Jump to content

Active Directory Scripts


Johny Clelland
 Share

Recommended Posts

The problem below is because the _ADIsMemberOf function requires full DN Syntax for both the group and the user. The easiest way to get this is to use _ADSamAccountNametoFQDN('samid') to return the fully qualified distinguished name of the objects.

e.g.

#include <adfunctions.au3>
$domain_admins_dn = _ADSamAccountNametoFQDN("Domain Admins")
$test_user_dn = _ADSamAccountNametoFQDN("Admin")

If _ADIsMemberOf($domain_admins_dn, $test_user_dn) Then
    MsgBox(64, "", "True")
EndIf

Hope this helps, if you're still having problems let me know.

Cheers,

Johny.

Yes still same error using Domain Admins.

I actually get an error message box to, sorry forgot to add this in the first post;

We intercepted a COM Error !
Number is: 80072032
Windescription is: An invalid dn syntax has been specified.

Script Line number is: 276

Do i actually have to configure anything inside adfunctions.au3 or my program first?

Link to comment
Share on other sites

I managed to fix my own problem (and of course, for me PEBKAC :"> ) about the DeleteObject function, however, I have a new question.

Is there a function out there that will query Active Directory for a specified OU and then return output like OU=People,OU=Users,DC=domain,DC=local ?

I could really, really use something like that and I have no idea where to even start if I wanted to develop it on my own.

Anyone?

Link to comment
Share on other sites

  • Developers

I managed to fix my own problem (and of course, for me PEBKAC :"> ) about the DeleteObject function, however, I have a new question.

Is there a function out there that will query Active Directory for a specified OU and then return output like OU=People,OU=Users,DC=domain,DC=local ?

I could really, really use something like that and I have no idea where to even start if I wanted to develop it on my own.

Anyone?

I cannot test at this moment but give this a go:

Const $ADS_NAME_INITTYPE_GC = 3
Const $ADS_NAME_TYPE_NT4 = 3
Const $ADS_NAME_TYPE_1779 = 1
$Domain = @LogonDomain
$Userid = @UserName
$objTrans = ObjCreate("NameTranslate")
$objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
$objTrans.Set ($ADS_NAME_TYPE_1779, $strDNSDomain)
$objTrans.Set ($ADS_NAME_TYPE_NT4, $Domain & "\" & $Userid)
$UserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
MsgBox(0,"full domain path",$UserDN)

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

I cannot test at this moment but give this a go:

Const $ADS_NAME_INITTYPE_GC = 3
Const $ADS_NAME_TYPE_NT4 = 3
Const $ADS_NAME_TYPE_1779 = 1
$Domain = @LogonDomain
$Userid = @UserName
$objTrans = ObjCreate("NameTranslate")
$objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
$objTrans.Set ($ADS_NAME_TYPE_1779, $strDNSDomain)
$objTrans.Set ($ADS_NAME_TYPE_NT4, $Domain & "\" & $Userid)
$UserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
MsgBox(0,"full domain path",$UserDN)
That returns the domain path of the current user, but I just want it to look for a certain OU and then display that path.

For example, say the function is called displayou($ouname). When I pass the value "Users" to it, I want it to display the path of the OU "Users". Such as CN=Users,DC=Domain,DC=local .

Is this pointless? Perhaps I should just define the OU myself? Maybe I'm making this more complicated than it needs to be...

Link to comment
Share on other sites

  • Developers

don't think its in there but when you found the user object you just do:

$Usr = ObjGet("LDAP://" & $UserDN)
$usr.SetPassword ($NewPsw)
$usr.put ("PwdLastSet", 0)
$usr.SetInfo

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Ugh, I'm having yet another problem understanding one of these functions.

The one that I am not understanding is the _ADGetObjectsInOU() function.

