Jump to content

Active Directory Scripts


Johny Clelland
 Share

Recommended Posts

Don't know where to post it, so I'll put it here:

This is a sample to find out which accounts are disabled at the moment. I'm sure it's not the straightest way to do it, I just did a copy and paste and added four lines. You can easily find them, since they look kina ugly... :whistle:

#include 'adfunctions.au3'

Dim $objConnection, $objRootDSE, $objRecordSet, $arrContainers, $garrContainers

$objConnection = ObjCreate("ADODB.Connection")  ; Create COM object to AD
$objCommand = ObjCreate("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")  ; Open connection to AD
$objCommand.ActiveConnection = $objConnection
$objCommand.Properties ("Page Size") = 1000
$objCommand.Properties ("Searchscope") = 2
$objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext")  ; Retrieve the current AD domain name
$Domain=StringSplit($strDNSDomain, '=')
$Domain=StringTrimRight($Domain[2], 3)

_ADGetObjectsInOU ($arrContainers, $strDNSDomain, "objectclass='organizationalPerson'", 2)

Const $ADS_NAME_INITTYPE_GC = 3
Const $ADS_NAME_TYPE_NT4 = 3
Const $ADS_NAME_TYPE_1779 = 1
$objTrans = ObjCreate("NameTranslate")
$objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
$objTrans.Set ($ADS_NAME_TYPE_1779, $Domain)

For $c = 1 To UBound($arrContainers) - 1
    $objTrans.Set ($ADS_NAME_TYPE_NT4, $Domain & '\' & $arrContainers[$c])
    $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
    $UserObj = ObjGet("LDAP://" & $strUserDN)
    $State=$UserObj.userAccountControl
    If $State = '514' Or $State = '66050' Then ConsoleWrite($arrContainers[$c]&@CR)
Next        

;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError

By the way: is there a place to find all the properties that you can get via AD? I found http://www.microsoft.com/technet/prodtechn...4.mspx?mfr=true (Sorry, it's german :lmao: ) , seems to be pretty close. Can you give me other hints/links?

Err, could someone move this to the examples-forum, please?

Edited by dabus
Link to comment
Share on other sites

  • 5 weeks later...

By the way: is there a place to find all the properties that you can get via AD? I found http://www.microsoft.com/technet/prodtechn...4.mspx?mfr=true (Sorry, it's german :) ) , seems to be pretty close. Can you give me other hints/links?

Err, could someone move this to the examples-forum, please?

Dabus,

The links I use for ADSI info are;

ADSI Interface Reference -- http://msdn2.microsoft.com/en-us/library/aa772170.aspx

Script Center -- http://www.microsoft.com/technet/scriptcen...t.mspx?mfr=true

Hope these help.

Link to comment
Share on other sites

Johny:

Since I've downloaded the most current version of adfunctions.au3, I've started getting 'Object referenced outside a "With" statement' errors. I'm not sure if my implementation of your "_ADGetGroupMembers" UDF is flawed or if something else is going on. Any help would be appreciated.

#include <Array.au3>
#include <File.au3>
#include <adfunctions.au3>

$TextFile = ""
$Members = ""

While 1
    $GroupName = InputBox("Group Name", "Enter the Active Directory Group name")
    If @error <> 0 Then
        Exit
    Else
        If $GroupName <> "" Then
            ExitLoop
        EndIf
    EndIf
WEnd

$TextFile = $GroupName & ".txt"

If _ADGetGroupMembers($Members, $GroupName, 0) == 1 Then
    _FileWriteFromArray($TextFile, $members)
Else
    MsgBox(4096,"Error", "The group specified doesn't exist.")
EndIf
Significent,

Apologies for taking so long to get back to you. This error was caused by a change in ADFunctions where some functions changed from requiring SamAccountNames to FQDNs. Simple fix is to change the line that calls _ADGetGroupMembers to this;

If _ADGetGroupMembers($Members, _ADSamAccountNametoFQDN($GroupName), 0) == 1 Then

That sorts it out :-)

Hope this helps,

Johny.

Link to comment
Share on other sites

Hello Jonny this is very nice scripts u got here but it doesnt meet my needs at the moment what im trying to do is get a list of all computer names and with each Computer object Call get_NetAddresses($bStr) and print out the addresses this is what i got so far

Global $NameSpace = ObjGet("WinNT:")
Global $objDomain,$objPDC,$objComputer
Dim $Filter[2]
Dim $Stack[4096]
Dim $StackPtr
Dim $NetString,$DomString,$CompString
GetComputerNames()
Exit
;stack[3~4096] are return areas unless otherwise stated in function
;Stack[2] = NumOfCurrentEntry
;Stack[1] = static Base
;Stack[0] = good or bad return 0 : 1
Func GetDomainNames()
    InitStack()
    $Filter[0] = "Domain"
    $NameSpace.Filter =  $Filter 
    For $objDomain in $NameSpace
        Push($objDomain.Name)
    Next
EndFunc

Func GetComputerNames()
    GetDomainNames()
    $DomString = Pop()
    $objPDC = ObjGet("WinNT://" & $DomString)
If(IsObj($objPDC)) Then
    Cscl()
    $Filter[0] = "Computer"
    $objPDC.Filter = $Filter
    For $objComputer In $objPDC
        $CompString = $objComputer.Name
        $CompString = $CompString & "." & $DomString
        $objComputer = ObjGet("WinNT://" & $CompString)
        With $objComputer
            .get_NetAddresses($NetString)
        EndWith
        Print($NetString)   
    Next
Else;shouldnt Execute cleanup more later ... lol
    $DomString = Pop()
    Cscl()
    $objPDC = ObjGet("WinNT://" & $DomString )
    If(IsObj($objPDC)) Then
        $Filter[0] = "Computer"
        $objPDC.Filter = $Filter
        For $objComputer In $objPDC
            Push($objComputer.Name)
            $objComputer.get_NetAddresses($NetString)
            Print($String)          
        Next
    EndIf
EndIf
EndFunc


Func InitStack()
    $Stack[0] = 1;signify good ret
    $Stack[1] = 3;init stack current location
    $Stack[2] = 0;init stack Entries counter
    $StackPtr = $Stack[1]
    Do;clear rest
        $Stack[$StackPtr] = 0
        $StackPtr = $StackPtr+1
    Until $StackPtr >= 4096
    $StackPtr = $Stack[1]
EndFunc

Func Cscl();clear stack current location
    $Stack[1] = 3
    $Stack[2] = 0
EndFunc

Func Push($Var)
    $Stack[$StackPtr] = $Var
    $Stack[2] = $Stack[2] + 1
    $StackPtr = $Stack[1] + $Stack[2]
EndFunc

Func Pop()
    $Stack[2] = $Stack[2] - 1
    $StackPtr = $Stack[1] + $Stack[2]
    Return $Stack[$StackPtr]
EndFunc

Func Print($str)
    ConsoleWrite($str)
EndFunc
http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
Link to comment
Share on other sites

Can anyone please show me where to look for Adfunctions.au3, have looked in the downloads section as well but failed to find it. Being new to the group I am not sure if I am missing something very simple. Thanks!

