Sign in to follow this  
Followers 0
redfive19

Return Distinguished Group Name from AD

7 posts in this topic

Hi guys,

Back again. I've made a lot of progress on this script I've been working on. I've got it returning the short name of the group but have recently found out they need it to return the FQDN of the group name.

This code returns the short name of the groups that a computer object belongs to.

$strComputerPath = 'LDAP://' & $legcompname
 $objComputer = ObjGet($strComputerPath) 

For $strGroup in $objComputer.MemberOf ()
    $strGroupPath = "LDAP://" & $strGroup 
     $objGroup = ObjGet($strGroupPath)
     Msgbox=(0, 'CN', $object.CN)

This is the code that should return the FQDN group name but doesn't. I've hardcoded the $group variable but it will be based on the group returned from the above code.

$objSystemInfo = ObjCreate("ADSystemInfo") 
$strDomain = $objSystemInfo.DomainShortName
$group = 'Office_2003'


$strQuery = "<LDAP://" & $strDomain & ">;(sAMAccountName=" & $group & ");distinguishedName;subtree"
$objRecordSet = $objConnection.Execute ($strQuery); Retrieve the FQDN for the logged on user
If @error <> 0 Then Return 0
    if $objRecordSet.eof then
    SetError(2)
    Return 0;group non found
    Else
    $groupdn=$objRecordSet.fields(0).value
    MsgBox(0, 'FQDN', $groupdn)
    EndIf

Any help would be greatly appreciated as always!! Thank you!!

- redfive

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I can't test right now, but from what I see on "Using ADSI, LDAP, and Network Management Functions With Active Directory", this should do it (in-expert translation from VBS to AutoIt). I'm assuming you can get the group by just using it as the container name (cn):

$oObj = ObjGet("LDAP://cn=" & $group & ",dc=myCompany,dc=com")
$dnName =  $oObj.Get("distinguishedName")

:shocked:

Edit: Fixed obj reference typo in second line.

Edited by PsaltyDS

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

This code does exactly what I need. (If I choose 7) However, for some reason I can't covert just that part to AutoIt script. Can you guys help me out? Thanks!

Dim objConnection,objCommand,objRootLDAP,strDNSDomain,strUserorMachine
Const ADS_SCOPE_ONELEVEL = 1
Const ADS_SCOPE_SUBTREE = 2
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objConnection.Cursorlocation=3

Set objCommand =   CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000

Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

GetInputs

Wscript.Echo "Searching " & strDNSDomain

Set objRecordSet = objCommand.Execute
objRecordSet.Sort="Name"

If objRecordSet.RecordCount = 0 Then WScript.Echo "No records found"

Do Until objRecordSet.Eof
   'WScript.Echo objRecordSet.Fields("sAMAccountName") & "," & objRecordSet.Fields("name") & "," & objRecordSet.Fields("distinguishedname")
   WScript.Echo "UserID/MachineName = " & objRecordSet.Fields("sAMAccountName") 
   wscript.Echo "Full Name = " & objRecordSet.Fields("name") 
   Wscript.Echo "LDAP Path = " & objRecordSet.Fields("distinguishedname")
   WScript.Echo
   objRecordSet.Movenext
Loop
WScript.Echo objRecordSet.RecordCount & " records were returned" & VbCrLf

objRecordSet.close
objConnection.close


Sub GetInputs
   
   QueryType1 = "1) Search for a single enabled user"
   QueryType2 = "2) Search for a single user (enabled OR disabled)"  
   QueryType3 = "3) Return all ENABLED users from the entire domain"
   QueryType4 = "4) Return all users (enabled AND disabled) from the entire domain"
   QueryType5 = "5) Return all ENABLED users from a single level" 
   QueryType6 = "6) Return all users (enabled AND disabled) from one level"
   QueryType7 = "7) Search for a single group"
   QueryType8 = "8) Return all machines in the domain"  
   QueryType9 = "9) Return all machines from a single level"
   
   QueryChoice = InputBox(QueryType1 & VbCrLf & VbCrLf & QueryType2 & VbCrLf & VbCrLf & QueryType3 & VbCrLf & VbCrLf & _
                           QueryType4 & VbCrLf & VbCrLf & QueryType5 & VbCrLf & VbCrLf & QueryType6 & VbCrLf & VbCrLf & _
                           QueryType7 & VbCrLf & VbCrLf & QueryType8 & VbCrLf & VbCrLf & QueryType9, "Please select a query (1-9)")
   
   Set objRegExp = New RegExp
   With objRegExp
       .Pattern = "[0-9]"
       .IgnoreCase = True
       .Global = True
   End With
   
   If QueryChoice = "" Then 
       WScript.Quit
   ElseIf objRegExp.Test(QueryChoice) Then
   