This is the function:

; _ADGetObjectsInOU
; Returns an array of the objects in an OU
; $ou : The OU to retrieve from
; $filter : optional, default "name'*'". An additional LDAP filter if required.
; $searchscope : optional, default 2. 0 = base, 1 = one-level, 2 = sub-tree
; $datatoretrieve : optional, default "Name". A comma-seperated list of values to retrieve. More than one value will create
; a 2-dimensional array, array[0][0] will contain the number of items returned, which start at array[1][0]

Func _ADGetObjectsInOU(ByRef $ObjectArray, $ou, $filter = "name='*'", $searchscope = 2, $datatoretrieve = "sAMAccountName", $sortby = "sAMAccountName")
    Local $objRecordSet
    $objCommand = ObjCreate("ADODB.Command")
    $objCommand.ActiveConnection = $objConnection
    $objCommand.Properties ("Page Size") = 256
    $objCommand.Properties ("Searchscope") = $searchscope
    $objCommand.Properties ("TimeOut") = 20
    
    $strCmdText = "<LDAP://" & $strHostServer & "/" & $ou & ">;" & $filter & ";" & $datatoretrieve & ";subtree"
    
    $objCommand.CommandText = $strCmdText
    $objRecordSet = $objCommand.Execute

    $recordcount = $objRecordSet.RecordCount
    If $recordcount = 0 Then
        $objCommand = 0
        $objRecordSet = 0
        Return 0
    EndIf
    
    If StringInStr($datatoretrieve, ",") Then

        $dtrArray = StringSplit($datatoretrieve, ",")
        
        Dim $ObjectArray[$recordcount + 1][$dtrArray[0]]
        
        $ObjectArray[0][0] = $recordcount
        $ObjectArray[0][1] = $dtrArray[0]
        
        $count = 1
        $objRecordSet.MoveFirst
        Do
            For $i = 1 To $dtrArray[0]
                $ObjectArray[$count][$i - 1] = $objRecordSet.Fields ($dtrArray[$i]).Value
            Next
            $objRecordSet.MoveNext
            $count += 1
        Until $objRecordSet.EOF
    Else
        Dim $ObjectArray[$recordcount + 1]
        $ObjectArray[0] = UBound($ObjectArray) - 1
        If $ObjectArray[0] = 0 Then
            $ObjectArray = 0
            Return 0
        Else
            $count = 1
            $objRecordSet.MoveFirst
            Do
                $ObjectArray[$count] = $objRecordSet.Fields ($datatoretrieve).Value
                $objRecordSet.MoveNext
                $count += 1
            Until $objRecordSet.EOF
        EndIf
    EndIf
    
    $objCommand = 0
    $objRecordSet = 0
    
    Return 1
    
EndFunc   ;==>_ADGetObjectsInOU

I can't seem to figure out how to use it at all. Do I have to create my own array or does it create one for me? If so, how would I display this array?

I tried _ADGetObjectsInOU($ObjectArray, $ou) (I define the $ou variable as CN=Users,DC=vmtest,DC=local ) and the error I get:

COM Error #: 000000A9

Description: Variable must be of type "Object"

Script Line #: 641 (in adfunctions.au3)

Can anyone help?

Link to comment
Share on other sites

Hi there,

probably someone could help me because I've really no Idea what's going wron with this script.

I always get following failure.

>"C:\Programme\AutoIt3\SciTE\..\autoit3.exe" /ErrorStdOut "\\40.4.200.210\c$\Domainusers.au3"

C:\Programme\AutoIt3\Include\adfunctions.au3 (141) : ==> Missing right bracket ')' in expression.:

$ObjUser = $ObjOU.Create ("User", $cnname)

$ObjUser = ^ ERROR

>Exit code: 1 Time: 5.025

CODE
#include <adfunctions.au3>

#include <ExcelCOM.au3>

$sFilePath = "c:\UserAccounts.xls"

;$importfilepath = "c:\Nashuatecimport.csv"

$fVisible = 0

$oExcel = _ExcelBookOpen($sFilePath, $fVisible)