Link to comment
Share on other sites

This is the lastest one I own, but it may be an old one.

CODE

; Active Directory Function Library. Include this to allow access to Active Directory Functions

; Author : Jonthan Clelland
; Email : jclelland@statestreet.com
; Version : 3.0

; _ADDoError  : Error event handler for COM errors. This is global so will pick up errors from your program if you include this library
; _ADCreateUser : Creates a user in a particular OU
; _ADCreateGroup : Creates a group in a particular OU
; _ADAddUserToGroup : Adds a user to a group (if the user is not already a member of the group)
; _ADRemoveUserFromGroup : Removes a user from a group
; _ADObjectExists : Returns 1 if the given object (SamAccountName) exists in the local AD Tree
; _ADModifyAttribute : Sets the attribute of the given object to the value specified
; _ADIsMemberOf : Returns 1 if the user is a member of the group
; _ADGetUserGroups : Returns an array (byreference) containing the groups that the user is a member of
; _ADRecursiveGetMemberOf : Returns a recursed list of group membership for a group or user
; _ADGetGroupMembers : Returns an array of the group members
; _ADGetGroupMemberOf : Returns a simple list of group membership for a group
; _ADHasFullRights : Returns 1 if the given user has full rights over the given group
; _ADGroupMailEnable : Mail enables a group
; _ADUserCreateMailbox : Creates a mailbox for a user
; _ADUserDeleteMailbox : Deletes the mailbox for a user
; _ADGetObjectsInOU : Returns a filtered list of objects and attributes in a given OU
; _ADDNToSamAccountName : Returns the SamAccountName of an FQDN
; _ADSamAccountNameToFQDN : Returns a FQDN from a SamAccountName
; _ADDNToDisplayName :Returns the Display Name of an FQDN
; _ADCreateObject : Creates an object of a specified type
; _ADCreateComputer : Creates a computer and assigns permissions for a user/group to add the computer
; _ADDeleteObject : Deletes an object
; _ADGetObjectClass : Returns the class of an object
; _ADGetObjectClassFromFQDN : Returns the class of an object from it's FQDN
; _ADGetObjectAttribute : Returns a (single-value) attribute of an object
; _ADListDomainControllers : Returns a list of Domain Controllers for the current domain
; _ADOUObjectNames : Returns display names of filtered objects within an OU

; NOTES : Please use the following command to store the local user's groups for the function 'HasFullRights'. This is to allow cross-domain
; permission checks. $loggedonusergroups is a global variable declared in the 'Define AD Constants' region. If you are using this command
; in this library, move the command below the declaration of the variable and remove the comment charcater.

; _ADRecursiveGetMemberOf ($loggedonusergroups, _ADSamAccountNameToFQDN (@UserName))

; include array functions (we use _arraysearch in some functions)
#include <Array.au3>

#region  ; Define AD Constants

Global Const $ADS_GROUP_TYPE_GLOBAL_GROUP = 0x2
Global Const $ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 0x4
Global Const $ADS_GROUP_TYPE_UNIVERSAL_GROUP = 0x8
Global Const $ADS_GROUP_TYPE_SECURITY_ENABLED = 0x80000000
Global Const $ADS_GROUP_TYPE_GLOBAL_SECURITY = BitOR($ADS_GROUP_TYPE_GLOBAL_GROUP, $ADS_GROUP_TYPE_SECURITY_ENABLED)
Global Const $ADS_GROUP_TYPE_UNIVERSAL_SECURITY = BitOR($ADS_GROUP_TYPE_UNIVERSAL_GROUP, $ADS_GROUP_TYPE_SECURITY_ENABLED)

Global Const $ADS_UF_PASSWD_NOTREQD = 0x0020
Global Const $ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000
Global Const $ADS_ACETYPE_ACCESS_ALLOWED = 0x0
Global Const $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = 0x5
Global Const $ADS_FLAG_OBJECT_TYPE_PRESENT = 0x1
Global Const $ADS_RIGHT_GENERIC_READ = 0x80000000
Global Const $ADS_RIGHT_DS_SELF = 0x8
Global Const $ADS_RIGHT_DS_WRITE_PROP = 0x20
Global Const $ADS_RIGHT_DS_CONTROL_ACCESS = 0x100

Global Const $ALLOWED_TO_AUTHENTICATE = "{68B1D179-0D15-4d4f-AB71-46152E79A7BC}"
Global Const $RECEIVE_AS = "{AB721A56-1E2f-11D0-9819-00AA0040529B}"
Global Const $SEND_AS = "{AB721A54-1E2f-11D0-9819-00AA0040529B}"
Global Const $USER_CHANGE_PASSWORD = "{AB721A53-1E2f-11D0-9819-00AA0040529b}"
Global Const $USER_FORCE_CHANGE_PASSWORD = "{00299570-246D-11D0-A768-00AA006E0529}"
Global Const $USER_ACCOUNT_RESTRICTIONS = "{4C164200-20C0-11D0-A768-00AA006E0529}"
Global Const $VALIDATED_DNS_HOST_NAME = "{72E39547-7B18-11D1-ADEF-00C04FD8D5CD}"
Global Const $VALIDATED_SPN = "{F3A64788-5306-11D1-A9C5-0000F80367C1}"

Global $objConnection = ObjCreate("ADODB.Connection")  ; Create COM object to AD
$objConnection.ConnectionString = "Provider=ADsDSOObject"
$objConnection.Open ("Active Directory Provider")  ; Open connection to AD

Global $objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext")  ; Retrieve the current AD domain name
Global $strHostServer = $objRootDSE.Get ("dnsHostName") ; Retrieve the name of the connected DC
Global $strConfiguration = $objRootDSE.Get ("ConfigurationNamingContext") ; Retrieve the Configuration naming context

Global $loggedonusergroups  ; populate this with the logged on user groups in your own app

#endregion

$oMyError = ObjEvent("AutoIt.Error", "_ADDoError") ; Install a custom error handler

;  MyErrFunc
Func _ADDoError()
    $HexNumber = Hex($oMyError.number, 8)
    
    If $HexNumber = 80020009 Then
        SetError(3)
        Return
    EndIf
    
    MsgBox(0, "", "We intercepted a COM Error !" & @CRLF & _
            "Number is: " & $HexNumber & @CRLF & _
            "Windescription is: " & $oMyError.windescription)
    
