Jump to content
Sign in to follow this  
Legacy99

_ADRecursiveGetMemberOf error

Recommended Posts

Legacy99

Hey all

I've decided to redo the logon script from Kix to Autoit, my first attempt was using _ADGetUserGroups and it worked like clockwork, however I realized that this did not enumerate groups that were members of other groups.

For example: The folder structure and AD scructure is broken down like the Org chart, therefore if a user was in group Human Resources, that group is a member of Corp services, the folder structure is \\Server\corpservices\HR and the drive mapping goes to the parent folder (Corpservices in this case) sooo, _ADGetUserGroups did list Corp services (Kix has an Ingroup function that takes care of that)

Aaannnyy way I tried this

#include <array.au3>
#include <adfunctions.au3>

Global $avGroups = ""

$UserFQDN = _ADSamAccountNameToFQDN(@UserName)
MsgBox(0, "", "$UserFQDN = " & $UserFQDN)

_ADRecursiveGetMemberOf($avGroups, $UserFQDN)
_ArrayDisplay($avGroups, "Debug: $avGroups")

but I get this error

adfunctions.au3 (472) : ==> Object referenced outside a "With" statement.:

$membersadd = $objRecordSet.fields (0).Value

$membersadd = $objRecordSet.fields (0)^ ERROR

Now generally I understand adfunctions.au3 but this section goes over my head.

Share this post


Link to post
Share on other sites
Legacy99

Would anyone have an example of how to enumerate recursive(nested) groups in Active Directory other than from adfunctions.au3? I've looked around but I can only find examples coded in c#

Share this post


Link to post
Share on other sites
Pietro

I was just working on this for my own needs. I'm sure the code could be improved but you might find it useful.

#include <File.au3>
#include <Array.au3>

$sOU = 'ou=your ou,'
$oADsRootDSE = ObjGet("LDAP://RootDSE")
$sDomain = $oADsRootDSE.Get("DefaultNamingContext")

Dim $objRS, $ObjConn

$sFilter = '(objectCategory=group);'
$sQuery = '<LDAP://' & $sOU & $sDomain & '>;' & $sFilter _
         & 'distinguishedname,cn;subtree'
$ObjConn = ObjCreate("ADODB.Connection")
$ObjConn.Provider = "ADsDSOOBject"
$ObjConn.Properties("Encrypt Password") = 1
$ObjConn.Properties("ADSI Flag") = 1
$ObjConn.Open("Active Directory Provider")
$objRS = ObjCreate("ADODB.Recordset")
$objRS.CursorLocation = 3
$objRS.Sort = "distinguishedname"
$objRS.Open($sQuery, $ObjConn, 0, 1, 1)

Global $line[1], $cnt, $grouplist

Do
    $grouplist = '|'
    $cnt = 0
    ReDim $line[1]
    $cn = $objRS.Fields('cn'  ).value
    _GetMembers($cn, $objRS.Fields('distinguishedname'  ).value)
    _ArraySort($line, 0, 1)
    _FileWriteFromArray(@ScriptDir & _FixFilename($cn) & '.xls', $line, 1)
    $objRS.MoveNext()
Until $objRS.EOF()

Exit

Func _GetMembers($groupname, $group)
    $objGroup = ObjGet('LDAP://' & $group)
    If IsObj($objGroup) Then
        $grouplist = $grouplist & $objGroup.cn & '|'
        $arrMemberOf = $objGroup.Members
        For $strMember In $arrMemberOf
            $user = ObjGet('LDAP://' & $strMember.distinguishedname)
            Select
                Case Not IsObj($user)
                ; hopefully we never get here
                Case $user.class = 'group'
                    If StringInStr($grouplist, '|' & $user.cn & '|') Then
                    ; circular reference
                    Else
                        _GetMembers($groupname, $user.distinguishedname)
                    EndIf
                Case Else
                    $cnt += 1
                    $line[0] = $cnt
                    ReDim $line[$cnt + 1]
                    $line[$cnt] = $groupname & @TAB & $user.sAMAccountname
            EndSelect
        Next
    Else
        ReDim $line[2]
        $line[1] = $groupname & @TAB & 'No Members'
    EndIf
EndFunc  ;==>_GetMembers

Func _FixFilename($fname)
    Return StringStripWS(StringRegExpReplace($fname, '[\[\]\\*"/:;|=,]', ' '), 3)
EndFunc  ;==>_FixFilename

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×