Radsam Posted July 23, 2006 Share Posted July 23, 2006 Does anyone know how to list all of the GROUPS a user is a member of using LDAP? I need to list in a gui what you would see in the Member Of tab in AD. Thanks Link to comment Share on other sites More sharing options...
arcker Posted July 23, 2006 Share Posted July 23, 2006 no problem guy ^^ i'm an expert in ADSI now ok the property memberof is not indexed but you can do two things : you know the ldap path so you do : $tmp=objget("LDAP://youruserldappath") $members=$tmp.getex("memberof") for $member in $members consolewrite($member & @cr) next oÝ÷ ÚØ^¢Ø^¯²ëÊ¢}ý¶IèÂØ^ºÇ«¥«a²¨¹ÚºÚ"µÍÌÍÛØÛXZ[HØÙ] ][ÝÓTËÔÛÝÙI][ÝÊBÌÍÛÛYÛXZ[HH ÌÍÛØÛXZ[Ù] ][ÝÙY][[Z[ØÛÛ^ ][ÝÊBÛØ[ ÌÍÕÙÛXZ[H ÌÍÛÛYÛXZ[BØØ[ ÌÍÛØÛÛ[X[HØÜX]J ][ÝÐQÑÛÛ[X[ ][ÝÊBSØØ[ ÌÍÛØÛÛXÝ[ÛHØÜX]J ][ÝÐQÑÛÛXÝ[Û][ÝÊBIÌÍÛØÛÛXÝ[ÛÝYH ][ÝÐQÑÓÓØXÝ ][ÝÂIÌÍÛØÛÛXÝ[ÛÜ[ ][ÝÐXÝ]HXÝÜHÝY][ÝÊBIÌÍÛØÛÛ[X[XÝ]PÛÛXÝ[ÛH ÌÍÛØÛÛXÝ[ÛSØØ[ ÌÍÜÝÙHH ][ÝÉÓTËÉ][ÝÈ [È ÌÍÕÙÛXZ[ [È ][ÝÉÝÉ][ÝÂSØØ[ ÌÍÜÝ[H ][ÝÊ [ÊØXÝØ]YÛÜOÛÛJI][ÝÂSØØ[ ÌÍÜÝ]X]ÈH ][ÝØÛÐSPXØÛÝ[[YKY[XÙ][ÝÂSØØ[ ÌÍÜÝ]YHH ÌÍÜÝÙH [È ][ÝÎÉ][ÝÈ [È ÌÍÜÝ[ [È ][ÝÎÉ][ÝÈ [È ÌÍÜÝ]X]È [È ][ÝÎÜÝXYI][ÝÂIÌÍÛØÛÛ[X[ÛÛ[X[^H ÌÍÜÝ]YBIÌÍÛØÛÛ[X[ÜYÈ ][ÝÔYÙHÚ^I][ÝÊHHLIÌÍÛØÛÛ[X[ÜYÊ ][ÝÔÛÜÛ][ÝÊHH ][ÝØÛ][ÝÂIÌÍÛØÛÛ[X[ÜYÈ ][ÝÕ[Y[Ý] ][ÝÊHHÌIÌÍÛØÛÛ[X[ÜYÈ ][ÝÐØXÚHÝ[É][ÝÊHH[ÙBIÌÍÐQ×ÔÐÓÔWÔÕPQHHIÌÍÛØÛÛ[X[ÜYÈ ][ÝÜÙXÚØÛÜI][ÝÊHH ÌÍÐQ×ÔÐÓÔWÔÕPQBSØØ[ ÌÍÛØXÛÜÙ]H ÌÍÛØÛÛ[X[^XÝ]BUÚ[HÝ ÌÍÛØXÛÜÙ]SÑBIÌÍÜÝ[YHH ÌÍÛØXÛÜÙ]Y[È ][ÝØÛ][ÝÊK[YBBIÌÍÜÝÓH ÌÍÛØXÛÜÙ]Y[È ][ÝÜÐSPXØÛÝ[[YI][ÝÊK[YBBIÌÍÛY[XÈH ÌÍÛØXÛÜÙ]Y[È ][ÝÛY[XÙ][ÝÊK[YBBYÜ ÌÍÛY[X[ ÌÍÛY[XÂBXÛÛÛÛ]Ü]J ÌÍÛY[X [ÈÜBB[^BIÌÍÛØXÛÜÙ][ÝS^UÑ[ c u and remember that adsi takes time to understand, so don't worry ^^ -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
Radsam Posted July 23, 2006 Author Share Posted July 23, 2006 Thank you arcker, this works great! I used the first example and I was able to list the groups in my app. This is great. Thanks Link to comment Share on other sites More sharing options...
Radsam Posted July 24, 2006 Author Share Posted July 24, 2006 arcker, would you know how to lookup Computer objects? In particular the "Fully qualified domain name of object". It would be nice to lookup other attributes of computers but at least the above item would be a great place to start. Thanks Link to comment Share on other sites More sharing options...
