Active Directory Scripts

[KenE]

It's not letting me download that ....

I had to delete the file for a minute, I had forgotten to remove my domain-specific info... This will probably not fix what you're doing anyway, I didn't do anything with the original code. -What attribute are you trying to modify, and are you allowing enough time for the changes to replicate (if you have more than one DC)?

[cherdeg]

Hey guys, very cool of you to further enhance "ADfunctions.au3".

What would you think about a function to verify the password for a user account against a local/remote host or a domain?

[cherdeg]

Hey guys, very cool of you to further enhance "ADfunctions.au3".

What would you think about a function to verify the password for a user account against a local/remote host or a domain?

[dmorand]

I had to delete the file for a minute, I had forgotten to remove my domain-specific info... This will probably not fix what you're doing anyway, I didn't do anything with the original code. -What attribute are you trying to modify, and are you allowing enough time for the changes to replicate (if you have more than one DC)?

We do have 3 DC Controllers. I make the change and I wait up to 5 minutes and I check to see if it worked but I don't see it updated. This was working a couple of days ago, but now all of a sudden it's not. I was just wondering if my code was wrong, but I looked over it a bunch of times, and it didn't look wrong to me.

[KenE]

Hey guys, very cool of you to further enhance "ADfunctions.au3".

What would you think about a function to verify the password for a user account against a local/remote host or a domain?

Hmmm... maybe someday. I'll look into it, but in the meantime, I was able to find this:

http://www.autoitscript.com/forum/index.php?showtopic=40414

Maybe this simple script is enough for what you need?

[KenE]

We do have 3 DC Controllers. I make the change and I wait up to 5 minutes and I check to see if it worked but I don't see it updated. This was working a couple of days ago, but now all of a sudden it's not. I was just wondering if my code was wrong, but I looked over it a bunch of times, and it didn't look wrong to me.

You're really not providing enough info for anyone to help you... If you want help, you need to provide as much information as you can.

What attribute are you trying to modify?

Are you passing this via the command line, or your input boxes?

Have you successfully modified this same attribute before?

Is the user in a sub-domain vs root domain (if you have more than one)?

Are you running this from a machine/account that has sufficient rights?

[dmorand]

You're really not providing enough info for anyone to help you... If you want help, you need to provide as much information as you can.

What attribute are you trying to modify?

Are you passing this via the command line, or your input boxes?

Have you successfully modified this same attribute before?

Is the user in a sub-domain vs root domain (if you have more than one)?

Are you running this from a machine/account that has sufficient rights?

Sorry, let me give some more info:

I've tried to modify these attributes so far:

postOfficeBox

streetAddress

description

I've tried both command line and input box but with no luck.

I'm running this from my machine and I'm a domain admin.

[dmorand]

Anyone happen to notice an issue with this script??

#include <adfunctions.au3>;Include the adfunctions to call

If $CmdLine[0] = 3 then
    $username = $CmdLine[1] 
    $attr = $CmdLine[2]
    $val = $CmdLine[3]
Else
    $username = inputbox("Modify Attribute","Please enter username to modify")
    $attr = inputbox("Modify Attribute","Please enter attribute to modify")
    $val = inputbox("Modify Attribute","Value")
EndIf

;Attribute = extensionAttribute1
$att_set = _ADModifyAttribute($username, $attr, $val)
;$att_set = _ADModifyAttribute("dmorand", "extensionAttribute1", "")

;and $CmdLine[0] = 0
if $att_set = 1 Then
    MsgBox(0,"Attribute Set","Your attribute has been modified!")
EndIf

I run this, and I get the message box stating that my attribute has been modified, but when I check the attribute in AD, I don't see it modified. Am I missing something???

This is the code I'm running. When I compile this to an exe I'm running it like this:

script.exe "dmorand" "postOfficeBox" "9045"

That's correct right?

[dmorand]

It started working again, not sure why but it did.

[Dr.Chi]

I love these functions and can't live without them.

However I can't get "_ADGetUserGroups" to work. I may be using the syntax wrong. Can someone help? I just want a simple script that gives me an array of what AD groups "User1" is in.

I thought it would be as easy as:

$ADuser = "JDoe"

_ADGetUserGroups(ByRef $usergroups, $ADUser)

Then pull the user's groups from $usergroups[1], $usergroups[2], etc.

But that doesn't work.

[archgriffin]

To get this to work myself, I had to do it like this:

_ADGetUserGroups($loggedonusergroups, $ADUser )

$loggedonusergroups is already set by the script itself, try that and let me know what happens.

[Dr.Chi]

That worked perfect, not sure how I didn't get to that point in troubleshooting...

Thanks!

To get this to work myself, I had to do it like this:

_ADGetUserGroups($loggedonusergroups, $ADUser )

$loggedonusergroups is already set by the script itself, try that and let me know what happens.

