skreien Posted January 20, 2005 Share Posted January 20, 2005 I have read about the ismember function that was developed and put in the au3xtra.dll file. I didn't have any luck getting it working so I deleted it some time ago. Now I want to give it another try, but the link to that file is dead. Can anyone point me to the new location of that file, or tell me how to find out if a user is part of a group in an Active Directory domain? Right now I'm doing it in a dos batch script. That is pretty much the last thing that is keeping me from going entirely to AutoIt for my domain logon script. Thanks! Link to comment Share on other sites More sharing options...
skreien Posted January 20, 2005 Author Share Posted January 20, 2005 Larry, that link gives a 404 not found. Link to comment Share on other sites More sharing options...
skreien Posted January 20, 2005 Author Share Posted January 20, 2005 OK, now I have the file, but even with the code you posted it says unknown function name dllcall. That is why I never could get it working the first time around.must be something quarky about the site... go tohttp://www.autoitscript.com/fileman/users/Larry/and click the file link...Lar.<{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
pcdestroyer Posted January 20, 2005 Share Posted January 20, 2005 must be something quarky about the site... go tohttp://www.autoitscript.com/fileman/users/Larry/and click the file link...Lar.<{POST_SNAPBACK}>get latest unstable version ... Dllcall is in it ... Link to comment Share on other sites More sharing options...
skreien Posted January 20, 2005 Author Share Posted January 20, 2005 Umm... Not sure I really want to put my domain logon script on an unstable version. Is that my only option?get latest unstable version ... Dllcall is in it ...<{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
skreien Posted January 20, 2005 Author Share Posted January 20, 2005 Ok, that sounds better. I'll give it a try. Thanks guys!BTW, some serious kudos to everyone involved for making a SWEET piece of software for non-programmer types like me!It is the "beta" version that is moments from release...  ( deja vu) . It was unfortunate that we ever called it "unstable". It is a good version that I have used reliably for months.Lar<{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
Josbe Posted January 20, 2005 Share Posted January 20, 2005 must be something quarky about the site... go tohttp://www.autoitscript.com/fileman/users/Larry/and click the file link...Lar.<{POST_SNAPBACK}>"Case sensitive" with the links... I have noticed that (lately)... • AUTOIT > AutoIt docs / Beta folder - AutoIt latest beta Link to comment Share on other sites More sharing options...
skreien Posted January 24, 2005 Author Share Posted January 24, 2005 Larry, Is there some limitation with ISMember? It will pick up the built in groups like domain users and a few others, but the majority of my group memberships aren't being picked up. Here's an example: Dim $naDllRet $naDllRet = DllCall("au3xtra.dll", "int", "IsMember", "str", "skreienkamp", "str", "ISLaser", "int", 1) MsgBox(4096,'debug:' , '$naDllRet:' & $naDllRet[0]) It always comes back as 0, even though the ISLaser group exists and I've been a member for months. The Dos net user command verifies that I am a member. After much experimenting, it seems that the difference is that any groups that were created as domain global are detected, but any groups that were created as domain local aren't detected. Any ideas? Link to comment Share on other sites More sharing options...
SumTingWong Posted January 25, 2005 Share Posted January 25, 2005 Larry,Is there some limitation with ISMember? It will pick up the built in groups like domain users and a few others, but the majority of my group memberships aren't being picked up.Here's an example:Dim $naDllRet$naDllRet = DllCall("au3xtra.dll", "int", "IsMember", "str", "skreienkamp", "str", "ISLaser", "int", 1)MsgBox(4096,'debug:' , '$naDllRet:' & $naDllRet[0])It always comes back as 0, even though the ISLaser group exists and I've been a member for months. The Dos net user command verifies that I am a member.After much experimenting, it seems that the difference is that any groups that were created as domain global are detected, but any groups that were created as domain local aren't detected.Any ideas?<{POST_SNAPBACK}>OK, the last parameter should set to 1 for domain groups and 0 for local groups.Using your example above, if ISLaser is local then the call should as follows:Dim $naDllRet $naDllRet = DllCall("au3xtra.dll", "int", "IsMember", "str", "skreienkamp", "str", "ISLaser", "int", 0) MsgBox(4096,'debug:' , '$naDllRet:' & $naDllRet[0]) Link to comment Share on other sites More sharing options...