       Select Case QueryChoice
           Case 1
               strUserorMachine = InputBox("Enter a userID to search for")
               If strUserorMachine = "" Then WScript.Quit
               objCommand.CommandText = "<LDAP://" & strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(samaccountname=" & strUserorMachine & ")); sAMAccountName,distinguishedname,name;subtree"
               objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
           Case 2
               strUserorMachine = InputBox("Enter a userID to search for")
               If strUserorMachine = "" Then WScript.Quit
               objCommand.CommandText = "<LDAP://" & strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(samaccountname=" & strUserorMachine & ")); sAMAccountName,distinguishedname,name;subtree"
               objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
           Case 3
               objCommand.CommandText = "<LDAP://" & strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)); name,sAMAccountName,distinguishedname;subtree"
               objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
           Case 4
               objCommand.CommandText = "<LDAP://" & strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)); name,sAMAccountName,distinguishedname;subtree"
               objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
           Case 5
               strDNSDomain = InputBox("Enter the OU/Container to be searched")
               If strDNSDomain = "" Then WScript.Quit
               objCommand.CommandText = "<LDAP://" & strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)); name,sAMAccountName,distinguishedname;onelevel"
               objCommand.Properties("Searchscope") = ADS_SCOPE_ONELEVEL
           Case 6
               strDNSDomain = InputBox("Enter the OU/Container to be searched")
               If strDNSDomain = "" Then WScript.Quit
               objCommand.CommandText = "<LDAP://" & strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)); name,sAMAccountName,distinguishedname;onelevel"
               objCommand.Properties("Searchscope") = ADS_SCOPE_ONELEVEL
           Case 7
               strUserorMachine=InputBox("Enter a group name to search for")
               If strUserorMachine = "" Then WScript.Quit
               objCommand.CommandText = "<LDAP://" & strDNSDomain & ">;(&(objectCategory=group)(name=" & strUserorMachine & ")); samAccountName,distinguishedname,name;subtree"
               objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
           Case 8
               objCommand.CommandText = "<LDAP://" & strDNSDomain & ">;(objectCategory=computer); samAccountName,distinguishedname,name;subtree"
               objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
           Case 9
               strDNSDomain = InputBox("Enter the OU/Container to be searched")
               If strDNSDomain = "" Then WScript.Quit
               objCommand.CommandText = "<LDAP://" & strDNSDomain & ">;(objectCategory=computer); samAccountName,distinguishedname,name;onelevel"
               objCommand.Properties("Searchscope") = ADS_SCOPE_ONELEVEL
           Case Else
               GetInputs
       End Select
   Else
       GetInputs
   End If
               
                       
End Sub

Function PasswordExpires(strUser)

   Set objUser = GetObject("LDAP://" & strUser)
   intUserAccountControl = objUser.Get("userAccountControl")
   
   If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
       PasswordExpires=True
   Else
       PasswordExpires=False
   End If
End Function

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Dim $objConnection,$objCommand,$objRootLDAP,$strDNSDomain,$strUserorMachine
Const $ADS_SCOPE_ONELEVEL = 1
Const $ADS_SCOPE_SUBTREE = 2
Const $ADS_UF_DONT_EXPIRE_PASSWD = 0x10000

$objConnection = ObjCreate("ADODB.Connection")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")
$objConnection.Cursorlocation=3

$objCommand =   ObjCreate("ADODB.Command")
$objCommand.ActiveConnection = $objConnection
$objCommand.Properties("Page Size") = 1000

$objRootLDAP = ObjGet("LDAP://RootDSE")
$strDNSDomain = $objRootLDAP.Get("DefaultNamingContext")

GetInputs()

ConsoleWrite("Searching " & $strDNSDomain & @crlf)

$objRecordSet = $objCommand.Execute
$objRecordSet.Sort="Name"

If $objRecordSet.RecordCount = 0 Then ConsoleWrite("No records found" & @crlf)

While Not $objRecordSet.Eof()
   ConsoleWrite($objRecordSet.Fields("sAMAccountName").value & "," & $objRecordSet.Fields("name").value & "," & $objRecordSet.Fields("distinguishedname").value & @crlf)
   ConsoleWrite("UserID/MachineName = " & $objRecordSet.Fields("sAMAccountName").value & @crlf)
   ConsoleWrite("Full Name = " & $objRecordSet.Fields("name").value & @crlf)
   ConsoleWrite("LDAP Path = " & $objRecordSet.Fields("distinguishedname").value & @crlf)
   ConsoleWrite(@crlf)
   $objRecordSet.Movenext()
Wend
ConsoleWrite($objRecordSet.RecordCount & " records were returned" & @CRLF)

$objRecordSet.close()
$objConnection.close()


Func GetInputs()
  