Developers Jos Posted July 24, 2006 Developers Share Posted July 24, 2006 (edited) e.g.: Local $strFilter = "(&(objectCategory=computer)(objectClass=computer)(Name=" & $l_PCName & "*))" Edited July 24, 2006 by JdeB SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
bluebearr Posted July 24, 2006 Share Posted July 24, 2006 arcker, thanks for the example scripts. Respectfully, isn't your COM example for the user missing a filter for the username? Something like changing this: Local $strFilter = "(&(objectCategory=person))" oÝ÷ Ûú®¢×¢Øb±«¢+Ù1½°ÀÌØíÍÑÉ¥±ÑÈôÅÕ½Ðì µÀ졽©Ñ ѽÉäõÁÉͽ¸¤¡9µôÅÕ½ÐìµÀìUÍÉ9µµÀìÅÕ½Ðì¤ÅÕ½Ðì Or am I totally missing something? It looks like your script will return all group names for all users. I don't have a domain that I can test on right now to see. BlueBearrOddly enough, this is what I do for fun. Link to comment Share on other sites More sharing options...
Developers Jos Posted July 24, 2006 Developers Share Posted July 24, 2006 (edited) Or am I totally missing something? It looks like your script will return all group names for all users. I don't have a domain that I can test on right now to see.Correct, It wll return all person records showing the groups for each. Edited July 24, 2006 by JdeB SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Radsam Posted July 24, 2006 Author Share Posted July 24, 2006 Your example works great, however, when I try to lookup other info like "operatingSystemVersion", I get the following error: The requested action with this object has failed.: $strtest = $objRecordSet.Fields ("operatingSystemVersion").value $strtest = $objRecordSet.Fields ("operatingSystemVersion")^ ERROR >AutoIT3.exe ended. Here is the code: (I am entering a valid Domain and PC name for the variables) expandcollapse popup$UserDomain = "some domain" $l_PCName = "some PC name" Dim $Counter Dim $H2_Search Local $objCommand = ObjCreate("ADODB.Command") Local $objConnection = ObjCreate("ADODB.Connection") $objConnection.Provider = "ADsDSOObject" $objConnection.Open ("Active Directory Provider") $objCommand.ActiveConnection = $objConnection Local $strBase = "<LDAP://" & $UserDomain & ">" Local $strFilter = "(&(objectCategory=computer)(objectClass=computer)(Name=" & $l_PCName & "*))" Local $strAttributes = "cn,Name,displayName,sn,distinguishedName" Local $strQuery = $strBase & ";" & $strFilter & ";" & $strAttributes & ";subtree" $objCommand.CommandText = $strQuery $objCommand.Properties ("Page Size") = 100 $objCommand.Properties ("Timeout") = 30 $objCommand.Properties ("Cache Results") = False $ADS_SCOPE_SUBTREE = 2 $objCommand.Properties ("searchscope") = $ADS_SCOPE_SUBTREE Local $objRecordSet = $objCommand.Execute While Not $objRecordSet.EOF $strName = $objRecordSet.Fields ("Name").Value $strCN = $objRecordSet.Fields ("cn").value $strdisplayName = $objRecordSet.Fields ("displayName").value $strSN = $objRecordSet.Fields ("SN").value $strdistinguishedName = $objRecordSet.Fields ("distinguishedName").value $strtest = $objRecordSet.Fields ("operatingSystemVersion").value $Counter = $Counter + 1 If $Counter = 2 Then GUISetState(@SW_SHOW, $H2_Search) If $Counter > 500 Then ExitLoop MsgBox(0,"", $strtest) ConsoleWrite($strName & "|" & $strCN & "|" & $strdistinguishedName & @LF) $objRecordSet.MoveNext WEnd $objConnection.Close $objConnection = "" $objCommand = "" $objRecordSet = "" Link to comment Share on other sites More sharing options...
Developers Jos Posted July 24, 2006 Developers Share Posted July 24, 2006 Your example works great, however, when I try to lookup other info like "operatingSystemVersion", I get the following error: Local $strAttributes = "cn,Name,displayName,sn,distinguishedName" You need to tell your query which fields you want to work with .... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Radsam Posted July 24, 2006 Author Share Posted July 24, 2006 Duh! Posted to quickly. :"> What about the groups the computer is a member of? Would I use something like this? $sMembers = $objRecordSet.getex("memberof") For $sMember in $sMembers $sMember = StringReplace($sMember, "CN=", "") $n1 = StringInStr($sMember, ",") $sMember = StringLeft($sMember, $n1 - 1) $sMemberOf = $sMemberOf & $sMember & "|" Next MsgBox(0,"", $sMemberOf) Link to comment Share on other sites More sharing options...
arcker Posted July 25, 2006 Share Posted July 25, 2006 sorry for the mistakes ^^ i just have pasted some codes without verifying so, computer member of ? i didn't know it is possible ^^ but your script looks good the better way is to test it ^^ @Jdeb, good job man, your _enumusers was my first point of depart now, why did i use objectcategory instead of objectclass too ? the point is on the MSDN. Objectcategory is indexed in ADO, while objectclass not so it is faster to search on category ok, we just gain 1-10 ms in the search, but more, the database less work for the type of request so... sorry i've not seen for the "name" don't use the "name" attribute if possible, because it's return "cn=" use the "cn" attribute, better -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now