$datensatz = 1

$line = 12

While $datensatz = 1

$line = $line + 1

$fname = _ExcelReadCell($oExcel, "A" & $line)

$lname = _ExcelReadCell($oExcel, "B" & $line)

IF $fname = "" Then $datensatz = 0

$user = $fname & "." & $lname

$userou = "users=ou, 04unique=ou, GermanUSGGroup=dc ,local=dc"

$description = "nothing"

_ADCreateUser($userou, $user, $fname, $lname, $description)

WEnd

_ExcelBookClose($oExcel)

Link to comment
Share on other sites

The problem here is actually a bug in the ADFunctions.au3 code itself. Apologies for this, i've never noticed it before now because I never used the 'default' filter option after I wrote it.

To fix the problem, change the Func line in ADFunctions to read like this;

Func _ADGetObjectsInOU(ByRef $ObjectArray, $ou, $filter = "(name=*)", $searchscope = 2, $datatoretrieve = "sAMAccountName", $sortby = "sAMAccountName")

You should Dim the array before calling the function, so that the function has somewhere to pass the data. An example would look like this;

#include <adfunctions.au3>
#include <array.au3>

Dim $objectarray
$ou = "ou=users,dc=mydomain,dc=com"
_ADGetObjectsInOU($objectarray, $ou)
_ArrayDisplay($objectarray)

I can't seem to figure out how to use it at all. Do I have to create my own array or does it create one for me? If so, how would I display this array?

I tried _ADGetObjectsInOU($ObjectArray, $ou) (I define the $ou variable as CN=Users,DC=vmtest,DC=local ) and the error I get:

COM Error #: 000000A9

Description: Variable must be of type "Object"

Script Line #: 641 (in adfunctions.au3)

Can anyone help?

Link to comment
Share on other sites

Chris,

The only thing I can see that might be causing an issue is the syntax of the OU. I believe if you change the line

$userou = "users=ou, 04unique=ou, GermanUSGGroup=dc ,local=dc"

to something more like

$userou = "ou=users,ou=04unique,dc=GermanUSGGROUP,dc=local"

then this should fix the issue. From the error, I'm guessing that the ObjOU is never being generated because it can't open the OU Object from the variable you've passed it.

Try that and let me know if it works.

Cheers,

JC.

Hi there,

probably someone could help me because I've really no Idea what's going wron with this script.

I always get following failure.

>"C:\Programme\AutoIt3\SciTE\..\autoit3.exe" /ErrorStdOut "\\40.4.200.210\c$\Domainusers.au3"

C:\Programme\AutoIt3\Include\adfunctions.au3 (141) : ==> Missing right bracket ')' in expression.:

$ObjUser = $ObjOU.Create ("User", $cnname)

$ObjUser = ^ ERROR

>Exit code: 1 Time: 5.025

CODE
#include <adfunctions.au3>

#include <ExcelCOM.au3>

$sFilePath = "c:\UserAccounts.xls"

;$importfilepath = "c:\Nashuatecimport.csv"

$fVisible = 0

$oExcel = _ExcelBookOpen($sFilePath, $fVisible)

$datensatz = 1

$line = 12

While $datensatz = 1

$line = $line + 1

$fname = _ExcelReadCell($oExcel, "A" & $line)

$lname = _ExcelReadCell($oExcel, "B" & $line)

IF $fname = "" Then $datensatz = 0

$user = $fname & "." & $lname

$userou = "users=ou, 04unique=ou, GermanUSGGroup=dc ,local=dc"

$description = "nothing"

_ADCreateUser($userou, $user, $fname, $lname, $description)

WEnd

_ExcelBookClose($oExcel)

Link to comment
Share on other sites

The problem below is because the _ADIsMemberOf function requires full DN Syntax for both the group and the user. The easiest way to get this is to use _ADSamAccountNametoFQDN('samid') to return the fully qualified distinguished name of the objects.

....

But in you adfunctions.au3 I read this:

; _ADIsMemberOf

; Takes samAccountNames for a group and a user

Please can you correct this for future downloads, so other users are not confused !

