Jump to content

Active Directory Scripts


Johny Clelland
 Share

Recommended Posts

Hi all! I am new here and have some troubles with English. I've got strange error when JUST try include au3 file called "Adfunctions" in my script. For example

CODE
#include<Adfunctions.au3>

MsgBox(4096, "Test", "This box will time out in 10 seconds", 10)

>"C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe" /run /prod /ErrorStdOut /in "C:\Users\my.au3" /autoit3dir "C:\Program Files\AutoIt3" /UserParams

+> Starting AutoIt3Wrapper v.1.7.3

! *** AU3CHECK Error: *** Skipping AU3Check: C:\Program Files\AutoIt3\au3check.exe Not Found !

>Running:(3.1.1.0):C:\Program Files\AutoIt3\autoit3.exe "C:\Users\my.au3"

C:\Program Files\AutoIt3\Include\Adfunctions.au3 (135) : ==> Unable to parse line.:

$objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the user

$objRecordSet = $objConnection.E^ ERROR

->AutoIT3.exe ended.rc:1

>Exit code: 1 Time: 1.244

Edited by asUwant
Link to comment
Share on other sites

Ok,

I managed to find the downloads :) .

I played around with differnet functions. Unfortunately I cannot get delete a group object using function _ADDeleteObject(<groupname>). How can I find the error itself? Looking at other ADSI scripts and e.g. adsi scriptomatic they use code like this:

strContainer = ""
strName = "EzAdGroup"

'***********************************************
'*       Connect to a container           *
'***********************************************
Set objRootDSE = GetObject("LDAP://rootDSE")
If strContainer = "" Then
  Set objContainer = GetObject("LDAP://" & _
    objRootDSE.Get("defaultNamingContext"))
Else
  Set objContainer = GetObject("LDAP://" & strContainer & "," & _
    objRootDSE.Get("defaultNamingContext"))
End If
'***********************************************
'*     End connect to a container           *
'***********************************************

objContainer.Delete "group", "cn=" & strName

Especially .Delete has two options. Is that a required difference compared to adfunctions.au3 code?

Thanks

---egonle

PS: Would you add a function to copy users from templates?

I have attached the latest version of the ADFunction.au3 file. There are a couple of things that have changed (most notably the return array from GetUserGroups) and a few new functions.

You are correct that the .delete function requires a 'type' and a 'name'. The function in the current version looks like this;

; _ADDeleteObject

; $object = SamAccountName of object to delete. Returns 0 if object doesn't exist, otherwise Returns 1

Func _ADDeleteObject($ou, $object, $type)

$objcn = "CN=" & StringReplace($object, ",", "\,")

$ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $ou)

$objOU.Delete ($type, $objcn)

Return 1

EndFunc ;==>_ADDeleteObject

This allows the deletion of groups, using a $type="group". It should also work for users, contacts and other categories of object, but I haven't tested this.

Hope this helps.

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

This is great work!

Except that I'm running into a problem when including adfunctions.au3 in a script:

When running an AutoIt script in AutoIt v3.2.2.0 with

#include <GUIConstants.au3>

#include <adfunctions.au3>

The following error message appears:

E:\Apps\AutoIt-v3.2.2.0\Include\adfunctions.au3 (78) : ==> Variable must be of type "Object".:

Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext")

Global $strDNSDomain = $objRootDSE^ ERROR

Does anyone else have this problem?

Also I could use a function to add one group as a member of another group.

Link to comment
Share on other sites

  • 2 weeks later...

Hi all. very nice script! my login script used to call a vb script to do all those AD queries. Never really had time to code it in autoit.

One thing I'm wondering: with my vb script I was able to modify it a bit to get the Recursive group list of a Computer object.

So when my login script start I can perform action based on the group membership of the user and the computer. Best example of this use is if a user log in computer A he will have Printer A connected, but if he login to computer B he should have printer B connected, because there are not at the same place.

Just an idea: adding a func to return the group membership of a computer.

Link to comment
Share on other sites

  • 2 weeks later...

Hi all. very nice script! my login script used to call a vb script to do all those AD queries. Never really had time to code it in autoit.

One thing I'm wondering: with my vb script I was able to modify it a bit to get the Recursive group list of a Computer object.

So when my login script start I can perform action based on the group membership of the user and the computer. Best example of this use is if a user log in computer A he will have Printer A connected, but if he login to computer B he should have printer B connected, because there are not at the same place.

Just an idea: adding a func to return the group membership of a computer.

This is my first time trying to use the ADFunctions.au3. It's nice however how do you pass admin credentials into the functions. Runasset does not work to pass the credentials or either I'm not using it right with the ADFunctions. Has someone used the ADFunctions with domain admin rights? I need to be able to do this if I am using an account that doesn't belong to a group with admin rights.

Thanks in advance.