skreien Posted January 25, 2005 Author Share Posted January 25, 2005 I thought that switch was for local machine groups, but I tried it anyway. It still doesn't pick it up. It's not a local group as in a group that exists on the local machine only. It exists in the domain. See the attached picture of group creation. When I create a group with a scope of global, then ismember detects it. If I create a group as domain local, ismember won't detect that I'm a member.Thanks for the help pacman. Hopefully you can point me in the right direction.OK, the last parameter should set to 1 for domain groups and 0 for local groups.Using your example above, if ISLaser is local then the call should as follows:Dim $naDllRet $naDllRet = DllCall("au3xtra.dll", "int", "IsMember", "str", "skreienkamp", "str", "ISLaser", "int", 0) MsgBox(4096,'debug:' , '$naDllRet:' & $naDllRet[0])<{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
SumTingWong Posted January 25, 2005 Share Posted January 25, 2005 I thought that switch was for local machine groups, but I tried it anyway. It still doesn't pick it up. It's not a local group as in a group that exists on the local machine only. It exists in the domain. See the attached picture of group creation. When I create a group with a scope of global, then ismember detects it. If I create a group as domain local, ismember won't detect that I'm a member.Thanks for the help pacman. Hopefully you can point me in the right direction.<{POST_SNAPBACK}>Ahh...gotcha!I think this function has to make the NetGetUserLocalGroups call against the DC to get these pesky domain local groups. What I will do is add another switch to the last param so 0 = local groups, 1 = domain global groups, 2 = domain local groups.I will send the updated code to Larry. Link to comment Share on other sites More sharing options...
skreien Posted January 25, 2005 Author Share Posted January 25, 2005 Might want to test it against universal groups as well.Ahh...gotcha!I think this function has to make the NetGetUserLocalGroups call against the DC to get these pesky domain local groups. What I will do is add another switch to the last param so 0 = local groups, 1 = domain global groups, 2 = domain local groups.I will send the updated code to Larry.<{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
SumTingWong Posted January 25, 2005 Share Posted January 25, 2005 (edited) OK, I have rewritten the IsMember code with the following changes: Firstly, the third parameter is no longer needed. By default, it will search local groups first, then domain local groups and finally domain global groups. If you want to search for a domain local or global group only then specify the domain in the group name parameter as <domain>\<groupname>. This ensures that you can still search for local groups or domain groups even if they have the same name. Using this format will also allow you to search for group membership in trusted domains. I will test all this out at work tomorrow where I have access to AD and send my updated code to Larry. In the meantime, if you have any suggestions to the proposed changes or new ideas, let me know. @Larry, I am using the function pointer code you posted in the Developers forum so hopefully you can just drop in this update. P.S I will test against universal groups as well. Edited January 25, 2005 by pacman Link to comment Share on other sites More sharing options...
SumTingWong Posted January 26, 2005 Share Posted January 26, 2005 (edited) Attached is a stripped down au3xtratest.dll containing only the updated IsMember function. I have been able to test out the changes proposed in my earlier post using this example script: expandcollapse popupDim $aDllRet, $sUser, $sGroup ; This example checks for user Administrator in group Administrators ; on the local machine $sUser = "Administrator" $sGroup = "Administrators" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test1" , $sUser & " is a member of local group " & $sGroup) Else MsgBox(64, "Test1" , $sUser & " is NOT a member of local group " & $sGroup) EndIf ; This example checks for current user in group Domain Users ; on both the local machine and logon domain $sUser = @UserName $sGroup = "Domain Users" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test2" , $sUser & " is a member of group " & $sGroup) Else MsgBox(64, "Test2" , $sUser & " is NOT a member of group " & $sGroup) EndIf ; This example checks for current user in domain global group Domain Users ; on the logon domain only $sUser = @UserName $sGroup = @LogonDomain & "\Domain Users" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test3" , $sUser & " is a member of domain group " & $sGroup) Else MsgBox(64, "Test3" , $sUser & " is NOT a member of domain group " & $sGroup) EndIf ; This example checks for user Administrator in domain local group ; Administrators on the logon domain $sUser = "Administrator" $sGroup = @LogonDomain & "\Administrators" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test4" , $sUser & " is a member of domain group " & $sGroup) Else MsgBox(64, "Test4" , $sUser & " is NOT a member of domain group " & $sGroup) EndIf ; This example checks for current user in domain group Domain Admins ; on a trusted domain $sUser = @UserName $sGroup = "MyTrustedDomain\Domain Admins" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test5" , $sUser & " is a member of domain group " & $sGroup) Else MsgBox(64, "Test5" , $sUser & " is NOT a member of domain group " & $sGroup) EndIf ; This example checks for user Administrator in universal group Enterprise Admins ; on the root domain $sUser = "Administrator" $sGroup = "MYROOTDOMAIN\Enterprise Admins" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test6" , $sUser & " is a member of domain group " & $sGroup) Else MsgBox(64, "Test6" , $sUser & " is NOT a member of domain group " & $sGroup) EndIf It's now over to you lot to do some testing to confirm that it does what it says on the tin before I submit the updated code to Larry. There are a number of limitations imposed on this function by the network management APIs it is using. It does not support DNS-style names (for example, microsoft.com). User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot be terminated by a period and they cannot include commas or any of the following printable characters: ", /, \, [, ], :, |, <, >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are nonprintable. EDIT1: added example for universal groups EDIT2: attachment removed. Please download Larry's AU3Xtra.dll for this function. Edited January 27, 2005 by pacman Link to comment Share on other sites More sharing options...
