LDAP issue

Radsam · November 19, 2006

Please help. I am unable to pull the groups that a PC is a member of. I have created the following script but it returns nothing.

Dim $sComputer = "WORKSTATION ID GOES HERE"
Dim $UserDomain = "DOMAIN GOES HERE"
Dim $sLDAP = "LDAP://" & $UserDomain

$objConnection = ObjCreate("ADODB.Connection")
$objCommand = ObjCreate("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection

$objCommand.CommandText = "Select * from '" & $sLDAP &"' Where sAMAccountName='" & $sComputer & "$'"
$objCommand.Properties("Page Size") = 1000
$objRecordSet = $objCommand.Execute

$objRecordSet.MoveFirst

Do 
    $objComputer = ObjGet($objRecordSet.Fields("ADsPath").Value)
    $objMemberOf = $objComputer.GetEx("MemberOf")
    $strGroups = ""
    For $objGroup In $objMemberOf
        $strGroups = $strGroups & StringReplace(StringTrimLeft($objGroup, StringInStr($objGroup, ",") -1), "CN=", "")
        MsgBox(0,"", $strGroups)
    Next
    $objRecordSet.MoveNext
Until $objRecordSet.EOF

Thanks

Radsam

Radsam · November 20, 2006

can anyone help?

Radsam · November 20, 2006

I figured it out.

Dim $sComputer = WORKSTATION ID GOES HERE"
Dim $UserDomain = "DOMAIN GOES HERE"
Dim $sLDAP = "LDAP://" & $UserDomain
Dim $objGroup
Dim $n1

$objConnection = ObjCreate("ADODB.Connection")
$objCommand = ObjCreate("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection

$objCommand.CommandText = "Select * from '" & $sLDAP & "' Where sAMAccountName='" & $sComputer & "$'"
$objCommand.Properties("Page Size") = 1000
$objRecordSet = $objCommand.Execute

$objRecordSet.MoveFirst

While Not $objRecordSet.EOF
    $objComputer = ObjGet($objRecordSet.Fields("ADsPath").Value)
    $objMemberOf = $objComputer.GetEx("memberof")
    $strGroups = ""
    For $objGroup In $objMemberOf
        $objGroup = StringReplace($objGroup, "CN=", "")
        $n1 = StringInStr($objGroup, ",")
        $objGroup = StringLeft($objGroup, $n1 - 1)
        $strGroups = $strGroups & @LF & $objGroup       
    Next
    $objRecordSet.MoveNext
    MsgBox(0,"", $strGroups)
WEnd

Jos · November 20, 2006

Something like this ?

Dim $sComputer = "WORKSTATION ID GOES HERE"
Dim $UserDomain = "DOMAIN GOES HERE"
Dim $sLDAP = "LDAP://" & $UserDomain

$oMyError = ObjEvent("AutoIt.Error", "ComError")

$objConnection = ObjCreate("ADODB.Connection")
$objCommand = ObjCreate("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection

$objCommand.CommandText = "Select * from '" & $sLDAP &"' Where sAMAccountName='" & $sComputer & "$'"
$objCommand.Properties("Page Size") = 1000
$objRecordSet = $objCommand.Execute

$objRecordSet.MoveFirst

Do 
    $objComputer = ObjGet($objRecordSet.Fields("ADsPath").Value)
    Switch $objComputer.primarygroupid
        Case 513 
            $strGroups = "Domain Users," 
        Case 514 
            $strGroups = "Domain Guests,"
        Case 515 
            $strGroups = "Domain Computers,"
        Case 516 
            $strGroups = "Domain Controllers,"
        Case Else
            $strGroups = "Unknown,"
    EndSwitch
    ConsoleWrite('Primary Groups = ' & $strGroups & @lf )
    ; Check for other Groups
    $objMemberOf = $objComputer.GetEx("MemberOf")
    For $objGroup In $objMemberOf
        $strGroups = $strGroups & StringReplace(StringLeft($objGroup, StringInStr($objGroup, ",") -1), "CN=", "")
        ConsoleWrite('Other Groups = ' & $strGroups & @lf )
    Next
    $objRecordSet.MoveNext
Until $objRecordSet.EOF


;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError

/dev/null · November 20, 2006

can anyone help?

works with a small modification on my system.

$strGroups = $strGroups & StringReplace(StringLeft($objGroup, StringInStr($objGroup, ",") -1), "CN=", "")
oÝ÷ Ù·¢g¬jëh×6        $strGroups = $strGroups & $objGroup & @CRLF

Regarding your string operations: You should check them, as I'm not sure what you want to do....

Regarding the general problem of not getting anything back: Either you have no rights to browse the LDAP directory with the user you are trying it or you did something wrong when you defined the workstation name or domain name.

BTW: I created a computer account "test" and added it to the groups "server" and "power-server". Both groups show up (CN=server,cn=computers,dc=xxxx,dc=com and CN=power-server,...).

EDIT: Did not see your "I figured it out" post...

Cheers

Kurt

Edited November 20, 2006 by /dev/null

Radsam · November 20, 2006

Thanks to all that helped...

Cheers

Sign In

LDAP issue

Recommended Posts

Radsam

Link to comment

Share on other sites

Radsam

Link to comment

Share on other sites

Radsam

Link to comment

Share on other sites

Jos

Link to comment

Share on other sites

/dev/null

Link to comment

Share on other sites

Radsam

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta