dhardy Posted September 25, 2008 Share Posted September 25, 2008 (edited) Hi there,I have borrowed ideas from all over the internet to write a script which takes a username and then lists the publicDelegates and publicDelegatesBL properties from AD for that username.Here is the .vbs version of the script:expandcollapse popup'this script reports the delegate information on a mailbox from AD 'the only variable to edit for your environment is strDCName which 'should be changed to the netbios name of a domain controller. strDCName = "domaincontroller" Set WS = WScript.CreateObject("WScript.Shell") Set strDomain = getObject("LDAP://rootDse") Dim wshShell, wshNetwork Dim strComputerName ' Create Global Objects Set wshShell = CreateObject("WScript.Shell") Set wshNetwork = CreateObject("WScript.Network") ' Initialize Variables strName = inputbox("Enter the network Username of the user who's delegates you want to list:","Please enter Username") strUserName=GetDN(strname) 'wscript.echo "Computer DN: " & GetDN(strname) wscript.echo strQuery = "LDAP://" & strDCName & "/" & strUserName 'strQuery = "LDAP://rootDse" & "/" & strUserName 'wscript.echo strUserName Set oUser= GetObject(strQuery) If IsArray(oUser.publicdelegates) Then Wscript.Echo "Delegates of " & strname & "'s mailbox:------------- " For Each Value In oUser.publicdelegates wscript.echo Value Next else Wscript.Echo "Delegates of " & strname & "'s mailbox:------------- " wscript.Echo oUser.publicdelegates end if Wscript.Echo "" If IsArray(oUser.publicdelegatesBL) Then Wscript.Echo strname &" is a Delegate of (BL):--- " For Each Value In oUser.publicdelegatesBL Wscript.Echo Value Next else Wscript.Echo strname &" is a Delegate of (BL):--- " wscript.Echo oUser.publicdelegatesBL end if Function GetDN(strname) ' Use the NameTranslate object to convert the NT name of the computer to ' the Distinguished name required for the LDAP provider. Computer names ' must end with "$". Returns comma delimited string to calling code. Dim objTrans, objDomain ' Constants for the NameTranslate object. Const ADS_NAME_INITTYPE_GC = 3 Const ADS_NAME_TYPE_NT4 = 3 Const ADS_NAME_TYPE_1779 = 1 Set objTrans = CreateObject("NameTranslate") Set objDomain = getObject("LDAP://rootDse") objTrans.Init ADS_NAME_INITTYPE_GC, "" objTrans.Set ADS_NAME_TYPE_NT4, wshNetwork.UserDomain & "\" & strName GetDN = objTrans.Get(ADS_NAME_TYPE_1779) 'Set DN to upper Case GetDN = UCase(GetDN) End FunctionNow, try as I might I have been unable to find a function that will return the multi string results from the publicDelegates attribute at all.Here is the AU3 code I have been trying to bend to my will:expandcollapse popup#include <GUIConstants.au3> #include <adfunctions.au3> $STYLE1 = BitOR(0x00080000, 0x00C00000, 0x00020000) $sCompanyDomain = "dc=company,dc=com" $HWND = GUICreate("User ID", 530, 190, -1, -1, $STYLE1) AutoItSetOption("GUIResizeMode", 1) $ReturnValueDis = GUICtrlCreateLabel("", 180, 35, 350, 90) $ReturnValueDis2 = GUICtrlCreateLabel("", 30, 70, 380, 90) GUICtrlCreateLabel("User ID:", 30, 35) $userid = GUICtrlCreateInput("", 75, 35, 100) $OK = GUICtrlCreateButton("Ok", 30, 160, 75, 20) $CANCEL = GUICtrlCreateButton("Cancel", 180, 160, 75, 20) GUISetState() While 1 $MSG = GUIGetMsg() If ($MSG = $GUI_EVENT_CLOSE) Or ($MSG = $CANCEL) Then Exit EndIf If $MSG = $OK Then If GUICtrlRead($userid) = "" Then GUICtrlSetData($ReturnValueDis, "No User ID") ContinueLoop EndIf $CompleteOU = FindOUforUser(GUICtrlRead($userid)) $delegates = "" ;$username1= _ADSamAccountNametoFQDN("ausername") $delegates = FindDelegatesforUser(GUICtrlRead($userid)) ;$delegates=_ADGetObjectAttribute($username1 , 'EmployeeID') MsgBox(1, "", $delegates) If $CompleteOU = "User Not Found" Then GUICtrlSetData($ReturnValueDis, "User Doesn't exist in domain") Else GUICtrlSetData($ReturnValueDis, $CompleteOU) GUICtrlSetData($ReturnValueDis2, $delegates) EndIf EndIf WEnd Func FindOUforUser($sValue) Dim $objRecordSet, $objCommand, $objConnection $ADS_SCOPE_SUBTREE = 2 $objConnection = ObjCreate("ADODB.Connection") $objCommand = ObjCreate("ADODB.Command") $objConnection.Provider = "ADsDSOObject" $objConnection.Open("Active Directory