   $QueryType1 = "1) Search for a single enabled user"
   $QueryType2 = "2) Search for a single user (enabled OR disabled)"  
   $QueryType3 = "3) Return all ENABLED users from the entire domain"
   $QueryType4 = "4) Return all users (enabled AND disabled) from the entire domain"
   $QueryType5 = "5) Return all ENABLED users from a single level"
   $QueryType6 = "6) Return all users (enabled AND disabled) from one level"
   $QueryType7 = "7) Search for a single group"
   $QueryType8 = "8) Return all machines in the domain"  
   $QueryType9 = "9) Return all machines from a single level"
  
   $QueryChoice = InputBox("",$QueryType1 & @CRLF & @CRLF & $QueryType2 & @CRLF & @CRLF & $QueryType3 & @CRLF & @CRLF & _
                           $QueryType4 & @CRLF & @CRLF & $QueryType5 & @CRLF & @CRLF & $QueryType6 & @CRLF & @CRLF & _
                           $QueryType7 & @CRLF & @CRLF & $QueryType8 & @CRLF & @CRLF & $QueryType9 & @crlf& @crlf & "Please select a query (1-9)","","",400,300)
                          
  
   $objRegExp = ObjCreate("VBScript.RegExp")
   With $objRegExp
       .Pattern = "[0-9]"
       .IgnoreCase = 1
       .Global = 1
   EndWith
  
   If $QueryChoice = "" Then
        Exit
    ElseIf $objRegExp.Test($QueryChoice) Then
        ConsoleWrite("Choice: " & $QueryChoice & @crlf)
        Select 
           Case $QueryChoice=1
               $strUserorMachine = InputBox("","Enter a userID to search for")
                If $strUserorMachine = "" Then exit
               $objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(samaccountname=" & $strUserorMachine & ")); sAMAccountName,distinguishedname,name;subtree"
               $objCommand.Properties("Searchscope") = $ADS_SCOPE_SUBTREE
           Case $QueryChoice=2
               $strUserorMachine = InputBox("","Enter a userID to search for")
                If $strUserorMachine = "" Then Exit
               $objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(samaccountname=" & $strUserorMachine & ")); sAMAccountName,distinguishedname,name;subtree"
               $objCommand.Properties("Searchscope") = $ADS_SCOPE_SUBTREE
           Case $QueryChoice=3
               $objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)); name,sAMAccountName,distinguishedname;subtree"
               $objCommand.Properties("Searchscope") = $ADS_SCOPE_SUBTREE
           Case $QueryChoice=4
               $objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)); name,sAMAccountName,distinguishedname;subtree"
               $objCommand.Properties("Searchscope") = $ADS_SCOPE_SUBTREE
           Case $QueryChoice=5
               $strDNSDomain = InputBox("","Enter the OU/Container to be searched")
                If $strDNSDomain = "" Then Exit
               $objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)); name,sAMAccountName,distinguishedname;onelevel"
               $objCommand.Properties("Searchscope") = $ADS_SCOPE_ONELEVEL
           Case $QueryChoice=6
               $strDNSDomain = InputBox("","Enter the OU/Container to be searched")
                If $strDNSDomain = "" Then Exit
               $objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)); name,sAMAccountName,distinguishedname;onelevel"
               $objCommand.Properties("Searchscope") = $ADS_SCOPE_ONELEVEL
           Case $QueryChoice=7
               $strUserorMachine=InputBox("","Enter a group name to search for")
                If $strUserorMachine = "" Then Exit
               $objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=group)(name=" & $strUserorMachine & ")); samAccountName,distinguishedname,name;subtree"
               $objCommand.Properties("Searchscope") = $ADS_SCOPE_SUBTREE
           Case $QueryChoice=8
               $objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(objectCategory=computer); samAccountName,distinguishedname,name;subtree"
               $objCommand.Properties("Searchscope") = $ADS_SCOPE_SUBTREE
           Case $QueryChoice=9
               $strDNSDomain = InputBox("","Enter the OU/Container to be searched")
                If $strDNSDomain = "" Then Exit
               $objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(objectCategory=computer); samAccountName,distinguishedname,name;onelevel"
               $objCommand.Properties("Searchscope") = $ADS_SCOPE_ONELEVEL
           Case Else
               GetInputs()
       EndSelect
   Else
       GetInputs()
   EndIf
              
                      
EndFunc

Func PasswordExpires($strUser)
    Local $Return

    $objUser = ObjGet("LDAP://" & $strUser)
   $intUserAccountControl = $objUser.Get("userAccountControl")
  
   If $intUserAccountControl And $ADS_UF_DONT_EXPIRE_PASSWD Then
       $Return=1
   Else
       $Return=0
   EndIf
    Return $Return
EndFunc

Edited by lod3n

[font="Fixedsys"][list][*]All of my AutoIt Example Scripts[*]http://saneasylum.com[/list][/font]

Share this post


Link to post
Share on other sites

Thank you! Thank you! Thank you! Thank you! Thank you! Thank you!!!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0