Jump to content
Sign in to follow this  
jerem488

Users in active directory

Recommended Posts

jerem488

Hello,

I wanted to know how I can tell the group to which a user is in active directory?

thanks in advance


Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
PsaltyDS

Hello,

I wanted to know how I can tell the group to which a user is in active directory?

thanks in advance

Using LDAP interface:
#include <array.au3>

Global $oMyError = ObjEvent("AutoIt.Error", "MyErrFunc")

Global $sServer = "myserver.mydomain.com"
Global $sUserPath = "cn=User Name, ou=Users, ou=Users and Computers, dc=mydomain, dc=com"
Global $oUser, $avGroups

; Get user object
Local $oUser = ObjGet("LDAP://" & $sServer & "/" & $sUserPath)
If IsObj($oUser) Then
    $avGroups = $oUser.GetEx("memberof")
    If IsArray($avGroups) Then
        _ArrayDisplay($avGroups, "$avGroups")
    Else
        MsgBox(16, "Error", "$avGroups is not an array.")
    EndIf
Else
    MsgBox(16, "Error", "$oUser is not an object.")
EndIf

Func MyErrFunc()
    $HexNumber = Hex($oMyError.number, 8)
    MsgBox(0, "", "We intercepted a COM Error !" & @CRLF & _
            "Number is: " & $HexNumber & @CRLF & _
            "Windescription is: " & $oMyError.windescription)

    $g_eventerror = 1; something to check for when this function returns
EndFunc  ;==>MyErrFunc

Note that you can get varied results based on the server that you query (specified by $sServer). If it is a member server, DC, or has the GC you can different results for each. So do some research on the results.

:mellow:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
jerem488

I can't test this code this evening.

I could tomorrow. But if this code works, you are an engineering ! :mellow:

Because I have long searched.......

And no response.

thank you


Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
jerem488

I have an error when I execute this code,

But I have only a small question...

When you put :

Global $sUserPath = "cn=User Name, ou=Users, ou=Users and Computers, dc=mydomain, dc=com"

I have informed all except "ou=Users and Computers", I don't see wht I must inform here, so I deleted this field.

cn=user name ==>> the user name it's simply !

ou = users, I have put the organization unit name...

ou=Users and Computers = not filled

dc= my domain (it's clear)

and dc = fr

and when I execute this code I have an error message

thanks

post-24962-1225877511_thumb.png

Edited by jerem488

Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
jerem488

I tested while putting

Global $sUserPath = "cn=User1, ou=My Organisation Unit, ou=User1, dc=mydomain, dc=fr"

We intercepted a COM Error! Number is: 80072030.


Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
PsaltyDS

I tested while putting

Global $sUserPath = "cn=User1, ou=My Organisation Unit, ou=User1, dc=mydomain, dc=fr"

We intercepted a COM Error! Number is: 80072030.

Go into Active Directory Users and Computers tool on the mydomain.fr domain. When you drill down to User1, what OU's do you drill down through? The path you describe above would be:

; mydomain.fr
;   User1  <--- Is this really an OU?
;       My Oranisation Unit
;           User1  <--- actual user container object

Is that really what it looks like?

Also use the Display Name of the user, not for example login ID. You might have login ID of User1 but Display Name of "User One".

:mellow:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
jerem488

In Active Directory I have like in the picture :

post-24962-1225976586_thumb.jpg


Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
PsaltyDS

In Active Directory I have like in the picture :

So, it would be more like:
Global $sUserPath = "cn=utilisateur1, ou=PPC, dc=ppc, dc=freyssinet, dc=com"

It looks like your convention if for the display name and login to be the same, and the users you show are all in the PPC OU.

:mellow:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
jerem488

I might try it next Monday

I hope it works well :mellow:

thank you.


Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
jerem488

Hello,

Oh sorry... :mellow:

But I tried to reproduce the "Active directory" of my business but in fact it is not just that.

It's rather this picture :

post-24962-1226305492_thumb.jpg


Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
PsaltyDS

Hello,

Oh sorry... :mellow:

But I tried to reproduce the "Active directory" of my business but in fact it is not just that.

It's rather this picture :

So... does it work after you correct the LDAP path string?

:(


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
jerem488

No.... not yet :mellow:

I put this code :

Global $sUserPath = "cn=COMBCT, ou=PPC, dc=dppc dc=fr"
Edited by jerem488

Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
PsaltyDS

No.... not yet :(

I put this code :

Global $sUserPath = "cn=COMBCT, ou=PPC, dc=dppc dc=fr"
And what happens? Do you get a COM error, an error MsgBox, or what?

:mellow:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
jerem488

Yes I have an error message

ad_error.bmp

post-24962-1226927728_thumb.jpg

Edited by jerem488

Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
PsaltyDS

Yes I have an error message

Is this typo still in your path string?

Global $sUserPath = "cn=COMBCT, ou=PPC, dc=dppc, dc=fr"

:mellow:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
jerem488

pfffff

I'm really stupid ! ! :mellow:

so the program works, thnak you...

But I would like to have the name of the service found in the windows Active Directory

post-24962-1227008596_thumb.jpg

Edited by jerem488

Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
PsaltyDS

so the program works, thnak you...

But I would like to have the name of the service found in the windows Active Directory

Service? What kind of service? I don't have that column available in my AD Users and Computers, so I don't know what you are looking for.

:mellow:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
jerem488

hello,

we cand find this colum is in the properties of the users. In the part "organization".

Edited by jerem488

Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites
PsaltyDS

hello,

we cand find this colum is in the properties of the users. In the part "organization".

I only have Title/Company/Department/Manager on that tab. But the schema is extensible, maybe "Service" was added to the schema for your particular domain.

:mellow:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
jerem488

No, not on the principal window of Active directory but if you make a mouse click on a user and choose properties, in the new window of the selected user, you have a part "organization".


Qui ose gagneWho Dares Win[left]CyberExploit[/left]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.