AD Authentication

[ter-pierre]

Hi Guys!

Does anybody knows a way to send user/password to an M$ Active Directory and looks the answer to know if user/passwrod was accept or not?

tks

Pierre

[exodius]

Does this work for you?

Func _ValidUserPass($username, $computer, $password)
    Local $valid = True
    RunAs($username, $computer, $password, 0, @ComSpec & " /c  echo test", @SystemDir, @SW_HIDE)
    If @error Then $valid = False
    Return $valid
EndFunc   ;==>_ValidUserPass

[EndFunc]

Hi Guys!

Does anybody knows a way to send user/password to an M$ Active Directory and looks the answer to know if user/passwrod was accept or not?

tks

Pierre

Try this,

http://www.autoitscript.com/forum/index.php?showtopic=37378

There are later versions of that UDF throughout the thread. You can do what you are looking fo using some of the funtions in combination with an inputbox or other type of form. I produce my own inputboxes using the adfuntions to authenticate.

[Jango]

Func CheckAdmin($sUser, $sPwd, $sDom)
    RunAs($sUser, $sDom, $sPWD, 0, @SystemDir & "\rundll32.exe", @SystemDir, @SW_HIDE)
    If @error Then
        Return False
    Else
        Return True
    EndIf
EndFunc

This function was primarly to check if the user (entered in a gui) is local admin but it returns false is user and/or password is not correct.

[ter-pierre]

Hi Jango! Very good. That solve my problem.

tks.

Hi EndFunc! Itry to use adfunctions.au3 to check the authentication against AD but I can't found the way... can you help?

thanks anyway.

Pierre

[EndFunc]

Hi Jango! Very good. That solve my problem.

tks.

Hi EndFunc! Itry to use adfunctions.au3 to check the authentication against AD but I can't found the way... can you help?

thanks anyway.

Pierre

Well I have found this, but it has been hard getting it to work. I thik you have to also use the _ADSamAccountNameToFQDN to get the user ID to work

expandcollapse popup

#include <adfunctions.au3>

$oMyError = ObjEvent("AutoIt.Error", "ComError")
msgbox(0,"Validate",UserValidate(@LogonDomain,"unknown-user","userpwd"))
msgbox(0,"Validate",UserValidate(@LogonDomain,"okuser","userpwd"))
msgbox(0,"Validate",UserValidate(@LogonDomain,"Okuser","userpwd","groupdoesnotexist"))
msgbox(0,"Validate",UserValidate(@LogonDomain,"Okuser","userpwd","groupexist"))
Exit
; Check Valid User/Password and optionally in a group 
Func UserValidate($domain, $UserName, $Password, $InGroup="")
    Local $NameSpace = ObjGet("WinNT:")
    Local $ADS_SECURE_AUTHENTICATION = 0x0001
; Check the userid/password combination and on error return a 0
    Local $DomObj = $NameSpace.OpenDSObject("WinNT://" & $domain , $UserName, $Password, $ADS_SECURE_AUTHENTICATION)
    If @error <> 0 Then Return 0
; Optionally check the group membership
    If $InGroup <> "" Then
        $objUser = ObjGet("WinNT://" & $Domain & "/" & $UserName)
        For $oGroup in $objUser.Groups
            If $oGroup.Name = $InGroup Then 
                Return 1
            EndIf
        Next
        Return 0
    EndIf
    Return 1
EndFunc 
;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc  ;==>ComError

[ter-pierre]

EndFunc, thanks again.

exodius, excuse... thanks for your help. This is a realy inteligent way out.

Thanks all