_ADRecursiveGetMemberOf error

[Legacy99]

Hey all

I've decided to redo the logon script from Kix to Autoit, my first attempt was using _ADGetUserGroups and it worked like clockwork, however I realized that this did not enumerate groups that were members of other groups.

For example: The folder structure and AD scructure is broken down like the Org chart, therefore if a user was in group Human Resources, that group is a member of Corp services, the folder structure is \\Server\corpservices\HR and the drive mapping goes to the parent folder (Corpservices in this case) sooo, _ADGetUserGroups did list Corp services (Kix has an Ingroup function that takes care of that)

Aaannnyy way I tried this

#include <array.au3>
#include <adfunctions.au3>

Global $avGroups = ""

$UserFQDN = _ADSamAccountNameToFQDN(@UserName)
MsgBox(0, "", "$UserFQDN = " & $UserFQDN)

_ADRecursiveGetMemberOf($avGroups, $UserFQDN)
_ArrayDisplay($avGroups, "Debug: $avGroups")

but I get this error

adfunctions.au3 (472) : ==> Object referenced outside a "With" statement.:

$membersadd = $objRecordSet.fields (0).Value

$membersadd = $objRecordSet.fields (0)^ ERROR

Now generally I understand adfunctions.au3 but this section goes over my head.

[Legacy99]

Would anyone have an example of how to enumerate recursive(nested) groups in Active Directory other than from adfunctions.au3? I've looked around but I can only find examples coded in c#

[Pietro]

I was just working on this for my own needs. I'm sure the code could be improved but you might find it useful.

expandcollapse popup

#include <File.au3>
#include <Array.au3>

$sOU = 'ou=your ou,'
$oADsRootDSE = ObjGet("LDAP://RootDSE")
$sDomain = $oADsRootDSE.Get("DefaultNamingContext")

Dim $objRS, $ObjConn

$sFilter = '(objectCategory=group);'
$sQuery = '<LDAP://' & $sOU & $sDomain & '>;' & $sFilter _
         & 'distinguishedname,cn;subtree'
$ObjConn = ObjCreate("ADODB.Connection")
$ObjConn.Provider = "ADsDSOOBject"
$ObjConn.Properties("Encrypt Password") = 1
$ObjConn.Properties("ADSI Flag") = 1
$ObjConn.Open("Active Directory Provider")
$objRS = ObjCreate("ADODB.Recordset")
$objRS.CursorLocation = 3
$objRS.Sort = "distinguishedname"
$objRS.Open($sQuery, $ObjConn, 0, 1, 1)

Global $line[1], $cnt, $grouplist

Do
    $grouplist = '|'
    $cnt = 0
    ReDim $line[1]
    $cn = $objRS.Fields('cn'  ).value
    _GetMembers($cn, $objRS.Fields('distinguishedname'  ).value)
    _ArraySort($line, 0, 1)
    _FileWriteFromArray(@ScriptDir & _FixFilename($cn) & '.xls', $line, 1)
    $objRS.MoveNext()
Until $objRS.EOF()

Exit

Func _GetMembers($groupname, $group)
    $objGroup = ObjGet('LDAP://' & $group)
    If IsObj($objGroup) Then
        $grouplist = $grouplist & $objGroup.cn & '|'
        $arrMemberOf = $objGroup.Members
        For $strMember In $arrMemberOf
            $user = ObjGet('LDAP://' & $strMember.distinguishedname)
            Select
                Case Not IsObj($user)
                ; hopefully we never get here
                Case $user.class = 'group'
                    If StringInStr($grouplist, '|' & $user.cn & '|') Then
                    ; circular reference
                    Else
                        _GetMembers($groupname, $user.distinguishedname)
                    EndIf
                Case Else
                    $cnt += 1
                    $line[0] = $cnt
                    ReDim $line[$cnt + 1]
                    $line[$cnt] = $groupname & @TAB & $user.sAMAccountname
            EndSelect
        Next
    Else
        ReDim $line[2]
        $line[1] = $groupname & @TAB & 'No Members'
    EndIf
EndFunc  ;==>_GetMembers

Func _FixFilename($fname)
    Return StringStripWS(StringRegExpReplace($fname, '[\[\]\\*"/:;|=,]', ' '), 3)
EndFunc  ;==>_FixFilename