Edited by EndFunc
EndFuncAutoIt is the shiznit. I love it.
Link to comment
Share on other sites

little fix to _ADIsMemberOf:

If you try to check a group and the group don't exist, you end up with a object error like this:

C:\test.au3 (28) : ==> Variable must be of type "Object".: 
$ismember = $objgroup.IsMember ("LDAP://" & $strHostServer & "/" & _ADSamAccountNameToFQDN($user)) 
$ismember = $objgroup^ ERROR

to fix this change the function to:

Func _ADIsMemberOf($group, $user)
    $ObjGroup = ObjGet("LDAP://" & $strHostServer & "/" & _ADSamAccountNameToFQDN($group))
    ;check if there is and object to check, else return 0 as the group does not exist
    If IsObj($objgroup) Then
        $ismember = $objgroup.IsMember ("LDAP://" & $strHostServer & "/" & _ADSamAccountNameToFQDN($user))
        Return -$ismember
    Else
        Return 0
    EndIf
EndFunc   ;==>_ADIsMemberOf

 -

Link to comment
Share on other sites

I need to be able to search AD with either a "displayName" or "sAMAccountName".

The idea is a user will type into an input field either of the above names and click a search button. The rest of my script finds either the "displayName" or "sAMAccountName" in AD and returns various attributes of the object.

I know how to search AD with the "sAMAccountName", but can someone give me an example of how to do so with the "displayName".

Link to comment
Share on other sites

  • 4 weeks later...

I am getting an error on line 78 from adfunctions.au3

Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext")
Global $strDNSDomain = $objRootDSE^ ERROR

Error: Variable must be of type "Object".

Now granted, the machine I'm running it on is not part of a domain but I will eventually be running this from PE so it won't run from a domain anyway.

Any ideas guys?

THANKS!

-Redfive

Link to comment
Share on other sites

I am getting an error on line 78 from adfunctions.au3

Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext")
Global $strDNSDomain = $objRootDSE^ ERROR

Error: Variable must be of type "Object".

Now granted, the machine I'm running it on is not part of a domain but I will eventually be running this from PE so it won't run from a domain anyway.

Any ideas guys?

THANKS!

-Redfive

Link to comment
Share on other sites

  • 2 weeks later...

Johny:

Since I've downloaded the most current version of adfunctions.au3, I've started getting 'Object referenced outside a "With" statement' errors. I'm not sure if my implementation of your "_ADGetGroupMembers" UDF is flawed or if something else is going on. Any help would be appreciated.

#include <Array.au3>
#include <File.au3>
#include <adfunctions.au3>

$TextFile = ""
$Members = ""

While 1
    $GroupName = InputBox("Group Name", "Enter the Active Directory Group name")
    If @error <> 0 Then
        Exit
    Else
        If $GroupName <> "" Then
            ExitLoop
        EndIf
    EndIf
WEnd

$TextFile = $GroupName & ".txt"

If _ADGetGroupMembers($Members, $GroupName, 0) == 1 Then
    _FileWriteFromArray($TextFile, $members)
Else
    MsgBox(4096,"Error", "The group specified doesn't exist.")
EndIf
Link to comment
Share on other sites

I'd just like to praise you since you made the creation of standard-signatures so much easier for me. :(

Got about 380 email-accounts here, so I thought it'd be a pain in the *** but thanks to you reading out names & numbers and all that stuff went great...

:shocked:

Link to comment
Share on other sites

I am getting an error on line 78 from adfunctions.au3

Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext")
Global $strDNSDomain = $objRootDSE^ ERROR

Error: Variable must be of type "Object".

Now granted, the machine I'm running it on is not part of a domain but I will eventually be running this from PE so it won't run from a domain anyway.

Any ideas guys?

THANKS!

-Redfive

It must be part of a domain for it to work. That's why it's called ADFuntions, you will get that type of error if its not.
EndFuncAutoIt is the shiznit. I love it.
Link to comment
Share on other sites

Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext")
Global $strDNSDomain = $objRootDSE^ ERROR

Error: Variable must be of type "Object".

It must be part of a domain for it to work. That's why it's called ADFuntions, you will get that type of error if its not.

My machine is member of a domain and i will get the same error when i log on with the local administrator account.

Edited by FeReNGi
Link to comment
Share on other sites

  • 1 month later...

I need to download a CRL (Certificate Revocation List) from my LDAP (SunONE Directory Server v. 5.2).

The code below doesn't work:

Dim $objConnection, $oUsr,$crl
    
    $objConnection = ObjCreate("ADODB.Connection")  ; Create COM object to AD
    $objConnection.Provider = "ADsDSOObject"
    $objConnection.Open ("Active Directory Provider")  ; Open connection to AD
    $strQuery = "<LDAP://**.*.***.**/c=**/o=****/ou=***/cn=***>;objectClass=*);certificaterevocationlist;binary;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the logged on user
    if $objRecordSet.eof then
        MsgBox(0,"Error","EOF")
    Else
        $crl = $objRecordSet.fields(0).value
    EndIf

Any help?

Thanks in advance

Peppe

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...