Provider") $objCommand.ActiveConnection = $objConnection $objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & $sCompanyDomain & "' WHERE objectCategory='user' AND sAMAccountName='" & $sValue & "'" $objRecordSet = $objCommand.Execute $objRecordSet.MoveFirst If @error <> 0 Then Return "User Not Found" Else Return $objRecordSet.Fields("distinguishedName").Value EndIf EndFunc ;==>FindOUforUser Func FindDelegatesforUser($sValue) Dim $objRecordSet, $objCommand, $objConnection $strname = "" $ADS_SCOPE_SUBTREE = 2 $objConnection = ObjCreate("ADODB.Connection") $objCommand = ObjCreate("ADODB.Command") $objConnection.Provider = "ADsDSOObject" $objConnection.Open("Active Directory Provider") $objCommand.ActiveConnection = $objConnection $objCommand.CommandText = "SELECT publicDelegates FROM 'LDAP://" & $sCompanyDomain & "' WHERE objectCategory='user' AND sAMAccountName='" & $sValue & "'" ;$objRecordSet = $objCommand.Execute $oUser = $objCommand.Execute $output = "" MsgBox(1, "", $oUser) If IsArray($oUser) Then $output = $output & "Delegates of " & $strname & "'s mailbox:------------- " & @CRLF For $Value In $oUser $output = $output & $sValue & @CRLF Next Else $output = $output & "Delegates of " & $strname & "'s mailbox:------------- " & @CRLF $output = $output & $sValue & @CRLF EndIf MsgBox(1, "", $output) ;$objRecordSet.MoveFirst If @error <> 0 Then Return "User Not Found" Else ;Return $objRecordSet.Fields("publicDelegates").Value Return $output EndIf EndFunc ;==>FindDelegatesforUserCan anyone offer me a direction to head off in?Many thanksDavid Edited November 24, 2015 by Melba23 Reformatted Link to comment Share on other sites More sharing options...
Zedna Posted October 1, 2008 Share Posted October 1, 2008 (edited) ... $oUser = $objCommand.Execute $output="" MsgBox(1,"",$oUser) If IsObj($oUser) Then $oDelegates = oUser.publicdelegates $output=$output & "Delegates of " & $strname & "'s mailbox:------------- " & @CRLF For $Value In $oDelegates $output &= $oDelegates.Value & @CRLF Next endif msgbox(1,"",$output) ... Edited October 1, 2008 by Zedna Resources UDF Â ResourcesEx UDF Â AutoIt Forum Search Link to comment Share on other sites More sharing options...
dhardy Posted October 6, 2008 Author Share Posted October 6, 2008 (edited) Zedna, thanks for your suggestion - it got me virtually there! the final clues came from a web developer here who kept muttering things like "If that's a collection then you should be able to step through its properties .... try this ... aha ... no that won't work, give it here a minute ...."Anyway, here is the completed code which works pretty well for me - please feel free to use and abuse as you see fit:expandcollapse popup#include <GUIConstants.au3> #include <adfunctions.au3> $sDebug = 0 $domainregsetting = "HKey_Current_User\Software\PBA\Domain" $sCompanyDomain = RegRead($domainregsetting, "ldapdomain") #Region ### GUI $Form1 = GUICreate("Delegates Search", 633, 515, 193, 115) $Userid = GUICtrlCreateInput("", 64, 10, 233, 21) If $scompanydomain Then $CompanyDomainGUI = GUICtrlCreateEdit($sCOMPANYDOMAIN, 465, 8, 145, 21, $ES_READONLY) Else $CompanyDomainGUI = GUICtrlCreateEdit("dc=pba,dc=int", 465, 8, 145, 21, $ES_READONLY) EndIf $SEARCH = GUICtrlCreateButton("Search", 24, 456, 175, 25, 0) $COPY = GUICtrlCreateButton("Copy to Clipboard", 227, 456, 175, 25, 0) GUICtrlSetState($COPY, $GUI_DISABLE) $CANCEL = GUICtrlCreateButton("Exit", 434, 456, 175, 25, 0) $Delegates = GUICtrlCreateEdit("", 24, 96, 585, 158, $ES_MULTILINE + $WS_VSCROLL + $ES_READONLY) $DelegatesBL = GUICtrlCreateEdit("", 24, 288, 585, 158, $WS_VSCROLL + $ES_MULTILINE + $ES_READONLY) $Label1 = GUICtrlCreateLabel("Username:", 8, 10, 55, 17) $adobject = GUICtrlCreateLabel(" ", 64, 40, 500, 17) $Label3 = GUICtrlCreateLabel("AD Object:", 8, 40, 56, 17) $LabelDelegates = GUICtrlCreateLabel("Mailbox delegates are:", 8, 72, 110, 17) $LabelDelegatesBL = GUICtrlCreateLabel("Mailbox is a delegate of:", 8, 264, 118, 17) $Label6 = GUICtrlCreateLabel("LDAP Search Domain:", 353, 8, 111, 17) $MenuItem1 = GUICtrlCreateMenu("&Settings") $MenuItem2 = GUICtrlCreateMenuItem("Domain", $MenuItem1) $MenuItem3 = GUICtrlCreateMenu("&Help") $MenuItem4 = GUICtrlCreateMenuItem("About", $MenuItem3) GUICtrlSetTip($Userid, "Enter the nework username to be checked for delegates") GUICtrlSetTip($CompanyDomainGUI, "The LDAP search root - once set, via the Settings menu, this value is saved to the registry") GUICtrlSetTip($Delegates, "The users listed here are delegates OF the searched username") GUICtrlSetTip($DelegatesBL, "The users listed here have delegated access to their mailbox or calendar TO the searched username") GUICtrlSetTip($COPY, "Click to copy the delegates information to the clipboard") GUISetState(@SW_SHOW) #EndRegion ### GUI While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $CANCEL Exit Case $Userid UpdateGUI() Case $SEARCH UpdateGUI() Case $COPY CopyToClipBoard() Case $MenuItem2 $companydomain = (GUICtrlRead($CompanyDomainGUI)) $newdomain = InputBox("Set new LDAP Domain", "Enter the new value as dc=domain,dc=com" & @CRLF & "The current value is " & $CompanyDomain & @CRLF & @CRLF & "The new value will be written to: " & $domainregsetting, "", "", -1, 170) UpdateDomain($newdomain) Case $MenuItem4 MsgBox(64, "About ...", "This utility was written soley for use by the IT Department at Peter Brett Associates LLP (PBA LLP)" & @CRLF & @CRLF & "It has been made available to you on an as-is basis without any particular warranties or indemnities. Neither the Author nor PBA LLP accept any liablity for anything that may happen to you, your computer, your network or your domain as a result of your decision to use this utility.") Case $CompanyDomainGUI UpdateDomain(GUICtrlRead($CompanyDomainGUI)) EndSwitch WEnd Func CopyToClipBoard() $clipboardtext = "Delegate details for username: " & GUICtrlRead($Userid) $clipboardtext &= GUICtrlRead($adobject) $clipboardtext &= @CRLF $clipboardtext &= @CRLF $clipboardtext &= GUICtrlRead($LabelDelegates) & @CRLF & GUICtrlRead($Delegates) $clipboardtext &= @CRLF $clipboardtext &= GUICtrlRead($LabelDelegatesBL) & @CRLF & GUICtrlRead($DelegatesBL) ClipPut($clipboardtext) EndFunc ;==>CopyToClipBoard Func UpdateDomain($newdomain) If @error = 0 Then If $newdomain Then RegWrite($domainregsetting, "ldapdomain", "reg_sz", $newdomain) GUICtrlSetData($CompanyDomainGUI, $newdomain) EndIf EndIf EndFunc ;==>UpdateDomain Func UpdateGUI() $sCompanyDomain = GUICtrlRead($CompanyDomainGUI) GUICtrlSetData($adobject, FindPropsforUser(GUICtrlRead($Userid), "distinguishedName")) GUICtrlSetData($Delegates, FindPropsforUser(GUICtrlRead($Userid), "publicDelegates")) GUICtrlSetData($DelegatesBL, FindPropsforUser(GUICtrlRead($Userid), "publicDelegatesBL")) If GUICtrlRead($adobject) <> "Nothing Found" Then GUICtrlSetState($COPY, $GUI_ENABLE) GUICtrlSetState($COPY, $GUI_FOCUS) GUICtrlSetState($COPY, $GUI_DEFBUTTON) Else GUICtrlSetState($COPY, $GUI_DISABLE) GUICtrlSetState($Userid, $GUI_FOCUS) EndIf EndFunc ;==>UpdateGUI Func FindPropsforUser($sValue, $sField) Dim $objRecordSet, $objCommand, $objConnection $strname = "" $ADS_SCOPE_SUBTREE = 2 $objConnection = ObjCreate("ADODB.Connection") $objCommand = ObjCreate("ADODB.Command") $objConnection.Provider = "ADsDSOObject" $objConnection.Open("Active Directory Provider") $objCommand.ActiveConnection = $objConnection $objCommand.CommandText = "SELECT " & $sField & " FROM 'LDAP://" & $sCompanyDomain & "' WHERE objectCategory='user' AND sAMAccountName='" & $sValue & "'" $oUser = $objCommand.Execute $output = "" If $sdebug Then MsgBox(1, "", $oUser) EndIf If IsObj($oUser) Then $oDelegates = $oUser.Fields($sField) If IsString($oDelegates.value) Then $output = $oDelegates.value Else For $Value In $oDelegates.value $output &= $Value & @CRLF Next EndIf EndIf If $sdebug Then MsgBox(1, "", $output) EndIf If StringLen($output) < 1 Then $output = "Nothing found" EndIf If @error <> 0 Then Return "User Not Found" Else Return $output EndIf EndFunc ;==>FindPropsforUserOur domain is hard coded as the default, if (when?) you want to use it against your own domain you can set the LDAP domain settings from the Settings menu which will be written to the registry. This is the only footprint that will be left behind when run.RegardsDaviddelegates.au3 Edited November 28, 2015 by Melba23 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now