skreien Posted January 26, 2005 Author Share Posted January 26, 2005 Looks good from here. I didn't try the universal, but domain local and global both work great.Attached is a stripped down au3xtratest.dll containing only the updated IsMember function. I have been able to test out the changes proposed in my earlier post using this example script:expandcollapse popupDim $aDllRet, $sUser, $sGroup ; This example checks for user Administrator in group Administrators ; on the local machine $sUser = "Administrator" $sGroup = "Administrators" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test1" , $sUser & " is a member of local group " & $sGroup) Else MsgBox(64, "Test1" , $sUser & " is NOT a member of local group " & $sGroup) EndIf ; This example checks for current user in group Domain Users ; on both the local machine and logon domain $sUser = @UserName $sGroup = "Domain Users" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test2" , $sUser & " is a member of group " & $sGroup) Else MsgBox(64, "Test2" , $sUser & " is NOT a member of group " & $sGroup) EndIf ; This example checks for current user in domain global group Domain Users ; on the logon domain only $sUser = @UserName $sGroup = @LogonDomain & "\Domain Users" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test3" , $sUser & " is a member of domain group " & $sGroup) Else MsgBox(64, "Test3" , $sUser & " is NOT a member of domain group " & $sGroup) EndIf ; This example checks for user Administrator in domain local group ; Administrators on the logon domain $sUser = "Administrator" $sGroup = @LogonDomain & "\Administrators" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test4" , $sUser & " is a member of domain group " & $sGroup) Else MsgBox(64, "Test4" , $sUser & " is NOT a member of domain group " & $sGroup) EndIf ; This example checks for current user in domain group Domain Admins ; on a trusted domain $sUser = @UserName $sGroup = "MyTrustedDomain\Domain Admins" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test5" , $sUser & " is a member of domain group " & $sGroup) Else MsgBox(64, "Test5" , $sUser & " is NOT a member of domain group " & $sGroup) EndIf ; This example checks for user Administrator in universal group Enterprise Admins ; on the root domain $sUser = "Administrator" $sGroup = "MYROOTDOMAIN\Enterprise Admins" $aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _ "str", $sUser, _ "str", $sGroup) If Not @error And $aDllRet[0] Then MsgBox(64, "Test6" , $sUser & " is a member of domain group " & $sGroup) Else MsgBox(64, "Test6" , $sUser & " is NOT a member of domain group " & $sGroup) EndIfIt's now over to you lot to do some testing to confirm that it does what it says on the tin before I submit the updated code to Larry.There are a number of limitations imposed on this function by the network management APIs it is using.It does not support DNS-style names (for example, microsoft.com).User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot be terminated by a period and they cannot include commas or any of the following printable characters: ", /, \, [, ], :, |, <, >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are nonprintable.EDIT1: added example for universal groups<{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
SumTingWong Posted January 26, 2005 Share Posted January 26, 2005 (edited) Great, skreiren says it's ok so it must be ok! (j/k)@Larry, Pelles project http://www.autoitscript.com/fileman/users/public/pacman/au3xtratest.zip. I hope you can just drop in the updated code.The example script is called TEST.AU3EDIT1: file removed from link above. Please download Larry's AU3Xtra.dll for this function. Edited January 27, 2005 by pacman Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now