Jump to content

Active Directory Scripts


Johny Clelland
 Share

Recommended Posts

Newbie Needs Help

I've tried to use _ADModifyAttribute, _ADObjectExists, and _ADSamAccountNametoFQDN and can't get any of them to work. Perhaps I don't know how to feed these functions the samAccountName. I downloaded the lastest adfunctions.au3 file and have it include in my script. Here are some excerpts from my code...

$object = @ComputerName

$result = _ADObjectExists($object)

MsgBox(0,"test", $result)

This will return a 0 and can't find my computer name. I tried putting CN= in front of it and tried using my username with and without the CN= as an object name as well.

$result = _ADSamAccountNametoFQDN($object)

MsgBox(0,"test", $result)

This will return an empty string

Anyone have any ideas as to what I'm doing wrong?? This UDF looks great but I'm not having any luck in using any of the functions. ...and yes, I am a part of the domain and am logged into it.

The global variables $strDNSDomain and $strHostServer do populate correctly.

Link to comment
Share on other sites

Have not had a chance yet, but I am sure I will be able to use quite a few of these functions. Seems alot cleaner than running a command line tool like DSGet and capturing the output (Yep thats what I do) <_<...

Is there a way to get the context help added to Scite?

Thanks!

ZipleR

Link to comment
Share on other sites

BuckeyeFan,

The problem here is that Computer's SamAccountName attribute in ADSI have a '$' symbol on the end of them. If you change the first line of your code to this;

$object = @Computername & "$"

Then it should work. The full code would look like this;

$object = @ComputerName & "$"
$result = _ADObjectExists($object)
MsgBox(0,"",$result)

$result = _ADSamAccountNametoFQDN($object)
MsgBox(0,"",$result)

Hope that helps.

Johny.

Newbie Needs Help

I've tried to use _ADModifyAttribute, _ADObjectExists, and _ADSamAccountNametoFQDN and can't get any of them to work. Perhaps I don't know how to feed these functions the samAccountName. I downloaded the lastest adfunctions.au3 file and have it include in my script. Here are some excerpts from my code...

$object = @ComputerName

$result = _ADObjectExists($object)

MsgBox(0,"test", $result)

This will return a 0 and can't find my computer name. I tried putting CN= in front of it and tried using my username with and without the CN= as an object name as well.

$result = _ADSamAccountNametoFQDN($object)

MsgBox(0,"test", $result)

This will return an empty string

Anyone have any ideas as to what I'm doing wrong?? This UDF looks great but I'm not having any luck in using any of the functions. ...and yes, I am a part of the domain and am logged into it.

The global variables $strDNSDomain and $strHostServer do populate correctly.

Link to comment
Share on other sites

Is there a help associated with the adfunctions.au3? I am finding it difficult to understand which variables get provided when calling a function. I have been working with AutoIT for about a year and have always relied on the help to find out what information to include with functions. Any help would be greatly appreciated.

Even a simple MsgBox that displays the current domain controllers. What information to I need to provide when using:

MsgBox(0,"MSG box sample", _ADListDomainControllers())

Thanks again.

Link to comment
Share on other sites

  • 2 weeks later...

Don't know where to post it, so I'll put it here:

This is a sample to find out which accounts are disabled at the moment. I'm sure it's not the straightest way to do it, I just did a copy and paste and added four lines. You can easily find them, since they look kina ugly... :P

#include 'adfunctions.au3'

Dim $objConnection, $objRootDSE, $objRecordSet, $arrContainers, $garrContainers

$objConnection = ObjCreate("ADODB.Connection")  ; Create COM object to AD
$objCommand = ObjCreate("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")  ; Open connection to AD
$objCommand.ActiveConnection = $objConnection
$objCommand.Properties ("Page Size") = 1000
$objCommand.Properties ("Searchscope") = 2
$objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext")  ; Retrieve the current AD domain name
$Domain=StringSplit($strDNSDomain, '=')
$Domain=StringTrimRight($Domain[2], 3)