Greetz from Austria

RaVen

Link to comment
Share on other sites

Having a problem with _ADGetGroupMembers

C:\PROGRA~1\AutoIt3\Include\ADfunctions.au3 (418) : ==> Object referenced outside a "With" statement.:

$membersadd = $objRecordSet.fields (0).Value

$membersadd = $objRecordSet.fields (0)^ ERROR

which is called in this section of a script

CODE
If GUICtrlRead ($Group_Select) <> "Please Select Group" Then

AdlibDisable()

If GUICtrlRead ($Members) = "Obtaining List of members..." Then

$StrGroup = StringLeft(GUICtrlRead ($Group_Select), StringInStr(GUICtrlRead ($Group_Select),".", 2, 1)-1)

MsgBox (0, "Debug", $StrGroup)

If _ADGetGroupMembers ( $Members_Query, _ADSamAccountNametoFQDN($StrGroup), 1) <> 1 Then

MsgBox (0, "error", "Could not find group")

MsgBox (0, "error", _ADSamAccountNametoFQDN(GUICtrlRead ($Group_Select)))

EndIf

If Not @error Then

_ArraySort( $Members_Query)

;~ _ArrayDisplay( $Members_Query)

Else

MsgBox(16, "Error", "Error returned: @error = " & @error)

Exit

EndIf

For $i = 1 To $Members_Query[0]

If @error = 1 then ExitLoop

GUICtrlSetData($Members, _ADDNToSamAccountName($Members_Query[$i])) ; add other item snd set a new default

Next

EndIf

EndIf

the error is sporadic sometimes it will work while others it will prompt the error. any help would be appreciated

Link to comment
Share on other sites

This has now been fixed in the comments. v3.1.2 has been uploaded to the forums.

But in you adfunctions.au3 I read this:

; _ADIsMemberOf

; Takes samAccountNames for a group and a user

Please can you correct this for future downloads, so other users are not confused !

Greetz from Austria

RaVen

Link to comment
Share on other sites

Chris,

The only thing I can see that might be causing an issue is the syntax of the OU. I believe if you change the line

$userou = "users=ou, 04unique=ou, GermanUSGGroup=dc ,local=dc"

to something more like

$userou = "ou=users,ou=04unique,dc=GermanUSGGROUP,dc=local"

then this should fix the issue. From the error, I'm guessing that the ObjOU is never being generated because it can't open the OU Object from the variable you've passed it.

Try that and let me know if it works.

Cheers,

JC.

Link to comment
Share on other sites

I've changed the line like you told me but it still does not work... :-(

Probably you could have anothe look at it..

regards

We intercepted a COM Error !

Number is : 0000000A9

Windescription is. Variable must be of type 'Object'

Script line number is: 152

We intercepted a COM Error !

Number is : 0000000A9

Windescription is. Variable must be of type 'Object'

Script line number is: 153

We intercepted a COM Error !

Number is : 0000000A9

Windescription is. Variable must be of type 'Object'

Script line number is: 155

Link to comment
Share on other sites

  • 2 weeks later...

I have a different question because all these variables are quit difficult for me (or i'm thinking much too difficult)

I'm trying to use a bit of the script to create a "If Member Of .... Then"

I just don't know where to start, how do i use

#include <adfunctions.au3>
_ADIsMemberOf("Administrators","myusername")
?

I get a COM error number 80072032 as a result, error = 0

The group administrators exist, i tried a security group but also no result.

Could someone show some examples on how to use _ADIsMemberOf or other variables from adfunctions.au3?

Because in the end i want to replace our loginscript.vbs with autoit scripts.

Greetings

Rick

Link to comment
Share on other sites

Is it possible to use this to pull the profile path out of active directory for a specified user?

like you get a prompt for the user name and enter Bob Smith and get a variable that = \\servername\path\bobsmith

i've been looking all over for something that could do this.

any help is greatly appreciated

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...