Legacy99 Posted April 4, 2008 Share Posted April 4, 2008 Hey all I've decided to redo the logon script from Kix to Autoit, my first attempt was using _ADGetUserGroups and it worked like clockwork, however I realized that this did not enumerate groups that were members of other groups. For example: The folder structure and AD scructure is broken down like the Org chart, therefore if a user was in group Human Resources, that group is a member of Corp services, the folder structure is \\Server\corpservices\HR and the drive mapping goes to the parent folder (Corpservices in this case) sooo, _ADGetUserGroups did list Corp services (Kix has an Ingroup function that takes care of that) Aaannnyy way I tried this #include <array.au3> #include <adfunctions.au3> Global $avGroups = "" $UserFQDN = _ADSamAccountNameToFQDN(@UserName) MsgBox(0, "", "$UserFQDN = " & $UserFQDN) _ADRecursiveGetMemberOf($avGroups, $UserFQDN) _ArrayDisplay($avGroups, "Debug: $avGroups") but I get this error adfunctions.au3 (472) : ==> Object referenced outside a "With" statement.: $membersadd = $objRecordSet.fields (0).Value $membersadd = $objRecordSet.fields (0)^ ERROR Now generally I understand adfunctions.au3 but this section goes over my head. Link to comment Share on other sites More sharing options...
Legacy99 Posted April 9, 2008 Author Share Posted April 9, 2008 Would anyone have an example of how to enumerate recursive(nested) groups in Active Directory other than from adfunctions.au3? I've looked around but I can only find examples coded in c# Link to comment Share on other sites More sharing options...
Pietro Posted April 18, 2008 Share Posted April 18, 2008 I was just working on this for my own needs. I'm sure the code could be improved but you might find it useful. expandcollapse popup#include <File.au3> #include <Array.au3> $sOU = 'ou=your ou,' $oADsRootDSE = ObjGet("LDAP://RootDSE") $sDomain = $oADsRootDSE.Get("DefaultNamingContext") Dim $objRS, $ObjConn $sFilter = '(objectCategory=group);' $sQuery = '<LDAP://' & $sOU & $sDomain & '>;' & $sFilter _ & 'distinguishedname,cn;subtree' $ObjConn = ObjCreate("ADODB.Connection") $ObjConn.Provider = "ADsDSOOBject" $ObjConn.Properties("Encrypt Password") = 1 $ObjConn.Properties("ADSI Flag") = 1 $ObjConn.Open("Active Directory Provider") $objRS = ObjCreate("ADODB.Recordset") $objRS.CursorLocation = 3 $objRS.Sort = "distinguishedname" $objRS.Open($sQuery, $ObjConn, 0, 1, 1) Global $line[1], $cnt, $grouplist Do $grouplist = '|' $cnt = 0 ReDim $line[1] $cn = $objRS.Fields('cn' ).value _GetMembers($cn, $objRS.Fields('distinguishedname' ).value) _ArraySort($line, 0, 1) _FileWriteFromArray(@ScriptDir & _FixFilename($cn) & '.xls', $line, 1) $objRS.MoveNext() Until $objRS.EOF() Exit Func _GetMembers($groupname, $group) $objGroup = ObjGet('LDAP://' & $group) If IsObj($objGroup) Then $grouplist = $grouplist & $objGroup.cn & '|' $arrMemberOf = $objGroup.Members For $strMember In $arrMemberOf $user = ObjGet('LDAP://' & $strMember.distinguishedname) Select Case Not IsObj($user) ; hopefully we never get here Case $user.class = 'group' If StringInStr($grouplist, '|' & $user.cn & '|') Then ; circular reference Else _GetMembers($groupname, $user.distinguishedname) EndIf Case Else $cnt += 1 $line[0] = $cnt ReDim $line[$cnt + 1] $line[$cnt] = $groupname & @TAB & $user.sAMAccountname EndSelect Next Else ReDim $line[2] $line[1] = $groupname & @TAB & 'No Members' EndIf EndFunc ;==>_GetMembers Func _FixFilename($fname) Return StringStripWS(StringRegExpReplace($fname, '[\[\]\\*"/:;|=,]', ' '), 3) EndFunc ;==>_FixFilename Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now