand.Properties ("Timeout") = 30
$objCommand.Properties ("Cache Results") = False
$ADS_SCOPE_SUBTREE = 2
$objCommand.Properties ("searchscope") = $ADS_SCOPE_SUBTREE
Local $objRecordSet = $objCommand.Execute
While Not $objRecordSet.EOF
    $strName = $objRecordSet.Fields ("Name").Value
    $strCN = $objRecordSet.Fields ("cn").value
    $strdisplayName = $objRecordSet.Fields ("displayName").value
    $strSN = $objRecordSet.Fields ("SN").value
    $strdistinguishedName = $objRecordSet.Fields ("distinguishedName").value
    $strtest = $objRecordSet.Fields ("operatingSystemVersion").value
    $Counter = $Counter + 1
    If $Counter = 2 Then GUISetState(@SW_SHOW, $H2_Search)
    If $Counter > 500 Then ExitLoop
    MsgBox(0,"", $strtest)
    ConsoleWrite($strName & "|" & $strCN & "|" & $strdistinguishedName & @LF)
    $objRecordSet.MoveNext
WEnd
$objConnection.Close
$objConnection = ""
$objCommand = ""
$objRecordSet = ""
Link to comment
Share on other sites

  • Developers

Your example works great, however, when I try to lookup other info like "operatingSystemVersion", I get the following error:

Local $strAttributes = "cn,Name,displayName,sn,distinguishedName"
You need to tell your query which fields you want to work with .... :whistle:

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Duh! Posted to quickly. :">

What about the groups the computer is a member of? Would I use something like this?

$sMembers = $objRecordSet.getex("memberof")
For $sMember in $sMembers
    $sMember = StringReplace($sMember, "CN=", "")
    $n1 = StringInStr($sMember, ",")
    $sMember = StringLeft($sMember, $n1 - 1)
    $sMemberOf = $sMemberOf & $sMember & "|"
Next
MsgBox(0,"", $sMemberOf)
Link to comment
Share on other sites

sorry for the mistakes ^^

i just have pasted some codes without verifying

so, computer member of ? i didn't know it is possible ^^

but your script looks good

the better way is to test it ^^

@Jdeb, good job man, your _enumusers was my first point of depart

now, why did i use objectcategory instead of objectclass too ?

the point is on the MSDN. Objectcategory is indexed in ADO, while objectclass not

so it is faster to search on category

ok, we just gain 1-10 ms in the search, but more, the database less work for the type of request

so...

sorry i've not seen for the "name"

don't use the "name" attribute if possible, because it's return "cn="

use the "cn" attribute, better

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...