_ADGetObjectsInOU ($arrContainers, $strDNSDomain, "objectclass='organizationalPerson'", 2)

Const $ADS_NAME_INITTYPE_GC = 3
Const $ADS_NAME_TYPE_NT4 = 3
Const $ADS_NAME_TYPE_1779 = 1
$objTrans = ObjCreate("NameTranslate")
$objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
$objTrans.Set ($ADS_NAME_TYPE_1779, $Domain)

For $c = 1 To UBound($arrContainers) - 1
    $objTrans.Set ($ADS_NAME_TYPE_NT4, $Domain & '\' & $arrContainers[$c])
    $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
    $UserObj = ObjGet("LDAP://" & $strUserDN)
    $State=$UserObj.userAccountControl
    If $State = '514' Or $State = '66050' Then ConsoleWrite($arrContainers[$c]&@CR)
Next        

;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError

By the way: is there a place to find all the properties that you can get via AD? I found http://www.microsoft.com/technet/prodtechn...4.mspx?mfr=true (Sorry, it's german ;) ) , seems to be pretty close. Can you give me other hints/links?

Err, could someone move this to the examples-forum, please?

Hi All I'm very new to this, But I have download the latest adfuctions.au3 and I'm useing the above to test to see if this script works, and I get the following error message when I run the program.

We Intercepted a COM Error!

Number is: 000000A9

Windescription is:Varible must be of type 'Object'.

Script Line number is:641

can any one please help me I'm new to this!!!!

TIA

Optimal

Even when I try to run this script just an empty box pops up.!!! btw 'adfunctions.au3' has been saved in the includes folder

#include 'adfunctions.au3'

Const $ADS_NAME_INITTYPE_GC = 3

Const $ADS_NAME_TYPE_NT4 = 3

Const $ADS_NAME_TYPE_1779 = 1

$Domain = 'Carshalton'

$Userid = 'levitong'

$objTrans = ObjCreate("NameTranslate")

$objTrans.Init ($ADS_NAME_INITTYPE_GC, "")

$objTrans.Set ($ADS_NAME_TYPE_1779, $strDNSDomain)

$objTrans.Set ($ADS_NAME_TYPE_NT4, $Domain & "\" & $Userid)

$UserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)

MsgBox(0,"full domain path",$UserDN)

Edited by OptimalKiller
Link to comment
Share on other sites

Are you aware that if _ADGetObjectAttribute(@UserName,"mail") is run and the currently logged in user does not have an email set, the script crashes and whatever program/script you have running just exits with a hex error? I'm looking at coding a workaround.

Error:

(339) : ==> Badly formated variable or macro.:

$oMyRet[0] = $HexNumber

$oMyRet^ ERROR

Edited by Yorn
Link to comment
Share on other sites

  • 4 weeks later...

$AD_FName = _ADGetObjectAttribute(@UserName,"givenName")

$AD_LName = _ADGetObjectAttribute(@UserName,"sn")

The above puts the First Name of the currently logged in user into $AD_FName and the Last Name into $AD_LName.

I think one of the functions pulls all the users of a group into an array for you, so then you could cycle through the array using a while and pop out the usernames and such. I'm not certain what it would look like myself.

Link to comment
Share on other sites

  • 4 weeks later...

I have a script which is am using to create user accounts. When creating user accounts I need to add users to groups like "DL/All Users". When using _ADAddUserToGroup, _ADIsMemberOf, or _ADSamAccountNameToFQDN they error out with an error. (I am passing the FQDN appropriatly as I can get the same functions to work on other groups)

I am thinking this has something to do with the fact that the Group name has a "/" in it, but I am not sure how else I can pass that.

Is there something that can be done so these functions will work? Do you think it is the way LDAP handles the slash, or the way the parameters are passed between functions?

Here is an example of the error for _ADAddUserToGroup

------------------------------------------------------------

We intercepted a COM Error !

