Jump to content

ISMEMBER

skreien

By skreien,
in AutoIt General Help and Support

 Share

Recommended Posts

skreien Wayfarer

skreien

Posted
Posted

I have read about the ismember function that was developed and put in the au3xtra.dll file. I didn't have any luck getting it working so I deleted it some time ago. Now I want to give it another try, but the link to that file is dead.

Can anyone point me to the new location of that file, or tell me how to find out if a user is part of a group in an Active Directory domain? Right now I'm doing it in a dos batch script. That is pretty much the last thing that is keeping me from going entirely to AutoIt for my domain logon script.

Thanks!

Link to comment
Share on other sites
skreien Wayfarer

skreien

Posted
  • Author
Posted

OK, now I have the file, but even with the code you posted it says unknown function name dllcall. That is why I never could get it working the first time around.

must be something quarky about the site... go to

http://www.autoitscript.com/fileman/users/Larry/

and click the file link...

Lar.

<{POST_SNAPBACK}>

Link to comment
Share on other sites
skreien Wayfarer

skreien

Posted
  • Author
Posted

Ok, that sounds better. I'll give it a try. Thanks guys!

BTW, some serious kudos to everyone involved for making a SWEET piece of software for non-programmer types like me!

It is the "beta" version that is moments from release...  :lmao:  ( deja vu) . It was unfortunate that we ever called it "unstable". It is a good version that I have used reliably for months.

Lar

<{POST_SNAPBACK}>

Link to comment
Share on other sites
skreien Wayfarer

skreien

Posted
  • Author
Posted

Larry,

Is there some limitation with ISMember? It will pick up the built in groups like domain users and a few others, but the majority of my group memberships aren't being picked up.

Here's an example:

Dim $naDllRet

$naDllRet = DllCall("au3xtra.dll", "int", "IsMember", "str", "skreienkamp", "str", "ISLaser", "int", 1)

MsgBox(4096,'debug:' , '$naDllRet:' & $naDllRet[0])

It always comes back as 0, even though the ISLaser group exists and I've been a member for months. The Dos net user command verifies that I am a member.

After much experimenting, it seems that the difference is that any groups that were created as domain global are detected, but any groups that were created as domain local aren't detected.

Any ideas?

Link to comment
Share on other sites
SumTingWong Universalist

SumTingWong

Posted
Posted

Larry,

Is there some limitation with ISMember?  It will pick up the built in groups like domain users and a few others, but the majority of my group memberships aren't being picked up.

Here's an example:

Dim $naDllRet

$naDllRet = DllCall("au3xtra.dll", "int", "IsMember", "str", "skreienkamp", "str", "ISLaser", "int", 1)

MsgBox(4096,'debug:' , '$naDllRet:' & $naDllRet[0])

It always comes back as 0, even though the ISLaser group exists and I've been a member for months.  The Dos net user command verifies that I am a member.

After much experimenting, it seems that the difference is that any groups that were created as domain global are detected, but any groups that were created as domain local aren't detected.

Any ideas?

<{POST_SNAPBACK}>

OK, the last parameter should set to 1 for domain groups and 0 for local groups.

Using your example above, if ISLaser is local then the call should as follows:

Dim $naDllRet
$naDllRet = DllCall("au3xtra.dll", "int", "IsMember", "str", "skreienkamp", "str", "ISLaser", "int", 0)
MsgBox(4096,'debug:' , '$naDllRet:' & $naDllRet[0])
Link to comment
Share on other sites
skreien Wayfarer

skreien

Posted
  • Author
Posted

I thought that switch was for local machine groups, but I tried it anyway. It still doesn't pick it up.

It's not a local group as in a group that exists on the local machine only. It exists in the domain. See the attached picture of group creation. When I create a group with a scope of global, then ismember detects it. If I create a group as domain local, ismember won't detect that I'm a member.

Thanks for the help pacman. Hopefully you can point me in the right direction.

OK, the last parameter should set to 1 for domain groups and 0 for local groups.

Using your example above, if ISLaser is local then the call should as follows:

Dim $naDllRet
$naDllRet = DllCall("au3xtra.dll", "int", "IsMember", "str", "skreienkamp", "str", "ISLaser", "int", 0)
MsgBox(4096,'debug:' , '$naDllRet:' & $naDllRet[0])

<{POST_SNAPBACK}>

Link to comment
Share on other sites
SumTingWong Universalist

SumTingWong

Posted
Posted

I thought that switch was for local machine groups, but I tried it anyway.  It still doesn't pick it up. 

It's not a local group as in a group that exists on the local machine only.  It exists in the domain.  See the attached picture of group creation.  When I create a group with a scope of global, then ismember detects it.  If I create a group as domain local, ismember won't detect that I'm a member.

Thanks for the help pacman.  Hopefully you can point me in the right direction.

<{POST_SNAPBACK}>

Ahh...gotcha!

I think this function has to make the NetGetUserLocalGroups call against the DC to get these pesky domain local groups. What I will do is add another switch to the last param so 0 = local groups, 1 = domain global groups, 2 = domain local groups.

I will send the updated code to Larry.

Link to comment
Share on other sites
skreien Wayfarer

skreien

Posted
  • Author
Posted

Might want to test it against universal groups as well.

Ahh...gotcha!

I think this function has to make the NetGetUserLocalGroups call against the DC to get these pesky domain local groups. What I will do is add another switch to the last param so 0 = local groups, 1 = domain global groups, 2 = domain local groups.

I will send the updated code to Larry.

<{POST_SNAPBACK}>

Link to comment
Share on other sites
SumTingWong Universalist

SumTingWong

Posted
Posted (edited)

OK, I have rewritten the IsMember code with the following changes:

Firstly, the third parameter is no longer needed.

By default, it will search local groups first, then domain local groups and finally domain global groups. If you want to search for a domain local or global group only then specify the domain in the group name parameter as <domain>\<groupname>. This ensures that you can still search for local groups or domain groups even if they have the same name. Using this format will also allow you to search for group membership in trusted domains.

I will test all this out at work tomorrow where I have access to AD and send my updated code to Larry.

In the meantime, if you have any suggestions to the proposed changes or new ideas, let me know.

@Larry, I am using the function pointer code you posted in the Developers forum so hopefully you can just drop in this update.

P.S I will test against universal groups as well.

Edited by pacman
Link to comment
Share on other sites
SumTingWong Universalist

SumTingWong

Posted
Posted (edited)

Attached is a stripped down au3xtratest.dll containing only the updated IsMember function. I have been able to test out the changes proposed in my earlier post using this example script:

Dim $aDllRet, $sUser, $sGroup

; This example checks for user Administrator in group Administrators 
; on the local machine
$sUser = "Administrator"
$sGroup = "Administrators"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test1" , $sUser & " is a member of local group " & $sGroup)
Else
    MsgBox(64, "Test1" , $sUser & " is NOT a member of local group " & $sGroup)
EndIf

; This example checks for current user in group Domain Users
; on both the local machine and logon domain
$sUser = @UserName
$sGroup = "Domain Users"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test2" , $sUser & " is a member of group " & $sGroup)
Else
    MsgBox(64, "Test2" , $sUser & " is NOT a member of group " & $sGroup)
EndIf

; This example checks for current user in domain global group Domain Users
; on the logon domain only
$sUser = @UserName
$sGroup = @LogonDomain & "\Domain Users"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test3" , $sUser & " is a member of domain group " & $sGroup)
Else
    MsgBox(64, "Test3" , $sUser & " is NOT a member of domain group " & $sGroup)
EndIf

; This example checks for user Administrator in domain local group 
; Administrators on the logon domain
$sUser = "Administrator"
$sGroup = @LogonDomain & "\Administrators"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test4" , $sUser & " is a member of domain group " & $sGroup)
Else
    MsgBox(64, "Test4" , $sUser & " is NOT a member of domain group " & $sGroup)
EndIf

; This example checks for current user in domain group Domain Admins
; on a trusted domain
$sUser = @UserName
$sGroup = "MyTrustedDomain\Domain Admins"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test5" , $sUser & " is a member of domain group " & $sGroup)
Else
    MsgBox(64, "Test5" , $sUser & " is NOT a member of domain group " & $sGroup)
EndIf

; This example checks for user Administrator in universal group Enterprise Admins
; on the root domain
$sUser = "Administrator"
$sGroup = "MYROOTDOMAIN\Enterprise Admins"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test6" , $sUser & " is a member of domain group " & $sGroup)
Else
    MsgBox(64, "Test6" , $sUser & " is NOT a member of domain group " & $sGroup)
EndIf

It's now over to you lot to do some testing to confirm that it does what it says on the tin before I submit the updated code to Larry.