    Select
        Case $oMyError.windescription = "Access is denied."
            $objConnection.Close ("Active Directory Provider")
            $objConnection.Open ("Active Directory Provider")
            SetError(2)
        Case 1
            SetError(1)
    EndSelect
    
EndFunc   ;==>DoError

; _ADCreateUser
; $userou = OU to create the group in. Form is "sampleou=ou, sampleparent=ou, sampledomain1=dc, sampledomain2=dc, sampledomain3=dc"
; $user = Username, form is SamAccountName without leading 'CN='
; $fname = First Name
; $lname = Last Name
; $description = optional - Description

Func _ADCreateUser($userou, $user, $fname, $lname, $description = "User")
    If _ADObjectExists($user) Then Return 0

    $ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $userou)
    $cnname = "CN=" & $lname & "\, " & $fname
    $ObjUser = $ObjOU.Create ("User", $cnname)
    
    $ObjUser.Put ("sAMAccountName", $user)
    $ObjUser.Put ("description", $description)
    ;$ObjUser.Put ("givenName", $fname)
    ;$ObjUser.Put ("sname", $lname)

    $ObjUser.SetInfo
    Return 1
EndFunc   ;==>_ADCreateUser

; _ADCreateGroup
; $gruopou = OU to create the group in. Form is "sampleou=ou, sampleparent=ou, sampledomain1=dc, sampledomain2=dc, sampledomain3=dc"
; $group = groupname, form is SamAccountName without leading 'CN='
; $type = Group type. Defaults to Global Security. See the global constands for other types. NOTE Global security must be 'BitOr'ed with a scope.

Func _ADCreateGroup($groupou, $group, $type = -2147483646)
    If _ADObjectExists($group) Then Return 0
    
    If StringLeft($group, 3) <> "CN=" Then
        $group = "CN=" & StringReplace($group, ",", "\,")
    EndIf
    $ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $groupou)
    $ObjGroup = $ObjOU.Create ("Group", $group)
    
    $ObjGroup.Put ("sAMAccountName", StringTrimLeft(StringReplace($group, "\,", " "), 3))
    $ObjGroup.Put ("grouptype", $type)
    
    $ObjGroup.SetInfo
    Return 1
EndFunc   ;==>_ADCreateGroup

; _ADAddUserToGroup
; Takes the group (SamAccountName without leading 'CN=') and the user (SamAccountName without leading 'CN=')
; Adds the user to the group
; Returns 0 if the user is already a member of the group,
; Returns 1 if the user was added to the group
; Returns -1 if there was an error

Func _ADAddUserToGroup($group, $user)
    If _ADIsMemberOf($group, $user) Then Return 0
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the user
    $ldap_entry = $objRecordSet.fields (0).value
    $oUsr = ObjGet($ldap_entry)  ; Retrieve the COM Object for the user
    
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $group & ");ADsPath;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the group
    $ldap_entry = $objRecordSet.fields (0).value
    $oGroup = ObjGet($ldap_entry)  ; Retrieve the COM Object for the group
    
    $OGroup.Add ($oUsr.AdsPath)
    $OGroup.SetInfo
    
    Return _ADIsMemberOf($group, $user)
EndFunc   ;==>_ADAddUserToGroup

; _ADRemoveUserFromGroup
; Takes the group (SamAccountName without leading 'CN=') and the user (SamAccountName without leading 'CN=')
; Removes the user from the group (if the user is a member of the group)
; Returns 0 if the user isn't a member of the group, 1 if the user was removed from the group
; Returns -1 if the removal failed.

Func _ADRemoveUserFromGroup($group, $user)
    If _ADIsMemberOf($group, $user) = 0 Then Return 0

    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the user
    $ldap_entry = $objRecordSet.fields (0).value
    $oUsr = ObjGet($ldap_entry)  ; Retrieve the COM Object for the user
    
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $group & ");ADsPath;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the group
    $ldap_entry = $objRecordSet.fields (0).value
    $oGroup = ObjGet($ldap_entry)  ; Retrieve the COM Object for the group
    
    $oGroup.Remove ($oUsr.AdsPath)
    $OGroup.SetInfo
    
    If _ADIsMemberOf($group, $user) Then
        Return -1
    Else
        Return 1
    EndIf
    
EndFunc   ;==>_ADRemoveUserFromGroup

; _ADObjectExists
; Takes an object name (SamAccountName without leading 'CN=')
; Returns 1 if the object exists in the tree, 0 otherwise

Func _ADObjectExists($object)
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree"
    $objRecordSet = $ObjConnection.Execute ($strQuery)  ; Retrieve the FQDN for the group, if it exists
    
    If $objRecordSet.RecordCount = 1 Then
        Return 1
    Else
        Return 0
    EndIf
EndFunc   ;==>_ADObjectExists

; _ADModifyAttribute
; $object = Object to modify (samAccountName)
; $attribute = Attribute to modify
; $value = value to set attribute to

Func _ADModifyAttribute($object, $attribute, $value)
    If _ADObjectExists($object) = 0 Then Return 0  ; Returns 0 if the object doesn't exist

    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree"
    $objRecordSet = $ObjConnection.Execute ($strQuery)  ; Retrieve the FQDN for the object
    
    $ldap_entry = $objRecordSet.fields (0).value
    $oObject = ObjGet($ldap_entry)  ; Retrieve the COM Object for the object
    
    $oObject.GetInfo
    $oObject.GetInfo
    
    If $value = "" Then
        $oObject.PutEx (1, $attribute, 0)
    Else
        $oObject.Put ($attribute, $value)
    EndIf

    $oObject.SetInfo
    $oObject.PurgePropertyList
    
    Return 1
EndFunc   ;==>_ADModifyAttribute

; _ADIsMemberOf
; Takes samAccountNames for a group and a user
; Returns 1 if the the user is a member of the group, 0 otherwise

Func _ADIsMemberOf($group, $user)
    $ObjGroup = ObjGet("LDAP://" & $strHostServer & "/" & _ADSamAccountNameToFQDN($group))
    $ismember = $objgroup.IsMember ("LDAP://" & $strHostServer & "/" & _ADSamAccountNameToFQDN($user))
    Return -$ismember
EndFunc   ;==>_ADIsMemberOf

; _ADGetUserGroups
; the currently logged on user is a member of. Returns an array of Full DNs of the Group names that the user is immediately a member of
; with element 0 containing the number of groups.
; $user - optional -- SamAccountName of a user, defaults to locally logged on user

Func _ADGetUserGroups(ByRef $usergroups, $user = @UserName)
    Local $oUsr
    
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the logged on user
    $ldap_entry = $objRecordSet.fields (0).value
    $oUsr = ObjGet($ldap_entry)  ; Retrieve the COM Object for the logged on user
    
    $usergroups = $oUsr.GetEx ("memberof")
    $count = UBound($usergroups)
    _ArrayInsert($usergroups, 0, $count)
EndFunc   ;==>_ADGetUserGroups

; _ADRecursiveGetMemberOf
; Takes a Full DN of a group or user and returns a recursively searched list of groups the object is a member of to the array
; This will traverse through groups that the object is immediately a member of and check their group membership as well.
; The return values are full DNs. For groups that are inherited, the return is the DN of the group, and the DN of the first group
; it was inherited from, seperated by '|'.
Func _ADRecursiveGetMemberOf(ByRef $memberof, $fqdn)
    Local $objItem, $tempmemberof, $i = 0
    
    $objItem = ObjGet("LDAP://" & $strHostServer & "/" & $fqdn)  ; Retrieve the COM Object for the logged on user
    
    $memberof = $objItem.GetEx ("memberof")
    
    If $memberof = 0 Then
        Dim $memberof[1] = [0]
        Return 0
    EndIf
    
    Do
        If StringInStr($memberof[$i],"|") Then
            $currgroup = StringLeft($memberof[$i],StringInStr($memberof[$i],"|")-1)
        Else
            $currgroup = $memberof[$i]
        EndIf
        _ADGetGroupMemberOf($tempmemberof, $currgroup)
        For $j = 1 To $tempmemberof[0]
            $exists = 0
            $k = UBound($memberof)
            Do
                $k -= 1
                If StringInStr($memberof[$k], $tempmemberof[$j]) Then $exists = 1
            Until $exists = 1 Or $k = 0
            If $exists = 0 Then _ArrayAdd($memberof, $tempmemberof[$j] & "|" & $currgroup)
        Next
        $i += 1
    Until $i = UBound($memberof)
    
    $count = UBound($memberof)
    _ArrayInsert($memberof, 0, $count)
    
    Return 1
EndFunc   ;==>_ADRecursiveGetMemberOf

; _ADGetGroupMembers
; Arguments,
; $members - Array that the result will be stored in
; $group - Group to retrieve members from
; $sort - optional, default 0 : Set to 1 to sort the array
; Returns an array to $members where $members[0] will be the number of users in the group and
; $members[1] to $members[$members[0]] are the distinguished names of the users

Func _ADGetGroupMembers(ByRef $members, $groupdn, $sort = 0)
    If _ADObjectExists($groupdn) = 0 Then 
        Return 0
    Else    
    
    Local $oUsr, $objCommand, $groups

    $objCommand = ObjCreate("ADODB.Command")
    $objCommand.ActiveConnection = $objConnection
    $objCommand.Properties ("Searchscope") = 2

    Dim $members[1]
    $i = 0

    While 1
        $rangemodifier = $i * 1000
        $range = "Range=" & $rangemodifier & "-" & $rangemodifier + 999
        $strCmdText = "<LDAP://" & $strHostServer & "/" & $groupdn & ">;;member;" & $range & ";base"
        $objCommand.CommandText = $strCmdText
        $objRecordSet = $objCommand.Execute
        $membersadd = $objRecordSet.fields (0).Value
        If $membersadd = 0 Then ExitLoop
        ReDim $members[UBound($members) + 1000]
        For $j = $rangemodifier + 1 To $rangemodifier + 1000
            $members[$j] = $membersadd[$j - $rangemodifier - 1]
        Next
        $i += 1
        $objRecordSet.Close
    WEnd

    $rangemodifier = $i * 1000
    $range = "Range=" & $rangemodifier & "-*"
    $strCmdText = "<LDAP://" & $strHostServer & "/" & $groupdn & ">;;member;" & $range & ";base"
    $objCommand.CommandText = $strCmdText
    $objRecordSet = $objCommand.Execute
    $membersadd = $objRecordSet.fields (0).Value

    ReDim $members[UBound($members) + UBound($membersadd) ]

    For $j = $rangemodifier + 1 To $rangemodifier + UBound($membersadd)
        $members[$j] = $membersadd[$j - $rangemodifier - 1]
    Next

    $objRecordSet.Close
    
    $members[0] = UBound($members) - 1
    
    If $sort = 1 Then
        _ArraySort($members, 0, 1)
    EndIf
    
    Return 1
    EndIf
EndFunc   ;==>_ADGetGroupMembers

; _ADGetGroupMemberOf
Func _ADGetGroupMemberOf(ByRef $memberof, $groupdn, $sort = 0)
    ;If _ADObjectExists($group) = 0 Then Return 0
    
    Local $oUsr, $objCommand, $groups

    $objCommand = ObjCreate("ADODB.Command")
    $objCommand.ActiveConnection = $objConnection
    $objCommand.Properties ("Searchscope") = 2
    
    Dim $memberof[1]
    $i = 0

    While 1
        $rangemodifier = $i * 1000
        $range = "Range=" & $rangemodifier & "-" & $rangemodifier + 999
        $strCmdText = "<LDAP://" & $strHostServer & "/" & $groupdn & ">;;memberof;" & $range & ";base"
        $objCommand.CommandText = $strCmdText
        $objRecordSet = $objCommand.Execute
        $membersadd = $objRecordSet.fields (0).Value
        If $membersadd = 0 Then ExitLoop
        ReDim $memberof[UBound($memberof) + 1000]
        For $j = $rangemodifier + 1 To $rangemodifier + 1000
            $memberof[$j] = $membersadd[$j - $rangemodifier - 1]
        Next
        $i += 1
        $objRecordSet.Close
    WEnd

    $rangemodifier = $i * 1000
    $range = "Range=" & $rangemodifier & "-*"
    $strCmdText = "<LDAP://" & $strHostServer & "/" & $groupdn & ">;;memberof;" & $range & ";base"
    $objCommand.CommandText = $strCmdText
    $objRecordSet = $objCommand.Execute
    $membersadd = $objRecordSet.fields (0).Value
    ReDim $memberof[UBound($memberof) + UBound($membersadd) ]

    For $j = $rangemodifier + 1 To $rangemodifier + UBound($membersadd)
        $memberof[$j] = $membersadd[$j - $rangemodifier - 1]
    Next
    $objRecordSet.Close
    
    $memberof[0] = UBound($memberof) - 1
    
    If $sort = 1 Then
        _ArraySort($memberof, 0, 1)
    EndIf
    
    Return $memberof[0]
    
EndFunc   ;==>_ADGetGroupMemberOf

; _ADHasFullRights
; Take an object's SamAccountName, a user's SamAccountName
; Returns 1 if User has full rights on the object
; Returns 0 otherwise

Func _ADHasFullRights($object, $user = @UserName)
    Dim $hfr_groups
    If $user = @UserName Then
        $hfr_groups = $loggedonusergroups
    Else
        _ADGetUserGroups($hfr_groups, $user)
    EndIf

    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree"
    $objRecordSet = $ObjConnection.Execute ($strQuery)  ; Retrieve the FQDN for the object

    If $objRecordSet.RecordCount = 1 Then
        $ldap_entry = $objRecordSet.fields (0).value
        $oObject = ObjGet($ldap_entry)  ; Retrieve the COM Object for the logged on user
        $security = $oObject.Get ("ntSecurityDescriptor")
        $dacl = $security.DiscretionaryAcl
        For $ace In $dacl
            $trusteearray = StringSplit($ace.Trustee, "\")
            $trusteegroup = $trusteearray[$trusteearray[0]]
            For $i = 0 To UBound($hfr_groups) - 1
                If StringInStr($hfr_groups[$i], "CN=" & $trusteegroup) And $ace.AccessMask = 983551 Then Return 1
            Next
        Next
    EndIf
    Return 0
EndFunc   ;==>_ADHasFullRights

; _ADGroupMailEnable
; Takes a group and enables mail on that group
Func _ADGroupMailEnable($group)
    If _ADObjectExists($group) = 0 Then Return 0
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $group & ");ADsPath;subtree"
    $objRecordSet = $ObjConnection.Execute ($strQuery)  ; Retrieve the FQDN for the group, if it exists
    
    $ldap_entry = $objRecordSet.fields (0).value
    $oGroup = ObjGet($ldap_entry)  ; Retrieve the COM Object for the object
    
    $oGroup.MailEnable
    $OGroup.SetInfo
    Return 1
EndFunc   ;==>_ADGroupMailEnable

; _ADUserCreateMailbox
; $user - User to add mailbox to
; $mdbstore - Mailbox storename
; $store - Information store
; $server - Email server
; $admingroup - Administrative group in Exchange
; $domain - Domain name
Func _ADUserCreateMailbox($user, $mdbstore, $store, $server, $admingroup, $domain)
    If _ADObjectExists($user) = 0 Then Return 0
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree"
    $objRecordSet = $ObjConnection.Execute ($strQuery)  ; Retrieve the FQDN for the group, if it exists
    
    $ldap_entry = $objRecordSet.fields (0).value
    $oUser = ObjGet($ldap_entry)  ; Retrieve the COM Object for the object
    
    If $oUser.HomeMDB <> "" Then Return 0
    
    $mailboxpath = "LDAP://CN="
    $mailboxpath = $mailboxpath & $mdbstore
    $mailboxpath = $mailboxpath & ",CN="
    $mailboxpath = $mailboxpath & $store
    $mailboxpath = $mailboxpath & ",CN=InformationStore"
    $mailboxpath = $mailboxpath & ",CN="
    $mailboxpath = $mailboxpath & $server
    $mailboxpath = $mailboxpath & ",CN=Servers,CN="
    $mailboxpath = $mailboxpath & $admingroup
    $mailboxpath = $mailboxpath & ",CN=Administrative Groups,CN=State Street,CN=Microsoft Exchange,CN=Services,CN=Configuration,"
    $mailboxpath = $mailboxpath & $domain
    
    $oUser.CreateMailbox ($mailboxpath)
    $oUser.SetInfo
    Return 1
EndFunc   ;==>_ADUserCreateMailbox

; _ADUserDeleteMailbox
; Deletes a user's mailbox
Func _ADUserDeleteMailbox($user)
    If _ADObjectExists($user) = 0 Then Return 0

    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree"
    $objRecordSet = $ObjConnection.Execute ($strQuery)  ; Retrieve the FQDN for the group, if it exists
    
    $ldap_entry = $objRecordSet.fields (0).value
    $oUser = ObjGet($ldap_entry)  ; Retrieve the COM Object for the object
    
    If $oUser.HomeMDB = "" Then Return 0
    
    $oUser.DeleteMailbox
    $oUser.SetInfo
    Return 1
EndFunc   ;==>_ADUserDeleteMailbox

; _ADGetObjectsInOU
; Returns an array of the objects in an OU
; $ou : The OU to retrieve from
; $filter : optional, default "name'*'". An additional LDAP filter if required.
; $searchscope : optional, default 2. 0 = base, 1 = one-level, 2 = sub-tree
; $datatoretrieve : optional, default "Name". A comma-seperated list of values to retrieve. More than one value will create
; a 2-dimensional array, array[0][0] will contain the number of items returned, which start at array[1][0]

Func _ADGetObjectsInOU(ByRef $ObjectArray, $ou, $filter = "name='*'", $searchscope = 2, $datatoretrieve = "sAMAccountName", $sortby = "sAMAccountName")
    Local $objRecordSet
    $objCommand = ObjCreate("ADODB.Command")
    $objCommand.ActiveConnection = $objConnection
    $objCommand.Properties ("Page Size") = 1000
    $objCommand.Properties ("Searchscope") = $searchscope

    $strCmdText = "Select " & $datatoretrieve & " FROM 'LDAP://" & $strHostServer & "/" & $ou & "' WHERE " & $filter & " ORDER BY " & $sortby
    
    $objCommand.CommandText = $strCmdText
    $objRecordSet = $objCommand.Execute
    
    If StringInStr($datatoretrieve, ",") Then
        $dtrArray = StringSplit($datatoretrieve, ",")
        
        Dim $ObjectArray[$objRecordSet.RecordCount + 1][$dtrArray[0]]
        
        $ObjectArray[0][0] = $objRecordSet.RecordCount
        $ObjectArray[0][1] = $dtrArray[0]
        
        If $ObjectArray[0][0] = 0 Then Return 0
        
        $count = 1
        $objRecordSet.MoveFirst
        Do
            For $i = 1 To $dtrArray[0]
                $ObjectArray[$count][$i - 1] = $objRecordSet.Fields ($dtrArray[$i]).Value
            Next
            $objRecordSet.MoveNext
            $count += 1
        Until $objRecordSet.EOF
    Else
        Dim $ObjectArray[$objRecordSet.RecordCount + 1]
        $ObjectArray[0] = UBound($ObjectArray)-1
        If $ObjectArray[0] = 0 Then
            $ObjectArray = 0
            Return 0
        Else
            $count = 1
            $objRecordSet.MoveFirst
            Do
                $ObjectArray[$count] = $objRecordSet.Fields ($datatoretrieve).Value
                $objRecordSet.MoveNext
                $count += 1
            Until $objRecordSet.EOF
        EndIf
    EndIf
    Return 1
    
EndFunc   ;==>_ADGetObjectsInOU

; _ADDNToSamAccountName
; Takes a FQDN and returns the SamID of the account

Func _ADDNToSamAccountName($fqdn)
    $obj = ObjGet("LDAP://" & $strHostServer & "/" & $fqdn)
    If $obj = 0 Then
        MsgBox(0, "", "Failed to retrieve AD object")
        Return 0
    EndIf
    
    Return $obj.sAMAccountName
EndFunc   ;==>_ADDNToSamAccountName

; _ADSamAccountNameToFQDN
; Takes a SamID and returns the FQDN of the account

Func _ADSamAccountNameToFQDN($samname)
    
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $samname & ");distinguishedName;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)
    
    If $objRecordSet.RecordCount = 1 Then
        Return $objRecordSet.fields (0).value
    Else
        Return ""
    EndIf
EndFunc   ;==>_ADSamAccountNameToFQDN

; _ADDNToDisplayName
; Returns the Display Name of an FQDN
Func _ADDNToDisplayName($fqdn)
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(distinguishedname=" & $fqdn & ");name;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the logged on user
    If $objRecordSet.EOF Then
        MsgBox(0, "", "Error, object not found")
    Else
        ;MsgBox(0,"",$objRecordSet.fields (0).value)
        Return $objRecordSet.fields (0).value
    EndIf
    
    ;$obj = ObjGet("LDAP://" & $fqdn)
    ;Return $obj.name
EndFunc   ;==>_ADDNToDisplayName

; _ADCreateObject
; $objectou = OU to create the group in. Form is "sampleou=ou, sampleparent=ou, sampledomain1=dc, sampledomain2=dc, sampledomain3=dc"
; $object = Object name, form is SamAccountName without leading 'CN='
; $type = Type of object to create

Func _ADCreateObject($objectou, $object, $type)
    If _ADObjectExists($object) Then Return 0
    
    If StringLeft($object, 3) <> "CN=" Then
        $object = "CN=" & $object
    EndIf

    $ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $objectou)
    $ObjADObj = $ObjOU.Create ($type, $object)
    
    $ObjADObj.Put ("sAMAccountName", StringTrimLeft($object, 3))
    If $type = "Computer" Then
        $ObjADObj.Put ("UserAccountControl", BitOR(0x0020, 0x1000))
    EndIf
    
    $ObjADobj.SetInfo
    Return 1
EndFunc   ;==>_ADCreateObject

; _ADCreateComputer
; $strComputer = Name of the computer object to create
; $computerOU = Full DN of the OU to create the computer in
; $strComputerUser = User or group that will be allowed to add the computer to the domain (SamAccountName)
Func _ADCreateComputer($strComputer, $computerOU, $strComputerUser)

    $objContainer = ObjGet("LDAP://" & $strHostServer & "/" & $computerOU)

    $objComputer = $objContainer.Create ("Computer", "cn=" & $strComputer)
    $objComputer.Put ("sAMAccountName", $strComputer & "$")
    $objComputer.Put ("userAccountControl", BitOR($ADS_UF_PASSWD_NOTREQD, $ADS_UF_WORKSTATION_TRUST_ACCOUNT))
    $objComputer.SetInfo

    $objSecurityDescriptor = $objComputer.Get ("ntSecurityDescriptor")
    $objDACL = $objSecurityDescriptor.DiscretionaryAcl

    $objACE1 = ObjCreate("AccessControlEntry")
    $objACE1.Trustee = $strComputerUser
    $objACE1.AccessMask = $ADS_RIGHT_GENERIC_READ
    $objACE1.AceFlags = 0
    $objACE1.AceType = $ADS_ACETYPE_ACCESS_ALLOWED

    $objACE2 = ObjCreate("AccessControlEntry")
    $objACE2.Trustee = $strComputerUser
    $objACE2.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS
    $objACE2.AceFlags = 0
    $objACE2.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
    $objACE2.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT
    $objACE2.ObjectType = $ALLOWED_TO_AUTHENTICATE

    $objACE3 = ObjCreate("AccessControlEntry")
    $objACE3.Trustee = $strComputerUser
    $objACE3.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS
    $objACE3.AceFlags = 0
    $objACE3.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
    $objACE3.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT
    $objACE3.ObjectType = $RECEIVE_AS

    $objACE4 = ObjCreate("AccessControlEntry")
    $objACE4.Trustee = $strComputerUser
    $objACE4.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS
    $objACE4.AceFlags = 0
    $objACE4.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
    $objACE4.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT
    $objACE4.ObjectType = $SEND_AS

    $objACE5 = ObjCreate("AccessControlEntry")
    $objACE5.Trustee = $strComputerUser
    $objACE5.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS
    $objACE5.AceFlags = 0
    $objACE5.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
    $objACE5.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT
    $objACE5.ObjectType = $USER_CHANGE_PASSWORD

    $objACE6 = ObjCreate("AccessControlEntry")
    $objACE6.Trustee = $strComputerUser
    $objACE6.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS
    $objACE6.AceFlags = 0
    $objACE6.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
    $objACE6.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT
    $objACE6.ObjectType = $USER_FORCE_CHANGE_PASSWORD

    $objACE7 = ObjCreate("AccessControlEntry")
    $objACE7.Trustee = $strComputerUser
    $objACE7.AccessMask = $ADS_RIGHT_DS_WRITE_PROP
    $objACE7.AceFlags = 0
    $objACE7.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
    $objACE7.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT
    $objACE7.ObjectType = $USER_ACCOUNT_RESTRICTIONS

    $objACE8 = ObjCreate("AccessControlEntry")
    $objACE8.Trustee = $strComputerUser
    $objACE8.AccessMask = $ADS_RIGHT_DS_SELF
    $objACE8.AceFlags = 0
    $objACE8.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
    $objACE8.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT
    $objACE8.ObjectType = $VALIDATED_DNS_HOST_NAME

    $objACE9 = ObjCreate("AccessControlEntry")
    $objACE9.Trustee = $strComputerUser
    $objACE9.AccessMask = $ADS_RIGHT_DS_SELF
    $objACE9.AceFlags = 0
    $objACE9.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
    $objACE9.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT
    $objACE9.ObjectType = $VALIDATED_SPN

    $objDACL.AddAce ($objACE1)
    $objDACL.AddAce ($objACE2)
    $objDACL.AddAce ($objACE3)
    $objDACL.AddAce ($objACE4)
    $objDACL.AddAce ($objACE5)
    $objDACL.AddAce ($objACE6)
    $objDACL.AddAce ($objACE7)
    $objDACL.AddAce ($objACE8)
    $objDACL.AddAce ($objACE9)

    $objSecurityDescriptor.DiscretionaryAcl = $objDACL
    $objComputer.Put ("ntSecurityDescriptor", $objSecurityDescriptor)
    $objComputer.SetInfo

EndFunc   ;==>_ADCreateComputer

; _ADDeleteObject
; $object = SamAccountName of object to delete. $type="user" or "group".
; Returns 0 if object doesn't exist, otherwise Returns 1
Func _ADDeleteObject($ou, $object, $type)
    $objcn = "CN=" & StringReplace($object, ",", "\,")
    $ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $ou)
    $objOU.Delete ($type, $objcn)

    Return 1
EndFunc   ;==>_ADDeleteObject

; _ADGetObjectClass
; Returns the Class of an object. Returns 0 if the object does not exist.
Func _ADGetObjectClass($object)
    If _ADObjectExists($object) = 0 Then Return 0

    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the object
    $ldap_entry = $objRecordSet.fields (0).value
    $oObject = ObjGet($ldap_entry)  ; Retrieve the COM Object for the object
    Return $oObject.Class
    
EndFunc   ;==>_ADGetObjectClass

; _ADGetObjectClassFromFQDN
; Returns the Class of an objectfrom an objects FQDN. Returns 0 if the object does not exist.
Func _ADGetObjectClassFromFQDN($object)
    $object = StringReplace($object, "/", "\/")
    
    $oObject = ObjGet("LDAP://" & $strHostServer & "/" & $object)  ; Retrieve the COM Object for the object
    If IsObj($oObject) = 0 Then Return 0
    Return $oObject.Class
EndFunc   ;==>_ADGetObjectClassFromFQDN

; _ADGetObjectAttribute
; Retrieves the specified (single-value) attribute for the given SamAccountName
; Returns 0 if the object does not exist, the attribute does not exist for that
; object or if the value is multi-string.
; Otherwise returns the result
Func _ADGetObjectAttribute($object, $attribute)
    If _ADObjectExists($object) = 0 Then Return 0

    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the object
    $ldap_entry = $objRecordSet.fields (0).value
    $oObject = ObjGet($ldap_entry)  ; Retrieve the COM Object for the object
    $result = $oObject.Get ($attribute)
    $oObject.PurgePropertyList
    
    If $result = "" Then
        Return ""
    Else
        Return $result
    EndIf
    
EndFunc   ;==>_ADGetObjectAttribute

; _ADListDomainControllers
; Retrieves the names of all domain controllers in the current Domain
Func _ADListDomainControllers(ByRef $DCList)
    $objCommand = ObjCreate("ADODB.Command")
    $objCommand.ActiveConnection = $objConnection
    $objCommand.Properties ("Page Size") = 1000
    $objCommand.Properties ("Searchscope") = 2
    
    $objCommand.CommandText = "Select distinguishedName FROM 'LDAP://" & $strHostServer & "/ou=Domain Controllers," & $strDNSDomain & "' WHERE objectclass='computer'"
    
    $objRecordSet = $objCommand.Execute
    Dim $DCList[$objRecordSet.RecordCount + 1]
    $objRecordSet.MoveFirst
    
    Do
        $DCList[0] += 1
        
        $objCommand.CommandText = "<LDAP://" & $strHostServer & "/" & $objRecordSet.Fields ("distinguishedName").Value & ">;;serverReferenceBL;Range=0-*;base"
        $objRecSet2 = $objCommand.Execute
        
        $objRecSet2.MoveFirst
        Do
            $temparray = $objRecSet2.Fields (0).Value
            $DCList[$DCList[0]] = $temparray[0]
            $objRecSet2.MoveNext
        Until $objRecSet2.EOF
        
        $objRecordSet.MoveNext
    Until $objRecordSet.EOF
EndFunc   ;==>_ADListDomainControllers

; _ADOUObjectNames
; A faster call for returning the Display Name of objects in a given OU
Func _ADOUObjectNames(ByRef $objects, $ou, $filter = 0)
    Local $i
    
    $objOU = ObjGet("LDAP://" & $strHostServer & "/" & $ou)

    If $filter <> 0 Then $objOU.Filter = $filter

    Dim $tempobjects[100000]
    
    $i = 0

    For $object In $objOU
        $tempobjects[$i] = $object.name
        $i+=1
    Next
    
    If $i = 0 Then
        $objects = 0
        Return
    EndIf
    
    Dim $objects[$i+1]
    $objects[0] = $i
    
    For $j = 1 To $i
        $tempstr = $tempobjects[$j-1]
        $tempstr = StringTrimLeft($tempstr,3)
        $objects[$j] = StringReplace($tempstr,"\,",",")
    Next
        
EndFunc   ;==>_ADOUObjectNames

Link to comment
Share on other sites

Several other topics link specifically to the post below as the source of Adfunctions.au3. But there is no attachment or download link that I can see now. It must have been there before... Can we get somebody with the latest version to post it back?

There was an issue with the AutoIt Forum's FileMan function, and I wonder if it ate the Adfunctions.au3 UDF...

:)

I have attached the latest version of the ADFunction.au3 file. There are a couple of things that have changed (most notably the return array from GetUserGroups) and a few new functions.

You are correct that the .delete function requires a 'type' and a 'name'. The function in the current version looks like this;

; _ADDeleteObject

; $object = SamAccountName of object to delete. Returns 0 if object doesn't exist, otherwise Returns 1

Func _ADDeleteObject($ou, $object, $type)

$objcn = "CN=" & StringReplace($object, ",", "\,")

$ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $ou)

$objOU.Delete ($type, $objcn)

Return 1

EndFunc ;==>_ADDeleteObject

This allows the deletion of groups, using a $type="group". It should also work for users, contacts and other categories of object, but I haven't tested this.

Hope this helps.

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites

how to call IADsComputer.get_NetAddress(BSTR *String)??

and can autotit call com methods? and why do i error out to olly when i do?

Hmmm... The property is get_NetAdresses (plural) and does not need a parameter. According to IADsComputer Property Methods on MSDN, it should return an array but I don't get that far...

#include <array.au3> ; for _ArrayDisplay()

$sComputerName = @ComputerName
$oWinNT = ObjGet("WinNT://" & $sComputerName & ",computer")
If IsObj($oWinNT) Then
    $avNetAdxs = $oWinNT.get_NetAddresses
    If IsArray($avNetAdxs) Then
        _ArrayDisplay($avNetAdxs, "Debug: $avNetAdxs")
    Else
        ConsoleWrite("Debug: Error! $avNetAdxs is not an array." & @LF)
    EndIf
Else
    ConsoleWrite("Debug: Error! Failed to connect to WinNT provider" & @LF)
EndIf

Fails with:

C:\AutoIT\Scripts\Test1.au3 (6) : ==> The requested action with this object has failed.: 
$avNetAdxs = $oWinNT.get_NetAddress 
$avNetAdxs = $oWinNT.get_NetAddress^ ERROR
->19:08:27 AutoIT3.exe ended.rc:1
+>19:08:29 AutoIt3Wrapper Finished

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites

@all

Sorry guys but this is not supported : ADSI interfaces

Regards,

ptrex

Well, that's just... just... RUDE!

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites

#include <GuiConstants.au3> 
Global $NameSpace = ObjGet("WinNT:")
Global $objDomain,$objPDC,$objComputer
Dim $Filter[2]
Dim $Stack[4096]
Dim $StackPtr
Dim $NetString,$DomString,$CompString,$oComputer

GUICreate("Active Directory Computer Information Tool",300,250,100,300)
GUISetState (@SW_SHOW)
$DomList = GUICtrlCreateList("",10,10,250,100)
$IPList = GUICtrlCreateList("",10,105,250,100)
GetComputerNames()
$msg = 0
While $msg <> $GUI_EVENT_CLOSE
    $msg = GUIGetMsg()
    Select
    case $msg = $DomList
        
    EndSelect
Wend
Exit
;stack[3~4096] are return areas unless otherwise stated in function
;Stack[2] = NumOfCurrentEntry
;Stack[1] = static Base
;Stack[0] = good or bad return 0 : 1
Func GetDomainNames()
    InitStack()
    $Filter[0] = "Domain"
    $NameSpace.Filter =  $Filter 
    For $objDomain in $NameSpace
        Push($objDomain.Name)
    Next
    DumpStack($DomList)
EndFunc

Func GetComputerNames()
    GetDomainNames()
    $DomString = Pop()
    $objPDC = ObjGet("WinNT://" & $DomString)
If(IsObj($objPDC)) Then
    Cscl()
    $Filter[0] = "Computer"
    $objPDC.Filter = $Filter
    For $objComputer In $objPDC
        If(IsObj($objComputer)) Then
            
            Push("Computer Name: " & $objComputer.Name)
            Push("Computer OS: " & $objComputer.OperatingSystem)
            Push("Computer OS Version: " & $objComputer.OperatingSystemVersion)
            Push("Computer CPU: " & $objComputer.Processor)
            Push("Computer # CPU; " & $objComputer.ProcessorCount)
        EndIf
        DumpStack($IPList)
    Next
Else;shouldnt Execute cleanup more later ... lol
    $DomString = Pop()
    Cscl()
    $objPDC = ObjGet("WinNT://" & $DomString)
    If(IsObj($objPDC)) Then
        $Filter[0] = "Computer"
        $objPDC.Filter = $Filter
        For $objComputer In $objPDC
            Push($objComputer.Name)
            Push($objComputer.OperatingSystem)
        Next
        DumpStack($IPList)
    EndIf
EndIf
EndFunc

Func DumpStack($HWND);recvs WindowHandle to Dump Entries into
    If($Stack[2] > 0) Then
        $Stack[0] = 1
        Local $NumStackEntry = $Stack[2]
        Do
        ;ConsoleWrite($StackPtr)
            GUICtrlSetData($HWND,$Stack[$Stack[1] + $Stack[2]])
            If(@error <> 0) Then
                $Stack[0] = 0
                Return $Stack[0]
            EndIf
            $Stack[2] = $Stack[2] - 1
        Until $Stack[2] = 0
        $Stack[2] = $NumStackEntry
        Return $Stack[0]
    Else
        $Stack[0] = 0
        Return $Stack[0]
    EndIf
EndFunc 
Func InitStack()
    $Stack[0] = 1;signify good ret
    $Stack[1] = 3;init stack current location
    $Stack[2] = 0;init stack Entries counter
    $StackPtr = $Stack[1]
    Do;clear rest
        $Stack[$StackPtr] = 0
        $StackPtr = $StackPtr+1
    Until $StackPtr >= 4096
    $StackPtr = $Stack[1]
EndFunc

Func Cscl();clear stack current location
    $Stack[1] = 3
    $Stack[2] = 0
EndFunc

Func Push($Var)
    $Stack[2] = $Stack[2] + 1
    $StackPtr = $Stack[1] + $Stack[2]
    $Stack[$StackPtr] = $Var
EndFunc

Func Pop()
    $StackPtr = $Stack[1] + $Stack[2]
    $Stack[2] = $Stack[2] - 1
    Return $Stack[$StackPtr]
EndFunc

Func UserValidate($domain, $UserName, $Password)
    $Stack[0] = 1
    Local $DomObj = $NameSpace.OpenDSObject("WinNT://" & $domain , $UserName, $Password, "&H0001")
    If @error <> 0 Then
        $Stack[0] = 0
    EndIf
    Return $Stack[0]
EndFunc

well i got this far and i thought i saw something that had NSLookup and got the address from the output.. hard to find it...

http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
Link to comment
Share on other sites

well i got this far and i thought i saw something that had NSLookup and got the address from the output.. hard to find it...

I'm confused (no news there). Are you still trying to retrieve net addresses? And if so, addresses of what?

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites

  • 2 weeks later...

Anybody know why I am getting this error?

C:\Program Files\AutoIt3\Include\adfunctions.au3 (277) : ==> Error in expression.: 
$ismember = $objGroup.IsMember ("LDAP://" & $strHostServer & "/" & $user) 
$ismember = ^ ERROR

All I am calling is;

#include <adfunctions.au3>

If _ADIsMemberOf("Administrators", "Admin") Then
    MsgBox(64, "", "True")
EndIf
Link to comment
Share on other sites

Anybody know why I am getting this error?

C:\Program Files\AutoIt3\Include\adfunctions.au3 (277) : ==> Error in expression.: 
$ismember = $objGroup.IsMember ("LDAP://" & $strHostServer & "/" & $user) 
$ismember = ^ ERROR

All I am calling is;

#include <adfunctions.au3>

If _ADIsMemberOf("Administrators", "Admin") Then
    MsgBox(64, "", "True")
EndIf
The context is domain not local so $strHostServer is the DNS host, which is likely a DC also (AD integrated DNS being most likely). If it's a DC, then the group "Administrators" is not valid, being replaced by "Domain Admins" on a DC. Do you get the same if you use _ADIsMemberOf("Domain Admins", "Admin"), or a definite invalid group like _ADIsMemberOf("Dingleberries", "Admin")?

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites

Yes still same error using Domain Admins.

I actually get an error message box to, sorry forgot to add this in the first post;

We intercepted a COM Error !
Number is: 80072032
Windescription is: An invalid dn syntax has been specified.

Script Line number is: 276

Do i actually have to configure anything inside adfunctions.au3 or my program first?

Edited by ale1981
Link to comment
Share on other sites

  • 2 weeks later...

Hi All,

Just found out about AutoIT and found this ADFunctions.au3 script which i think can help me greatly in automating mailbox creations and permissioning - but I do not for the life of me know how to run it specifiying the parts and variables that I want to use.

Any help at all would be great as I can't seem to find any!

Cheers in advance

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...