[ne0trace]

Hello,

I hate to reply to an "old topic" but do you think it would be possible to put a user into 2 domains with this script? We currently need to this temporarily as we need a real user and another ghost user serving the wiki.

thank you

Felix

[jokke]

Heres a computer DN search:

; _ADGetComputerDN
; Searches for computer by name and returns its distinguishedName
; Returns the computerDN if the object exists in the tree, 0 otherwise
; Function by Joachim Nordvik (jokke), 16.10.2008
Func _ADGetComputerDN($search)
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(objectCategory=computer);distinguishedName,name;subtree" 
    $objRecordSet = $objConnection.Execute ($strQuery)
    Do
        If $objRecordSet.Fields("name").Value = $searchThen
            Return $objRecordSet.Fields("distinguishedName").Value
        EndIf
        $objRecordSet.MoveNext
    Until $objRecordSet.EOF
    Return 0
EndFunc   ;==>_ADGetComputerDNoÝ÷ Ø*&¦ë^¬3^v+b®¶­sc²ôEWFFT6ö×WFW$Dࣲb33c¶ö&¦V7BÒö&¦V7BFòÖöFg6ö×WFW"D⣲b33c·fÇVRÒfÇVRFò6WBGG&'WFRFòÂW6R&Ææ²7G&ærgV÷C²gV÷C²FòFVÆWFRâGG&'WFP£²gVæ7Föâ'¦ö6Òæ÷&Gf²Âbãã#¤gVæ2ôEWFFT6ö×WFW$Dâb33c¶ö&¦V7BÂb33c¶GG&'WFRÂb33c·fÇVR b33c·7G%VW'ÒgV÷C²fÇC´ÄD¢òògV÷C²fײb33c·7G$÷7E6W'fW"fײgV÷C²ògV÷C²fײb33c·7G$Då4FöÖâfײgV÷C²fwC³²F7FæwV6VDæÖSÒgV÷C²fײb33c¶ö&¦V7BfײgV÷C²´G5F·7V'G&VRgV÷C° b33c¶ö&¥&V6÷&E6WBÒb33c´ö&¤6öææV7FöâäWV7WFRb33c·7G%VW'²&WG&WfRFReDâf÷"FRö&¦V7@  b33c¶ÆFöVçG'Òb33c¶ö&¥&V6÷&E6WBæfVÆG2çfÇVP b33c¶ôö&¦V7BÒö&¤vWBb33c¶ÆFöVçG'²&WG&WfRFR4ôÒö&¦V7Bf÷"FRö&¦V7@  b33c¶ôö&¦V7BävWDæfð  bb33c·fÇVRÒgV÷C²gV÷C²FVà b33c¶ôö&¦V7BåWDWÂb33c¶GG&'WFR VÇ6P b33c¶ôö&¦V7BåWBb33c¶GG&'WFRÂb33c·fÇVR VæD`  b33c¶ôö&¦V7Bå6WDæfð b33c¶ôö&¦V7BåW&vU&÷W'GÆ7@  b33c¶ôö&¦V7BÒ  &WGW&â¤VæDgVæ2³ÓÒfwCµôEWFFT6ö×WFW$D

Edited October 16, 2008 by jokke

[jokke]

We use this code to uppdate our computer description (so it shows inn the default computer search) since we have a AutoIt written application running on every logon:

_ADUpdateComputerDN(_ADGetComputerDN(@ComputerName),"description",_ADGetObjectAttribute(@UserName,"givenName")&" "&_ADGetObjectAttribute(@UserName,"sn"))

(was unable to edit my last post, as all its content then got scrambled)

Edited October 16, 2008 by jokke

[Micha1405]

Great Job !!

what about move an user to another OU ?

can anybody build this code ?

[SteveP]

I have been trying to use the _ADCreateUser() part of ADFunctions.au3, version 3.1.6, but am getting an error. Here is my test script:

#include <ADFunctions.au3>

$userou="users=ou, cityoftroy=dc, local=dc"
$user="LastNameF"
$fname="FirstName"
$lname="LastName"
$description="Test user"

_ADCreateUser($userou, $user, $fname, $lname, $description)

and here is the error:

We intercepted a COM Error !
Number is: 80072020
Windescription is: An operations error occurred.

Script Line number is: 1582

Any ideas how to correct this?

[Jos]

shouldn't this:

$userou="users=ou, cityoftroy=dc, local=dc"

be

$userou="ou=users, dc=cityoftroy, dc=local"

?

Jos

[water]

Hi everybody,

I have another problem:

_ADGetObjectsInOU($Groups, $ou, "(&(objectCategory=Group)(sAMAccountName=*))", 2, "cn,description,info")

retrieves for each record the cn and info field. The description field is always returned as empty even when there is text in the AD description field.

When I check with other AD browsers then I can see the description.

Does anyone know what causes this problem?

Thanks

Thomas

Edited November 12, 2008 by water

[arcker]

maybe description is an array or something.