There are a number of limitations imposed on this function by the network management APIs it is using.

It does not support DNS-style names (for example, microsoft.com).

User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot be terminated by a period and they cannot include commas or any of the following printable characters: ", /, \, [, ], :, |, <, >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are nonprintable.

EDIT1: added example for universal groups

EDIT2: attachment removed. Please download Larry's AU3Xtra.dll for this function.

Edited by pacman
Link to comment
Share on other sites
skreien Wayfarer

skreien

Posted
  • Author
Posted

Looks good from here. I didn't try the universal, but domain local and global both work great.

Attached is a stripped down au3xtratest.dll containing only the updated IsMember function. I have been able to test out the changes proposed in my earlier post using this example script:

Dim $aDllRet, $sUser, $sGroup

; This example checks for user Administrator in group Administrators 
; on the local machine
$sUser = "Administrator"
$sGroup = "Administrators"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test1" , $sUser & " is a member of local group " & $sGroup)
Else
    MsgBox(64, "Test1" , $sUser & " is NOT a member of local group " & $sGroup)
EndIf

; This example checks for current user in group Domain Users
; on both the local machine and logon domain
$sUser = @UserName
$sGroup = "Domain Users"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test2" , $sUser & " is a member of group " & $sGroup)
Else
    MsgBox(64, "Test2" , $sUser & " is NOT a member of group " & $sGroup)
EndIf

; This example checks for current user in domain global group Domain Users
; on the logon domain only
$sUser = @UserName
$sGroup = @LogonDomain & "\Domain Users"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test3" , $sUser & " is a member of domain group " & $sGroup)
Else
    MsgBox(64, "Test3" , $sUser & " is NOT a member of domain group " & $sGroup)
EndIf

; This example checks for user Administrator in domain local group 
; Administrators on the logon domain
$sUser = "Administrator"
$sGroup = @LogonDomain & "\Administrators"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test4" , $sUser & " is a member of domain group " & $sGroup)
Else
    MsgBox(64, "Test4" , $sUser & " is NOT a member of domain group " & $sGroup)
EndIf

; This example checks for current user in domain group Domain Admins
; on a trusted domain
$sUser = @UserName
$sGroup = "MyTrustedDomain\Domain Admins"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test5" , $sUser & " is a member of domain group " & $sGroup)
Else
    MsgBox(64, "Test5" , $sUser & " is NOT a member of domain group " & $sGroup)
EndIf

; This example checks for user Administrator in universal group Enterprise Admins
; on the root domain
$sUser = "Administrator"
$sGroup = "MYROOTDOMAIN\Enterprise Admins"
$aDllRet = DllCall("au3xtratest.dll", "int", "IsMember", _
                   "str", $sUser, _
                   "str", $sGroup)
If Not @error And $aDllRet[0] Then 
    MsgBox(64, "Test6" , $sUser & " is a member of domain group " & $sGroup)
Else
    MsgBox(64, "Test6" , $sUser & " is NOT a member of domain group " & $sGroup)
EndIf

It's now over to you lot to do some testing to confirm that it does what it says on the tin before I submit the updated code to Larry.

There are a number of limitations imposed on this function by the network management APIs it is using.

It does not support DNS-style names (for example, microsoft.com).

User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot be terminated by a period and they cannot include commas or any of the following printable characters: ", /, \, [, ], :, |, <, >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are nonprintable.

EDIT1: added example for universal groups

<{POST_SNAPBACK}>

Link to comment
Share on other sites
SumTingWong Universalist

SumTingWong

Posted
Posted (edited)

Great, skreiren says it's ok so it must be ok! :lmao: (j/k)

@Larry, Pelles project http://www.autoitscript.com/fileman/users/public/pacman/au3xtratest.zip. I hope you can just drop in the updated code.

The example script is called TEST.AU3

EDIT1: file removed from link above. Please download Larry's AU3Xtra.dll for this function.

Edited by pacman
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...