Number is: 90072032

Windescriptiopn is: An invalid dn syntax has been specified.

Script line number is: 283

------------------------------------------------------------

Here is line 283

$ObjGroup = ObjGet("LDAP://" & $strHostServer & "/" & $group)

Any help would be appreciated.

Thanks!

Edited by ZipleR
Link to comment
Share on other sites

I found a work around for now by using the command dsmod. This only works if I manually supply the group name compleatly enclosed in quotes. (See Below)

$UserFQDN = _ADSamAccountNameToFQDN($UserName)
Runwait('dsmod group "CN=DL/Long list of Users,CN=Recipients,CN=Users,DC=test,DC=com" -addmbr "' & $UserFQDN & '"',"",@SW_HIDE)

I still can not use ADTools to do anything with groups that contain a forward slash (/)

Thanks!

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Do I have to be on a domain controller in order to use these scripts? I'm trying to create a script which will take users from a csv file and add them to a new active directory group.

You don't have to be on the DC, but you do need network access to one and appropriate permissions for your intended actions in the AD.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites

Hi,

I'm testing adfunctions.au3 and get an error:

>Running:(3.2.10.0):C:\Programme\AutoIt3\autoit3.exe "D:\CreateGroups.au3"  
C:\Programme\AutoIt3\Include\adfunctions.au3 (174) : ==> Missing right bracket ')' in expression.: 
$ObjGroup = $ObjOU.Create ("Group", $groupcn) 
$ObjGroup = ^ ERROR
->10:18:43 AutoIT3.exe ended.rc:1

Can someone help me with that?

Mit freundlichen GrüßenJens

Link to comment
Share on other sites

Hello,

I am a newbie. So I think, i wrote my script wrong. Could anyone help me ?

I downloaded and installed (in the include dir) the ad-scripts.

I want to know, if someone is in the ad group.

The group name is allrights and the name of the user is george (for example).

What do I wrong ?

Look at my script now:

;#include "c:\programme\autoit3\include\adfunctions.au3"

#include "adfunctions.au3"

$x = _ADIsMemberOf("allrights","george")

If I start this script - I get only an error.

Thank you for your help.

linkit

P.S.:

The Error Message:

C:\Program Files\AutoIt3\Include\adfunctions.au3 (277) : ==> Error in expression.:

$ismember = $objGroup.IsMember ("LDAP://" & $strHostServer & "/" & $user)

$ismember = ^ ERROR

>Exit code: 1 Time: 5.712

Edited by linkit
Link to comment
Share on other sites

What happens if you move line 93 of adfunctions.au3 to the top? What is the error then?

@surveyor- Line 174 (the line that fails for you), is blank for me. Do you have a script I can test with please?

Edited by Bert
Link to comment
Share on other sites

What happens if you move line 93 of adfunctions.au3 to the top? What is the error then?

@surveyor- Line 174 (the line that fails for you), is blank for me. Do you have a script I can test with please?

I have set

Global $objRootDSE = ObjGet("LDAP://RootDSE")

to the top but it's the same error.

Mit freundlichen GrüßenJens

Link to comment
Share on other sites

I have set

Global $objRootDSE = ObjGet("LDAP://RootDSE")

to the top but it's the same error.

#include <adfunctions.au3>

_ADCreateGroup("LDAP://OU=Gruppen,OU=GV,DC=fhhnet,DC=stadt,DC=hamburg,DC=de", "G-GV-_Testgruppe", $ADS_GROUP_TYPE_GLOBAL_SECURITY)

Exit

Mit freundlichen GrüßenJens

Link to comment
Share on other sites

I have set

Global $objRootDSE = ObjGet("LDAP://RootDSE")

to the top but it's the same error.

Sorry... Thats line... 84 for me. I thought we were using the same script? Move $oMyError = ObjEvent("AutoIt.Error", "_ADDoError") ; Install a custom error handler to the top... :)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...