druiddk Posted March 9, 2009 Share Posted March 9, 2009 Hi,Im trying to build a list of AD users that are members of Domain Users.I found the adfunctions.au3 and thought I could use _ADGetGroupMembers.Here is my short script:#include <adfunctions.au3> Dim $members _ADGetGroupMembers($members, "Domain Users") _ArrayDisplay($members, "Debug: Test")However I recieve an error:C:\Documents and Settings\adm-rah\Desktop\adfunctions\adfunctions.au3 (426) : ==> Object referenced outside a "With" statement.: $membersadd = $objRecordSet.fields (0).Value $membersadd = $objRecordSet.fields (0)^ ERROR >Exit code: 1 Time: 0.333Any ideas what I am doing wrong? Link to comment Share on other sites More sharing options...
someone Posted March 9, 2009 Share Posted March 9, 2009 Your using the SAM name of the group, as opposed to the Full Distringuished Name. To check out what the FN looks like, use MsgBox(0, "", _ADSamAccountNameToFQDN("Domain Users")) To return the members using the name like you are just use _ADGetGroupMembers($array, _ADSamAccountNameToFQDN("Domain Users")) However I should point out that I wasn't able to get the members of Domain Users even though I could get the members of other groups with that code. I'm not sure if there is some restriction or if maybe there are just too many users to display(?). If anyone knows for sure I'd be interested to hear the answer. While ProcessExists('Andrews bad day.exe') BlockInput(1) SoundPlay('Music.wav') SoundSetWaveVolume('Louder') WEnd Link to comment Share on other sites More sharing options...
druiddk Posted March 9, 2009 Author Share Posted March 9, 2009 Ahh!! I have been twisting and turning my head about this all day. I really wish there was some practical examples for each function. Hmm, would it be possible using _ADRecursiveGetMemberOf perhaps to show all members of a group - even if they are not directly member? I tried using _ADRecursiveGetMemberOf but it only showed groups that were members - not the users. Link to comment Share on other sites More sharing options...
druiddk Posted March 9, 2009 Author Share Posted March 9, 2009 Hmm... your right on Domain Users though, it works fine for Domain Admins for example however. Link to comment Share on other sites More sharing options...
/dev/null Posted March 9, 2009 Share Posted March 9, 2009 Using Ldapbrowser (from ldapbrowser.com) shows that there is no "member" attribute for the object "Domain Users". However, the "member" attribute is defined for other windows groups. "Domain Users" has a special meaning in windows and every user is a "member" of that group by definition, so there is no need for the member attribute. However, that means, that it is impossible to find all members of the "domain users" group via LDAP, at least not in the way you tried it. There is however an attribute for each user, which is called "primaryGroupID". You can check the value of that attribute. "Domain Users" has the value 513. See also here: http://support.microsoft.com/kb/321360/en-usCheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
/dev/null Posted March 9, 2009 Share Posted March 9, 2009 O.K. and here is the script to retrieve the users based on the attribute primaryGroupID. Please CHANGE the defintion of $domain!! Works on my test system! #include <array.au3> Local $domain = "dc=yourdomain,dc=local"; <=== CHANGE THIS !!! Local $objCommand = ObjCreate("ADODB.Command") Local $objConnection = ObjCreate("ADODB.Connection") $objConnection.Provider = "ADsDSOObject" $objConnection.Open ("Active Directory Provider") $objCommand.ActiveConnection = $objConnection Local $strBase = "<LDAP://$domain>" Local $strFilter = "(&(objectCategory=person)(objectClass=user)(primaryGroupID=513))" Local $strAttributes = "cn,samAccountName" Local $strQuery = $strBase & ";" & $strFilter & ";" & $strAttributes & ";subtree" $objCommand.CommandText = $strQuery $objCommand.Properties ("Page Size") = 100 $objCommand.Properties ("Timeout") = 30 $objCommand.Properties ("Cache Results") = False Local $objRecordSet = $objCommand.Execute While Not $objRecordSet.EOF $strtemplateCN = $objRecordSet.Fields("samAccountName").value ConsoleWrite($strtemplateCN & @CRLF) $objRecordSet.MoveNext Wend $objConnection.Close Cheers Kurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
druiddk Posted March 9, 2009 Author Share Posted March 9, 2009 i changed the $domain as specified to our local info. However I recieve an error: test.au3 (45) : ==> Object referenced outside a "With" statement.: $strtemplateCN = $objRecordSet.Fields("samAccountName").value $strtemplateCN = $objRecordSet.Fields("samAccountName")^ ERROR Also, any ideas on how to lookup the description of a specific group? Thank you very much in advance! Link to comment Share on other sites More sharing options...
/dev/null Posted March 9, 2009 Share Posted March 9, 2009 i changed the $domain as specified to our local info.However I recieve an error:test.au3 (45) : ==> Object referenced outside a "With" statement.:$strtemplateCN = $objRecordSet.Fields("samAccountName").value$strtemplateCN = $objRecordSet.Fields("samAccountName")^ ERRORAlso, any ideas on how to lookup the description of a specific group?Thank you very much in advance!Hm.. then most certainly the $domain string is not correct. Can you post it here or PM me?What do you mean by "description of a specific group"? The LDAP "description" attribute of an object? __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
someone Posted March 9, 2009 Share Posted March 9, 2009 I'm getting the same error as druiddk; I'm very sure the $domain variable is correct, but I can PM you the info if you want. The com handler says $objRecordSet.EOF is not an object. I didn't do much digging around though to try to figure out the problem myself though. I'll try to later. While ProcessExists('Andrews bad day.exe') BlockInput(1) SoundPlay('Music.wav') SoundSetWaveVolume('Louder') WEnd Link to comment Share on other sites More sharing options...
