Jump to content
Sign in to follow this  

_ADRecursiveGetMemberOf error

Recommended Posts

Hey all

I've decided to redo the logon script from Kix to Autoit, my first attempt was using _ADGetUserGroups and it worked like clockwork, however I realized that this did not enumerate groups that were members of other groups.

For example: The folder structure and AD scructure is broken down like the Org chart, therefore if a user was in group Human Resources, that group is a member of Corp services, the folder structure is \\Server\corpservices\HR and the drive mapping goes to the parent folder (Corpservices in this case) sooo, _ADGetUserGroups did list Corp services (Kix has an Ingroup function that takes care of that)

Aaannnyy way I tried this

#include <array.au3>
#include <adfunctions.au3>

Global $avGroups = ""

$UserFQDN = _ADSamAccountNameToFQDN(@UserName)
MsgBox(0, "", "$UserFQDN = " & $UserFQDN)

_ADRecursiveGetMemberOf($avGroups, $UserFQDN)
_ArrayDisplay($avGroups, "Debug: $avGroups")

but I get this error

adfunctions.au3 (472) : ==> Object referenced outside a "With" statement.:

$membersadd = $objRecordSet.fields (0).Value

$membersadd = $objRecordSet.fields (0)^ ERROR

Now generally I understand adfunctions.au3 but this section goes over my head.

Share this post

Link to post
Share on other sites

Would anyone have an example of how to enumerate recursive(nested) groups in Active Directory other than from adfunctions.au3? I've looked around but I can only find examples coded in c#

Share this post

Link to post
Share on other sites

I was just working on this for my own needs. I'm sure the code could be improved but you might find it useful.

#include <File.au3>
#include <Array.au3>

$sOU = 'ou=your ou,'
$oADsRootDSE = ObjGet("LDAP://RootDSE")
$sDomain = $oADsRootDSE.Get("DefaultNamingContext")

Dim $objRS, $ObjConn

$sFilter = '(objectCategory=group);'
$sQuery = '<LDAP://' & $sOU & $sDomain & '>;' & $sFilter _
         & 'distinguishedname,cn;subtree'
$ObjConn = ObjCreate("ADODB.Connection")
$ObjConn.Provider = "ADsDSOOBject"
$ObjConn.Properties("Encrypt Password") = 1
$ObjConn.Properties("ADSI Flag") = 1
$ObjConn.Open("Active Directory Provider")
$objRS = ObjCreate("ADODB.Recordset")
$objRS.CursorLocation = 3
$objRS.Sort = "distinguishedname"
$objRS.Open($sQuery, $ObjConn, 0, 1, 1)

Global $line[1], $cnt, $grouplist

    $grouplist = '|'
    $cnt = 0
    ReDim $line[1]
    $cn = $objRS.Fields('cn'  ).value
    _GetMembers($cn, $objRS.Fields('distinguishedname'  ).value)
    _ArraySort($line, 0, 1)
    _FileWriteFromArray(@ScriptDir & _FixFilename($cn) & '.xls', $line, 1)
Until $objRS.EOF()


Func _GetMembers($groupname, $group)
    $objGroup = ObjGet('LDAP://' & $group)
    If IsObj($objGroup) Then
        $grouplist = $grouplist & $objGroup.cn & '|'
        $arrMemberOf = $objGroup.Members
        For $strMember In $arrMemberOf
            $user = ObjGet('LDAP://' & $strMember.distinguishedname)
                Case Not IsObj($user)
                ; hopefully we never get here
                Case $user.class = 'group'
                    If StringInStr($grouplist, '|' & $user.cn & '|') Then
                    ; circular reference
                        _GetMembers($groupname, $user.distinguishedname)
                Case Else
                    $cnt += 1
                    $line[0] = $cnt
                    ReDim $line[$cnt + 1]
                    $line[$cnt] = $groupname & @TAB & $user.sAMAccountname
        ReDim $line[2]
        $line[1] = $groupname & @TAB & 'No Members'
EndFunc  ;==>_GetMembers

Func _FixFilename($fname)
    Return StringStripWS(StringRegExpReplace($fname, '[\[\]\\*"/:;|=,]', ' '), 3)
EndFunc  ;==>_FixFilename

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...