Sign in to follow this  
Followers 0
Radsam

LDAP issue

6 posts in this topic

Please help. I am unable to pull the groups that a PC is a member of. I have created the following script but it returns nothing.

Dim $sComputer = "WORKSTATION ID GOES HERE"
Dim $UserDomain = "DOMAIN GOES HERE"
Dim $sLDAP = "LDAP://" & $UserDomain

$objConnection = ObjCreate("ADODB.Connection")
$objCommand = ObjCreate("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection

$objCommand.CommandText = "Select * from '" & $sLDAP &"' Where sAMAccountName='" & $sComputer & "$'"
$objCommand.Properties("Page Size") = 1000
$objRecordSet = $objCommand.Execute

$objRecordSet.MoveFirst

Do 
    $objComputer = ObjGet($objRecordSet.Fields("ADsPath").Value)
    $objMemberOf = $objComputer.GetEx("MemberOf")
    $strGroups = ""
    For $objGroup In $objMemberOf
        $strGroups = $strGroups & StringReplace(StringTrimLeft($objGroup, StringInStr($objGroup, ",") -1), "CN=", "")
        MsgBox(0,"", $strGroups)
    Next
    $objRecordSet.MoveNext
Until $objRecordSet.EOF

Thanks

Radsam

Share this post


Link to post
Share on other sites



can anyone help?

Share this post


Link to post
Share on other sites

I figured it out.

Dim $sComputer = WORKSTATION ID GOES HERE"
Dim $UserDomain = "DOMAIN GOES HERE"
Dim $sLDAP = "LDAP://" & $UserDomain
Dim $objGroup
Dim $n1

$objConnection = ObjCreate("ADODB.Connection")
$objCommand = ObjCreate("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection

$objCommand.CommandText = "Select * from '" & $sLDAP & "' Where sAMAccountName='" & $sComputer & "$'"
$objCommand.Properties("Page Size") = 1000
$objRecordSet = $objCommand.Execute

$objRecordSet.MoveFirst

While Not $objRecordSet.EOF
    $objComputer = ObjGet($objRecordSet.Fields("ADsPath").Value)
    $objMemberOf = $objComputer.GetEx("memberof")
    $strGroups = ""
    For $objGroup In $objMemberOf
        $objGroup = StringReplace($objGroup, "CN=", "")
        $n1 = StringInStr($objGroup, ",")
        $objGroup = StringLeft($objGroup, $n1 - 1)
        $strGroups = $strGroups & @LF & $objGroup       
    Next
    $objRecordSet.MoveNext
    MsgBox(0,"", $strGroups)
WEnd

Share this post


Link to post
Share on other sites

Something like this ?

Dim $sComputer = "WORKSTATION ID GOES HERE"
Dim $UserDomain = "DOMAIN GOES HERE"
Dim $sLDAP = "LDAP://" & $UserDomain

$oMyError = ObjEvent("AutoIt.Error", "ComError")

$objConnection = ObjCreate("ADODB.Connection")
$objCommand = ObjCreate("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection

$objCommand.CommandText = "Select * from '" & $sLDAP &"' Where sAMAccountName='" & $sComputer & "$'"
$objCommand.Properties("Page Size") = 1000
$objRecordSet = $objCommand.Execute

$objRecordSet.MoveFirst

Do 
    $objComputer = ObjGet($objRecordSet.Fields("ADsPath").Value)
    Switch $objComputer.primarygroupid
        Case 513 
            $strGroups = "Domain Users," 
        Case 514 
            $strGroups = "Domain Guests,"
        Case 515 
            $strGroups = "Domain Computers,"
        Case 516 
            $strGroups = "Domain Controllers,"
        Case Else
            $strGroups = "Unknown,"
    EndSwitch
    ConsoleWrite('Primary Groups = ' & $strGroups & @lf )
    ; Check for other Groups
    $objMemberOf = $objComputer.GetEx("MemberOf")
    For $objGroup In $objMemberOf
        $strGroups = $strGroups & StringReplace(StringLeft($objGroup, StringInStr($objGroup, ",") -1), "CN=", "")
        ConsoleWrite('Other Groups = ' & $strGroups & @lf )
    Next
    $objRecordSet.MoveNext
Until $objRecordSet.EOF


;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

can anyone help?

works with a small modification on my system.

$strGroups = $strGroups & StringReplace(StringLeft($objGroup, StringInStr($objGroup, ",") -1), "CN=", "")
oÝ÷ Ù·¢g¬jëh×6        $strGroups = $strGroups & $objGroup & @CRLF

Regarding your string operations: You should check them, as I'm not sure what you want to do....

Regarding the general problem of not getting anything back: Either you have no rights to browse the LDAP directory with the user you are trying it or you did something wrong when you defined the workstation name or domain name.

BTW: I created a computer account "test" and added it to the groups "server" and "power-server". Both groups show up (CN=server,cn=computers,dc=xxxx,dc=com and CN=power-server,...).

EDIT: Did not see your "I figured it out" post...

Cheers

Kurt

Edited by /dev/null

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

Thanks to all that helped...

Cheers

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0