/dev/null Posted March 9, 2009 Share Posted March 9, 2009 I'm getting the same error as druiddk; I'm very sure the $domain variable is correct, but I can PM you the info if you want. The com handler says $objRecordSet.EOF is not an object. I didn't do much digging around though to try to figure out the problem myself though. I'll try to later.That's because $objRecordSet is not an object because $objCommand.Execute did not return anything. As it works on my system, I can only guess what's wrong. As you changed only the definition of $domain, that's most certainly the problem. Please PM me your definition of $domain and the output of "ipconfig /all" on the computer where you run the script. BTW: Do you have enough access rights to search the LDAP directory?Oh and another thing: I did just a quick check on the DC itself, not any member server. Maybe that's an issue as well!CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
/dev/null Posted March 9, 2009 Share Posted March 9, 2009 before you PM me please check this: Samples: Your Domain "test.local" => $domain = "dc=test,dc=local" Your Domain "xzy.int" => $domain = "dc=xyz,dc=int" Your Domain "hellotest.com" => $domain = "dc=hellotest,dc=com" I hope you see the pattern. Please check again if your definition of $domain is correct. Cheers Kurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
druiddk Posted March 9, 2009 Author Share Posted March 9, 2009 Hm.. then most certainly the $domain string is not correct. Can you post it here or PM me?What do you mean by "description of a specific group"? The LDAP "description" attribute of an object?Im at home now but I am very certain the $domain string was correct. I ran the script as a domain admin user from my XP box (which is of course member of the domain).The description is the ldap description that you can see beside group names in "Active directory users and computers" utility on domain controllers.I really appreciate your help in this manner. Link to comment Share on other sites More sharing options...
someone Posted March 9, 2009 Share Posted March 9, 2009 Sorry druiddk I meant to cc you on my PM to Kurt so we were all on the same page. He said he would look into it and it looked like I was doing it right. I can't spend time on it right now but tomorrow if no one has answered your question about the description I'll look into it. While ProcessExists('Andrews bad day.exe') BlockInput(1) SoundPlay('Music.wav') SoundSetWaveVolume('Louder') WEnd Link to comment Share on other sites More sharing options...
druiddk Posted March 9, 2009 Author Share Posted March 9, 2009 Hey someone Thank you very much! Super nice to see people helping out like this - very appreciated! Link to comment Share on other sites More sharing options...
/dev/null Posted March 9, 2009 Share Posted March 9, 2009 (edited) Sorry guys, it was a "bug" in my script. I did some changes without testing them before I posted it :-( Local $strBase = "<LDAP://$domain>" should be Local $strBase = "<LDAP://" & $domain & ">" I did a lot perl programming lately and not that much AutoIT :-)) So, here is the whole script again. This time tested and working on the DC, a member PC, with or without admin rights. Local $domain = "dc=yourdomain,dc=local"; <=== CHANGE THIS !!! Local $objCommand = ObjCreate("ADODB.Command") Local $objConnection = ObjCreate("ADODB.Connection") $objConnection.Provider = "ADsDSOObject" $objConnection.Open ("Active Directory Provider") $objCommand.ActiveConnection = $objConnection Local $strBase = "<LDAP://" & $domain & ">" Local $strFilter = "(&(objectCategory=person)(objectClass=user)(primaryGroupID=513))" Local $strAttributes = "cn,samAccountName" Local $strQuery = $strBase & ";" & $strFilter & ";" & $strAttributes & ";subtree" $objCommand.CommandText = $strQuery $objCommand.Properties ("Page Size") = 100 $objCommand.Properties ("Timeout") = 30 $objCommand.Properties ("Cache Results") = False Local $objRecordSet = $objCommand.Execute While Not $objRecordSet.EOF $strtemplateCN = $objRecordSet.Fields("samAccountName").value ConsoleWrite($strtemplateCN & @CRLF) $objRecordSet.MoveNext Wend $objConnection.Close Please try again... Cheers Kurt Edited March 9, 2009 by /dev/null __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
druiddk Posted March 10, 2009 Author Share Posted March 10, 2009 (edited) Thank you Kurt - its working perfectly now! I am guessing I should use _ADGetObjectAttribute to get the LDAP description of a group, but I am not really sure how to use it. I tried to just use it as _ADGetObjectAttribute("Group name", "description") but I am guessing this is wrong. EDIT: This actually works - I must have made a typo somewhere when I was testing it, sorry! Edited March 10, 2009 by druiddk Link to comment Share on other sites More sharing options...
someone Posted March 10, 2009 Share Posted March 10, 2009 Yep that did the trick. Probably should have noticed that myself... Thanks a lot Kurt! While ProcessExists('Andrews bad day.exe') BlockInput(1) SoundPlay('Music.wav') SoundSetWaveVolume('Louder') WEnd Link to comment Share on other sites More sharing options...
/dev/null Posted March 10, 2009 Share Posted March 10, 2009 Thanks a lot Kurt!you're welcome.CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf * Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now