kor Posted April 7, 2009 Share Posted April 7, 2009 Yeah yeah, I've read all the threads with sample LDAP query code but I have no idea what the structure needs to be. Everyone wants to make the OU's and domains variables, but I don't. I want to hard code them into my query, but I don't know how. My sample code is on my work computer but here is the just of what I'm trying to do. (this workstation is NOT on a domain yet) (our domain is called "ad.example.com", we have a domain controller named "noc-dc3" that I wish to use) Prompt for AD username (check to see if this username exists in our domain, if yes continue, if no prompt for another username [loop until valid username]) Prompt for AD password (check to see if the password entered is the correct password for the associated username, if yes continue, if no prompt to re-enter password) Past this part I have all my code that I need (so far) Link to comment Share on other sites More sharing options...
bo8ster Posted April 7, 2009 Share Posted April 7, 2009 If the AutoIt UDFs do not have what you want you will have to turn to what Windows can offer. http://www.ss64.com/nt/ Post your code because code says more then your words can. SciTe Debug mode - it's magic: #AutoIt3Wrapper_run_debug_mode=Y. Use Opt("MustDeclareVars", 1)[topic="84960"]Brett F's Learning To Script with AutoIt V3[/topic][topic="21048"]Valuater's AutoIt 1-2-3, Class... is now in Session[/topic]Contribution: [topic="87994"]Get SVN Rev Number[/topic], [topic="93527"]Control Handle under mouse[/topic], [topic="91966"]A Presentation using AutoIt[/topic], [topic="112756"]Log ConsoleWrite output in Scite[/topic] Link to comment Share on other sites More sharing options...
kor Posted April 7, 2009 Author Share Posted April 7, 2009 Come on, someone must know how to query AD without actually BEING on the domain yet. $strDomain = "MyDomain" $strAccount = "UserName" $objUser = ObjGet("WinNT://" & $strDomain & "/" & $strAccount & ",user") If IsObj($objUser) Then MsgBox(64, "Exists", "User " & $strDomain & "\" & $strAccount & " exists") Else MsgBox(16, "Non-Existing", "User " & $strDomain & "\" & $strAccount & " does not exist") EndIf This code works great if I am already on the domain, but if I test it on a computer that is on a workgroup and returns every user as non-existing. Link to comment Share on other sites More sharing options...
herewasplato Posted April 7, 2009 Share Posted April 7, 2009 Compile the code and start it via the OS runas:http://www.computerhope.com/runas.htm [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
kor Posted April 7, 2009 Author Share Posted April 7, 2009 Compile the code and start it via the OS runas:http://www.computerhope.com/runas.htmTried. Doesn't work. Runas will only recognize the domain if the computer is already a part of it.I need something that can manually connect to active directory without being on the domain. Link to comment Share on other sites More sharing options...
spudw2k Posted April 7, 2009 Share Posted April 7, 2009 (edited) Tried. Doesn't work. Runas will only recognize the domain if the computer is already a part of it. I need something that can manually connect to active directory without being on the domain.Use the /netonly flag. That should work, or lookup RunAs in the Helpfile. It supports netonly. RunAs ( "username", "domain", "password", logon_flags, "filename" ) Parameters username The username to log on with. domain The domain to authenticate against. password The password for the user. logon_flags 0 - Interactive logon with no profile. 1 - Interactive logon with profile. 2 - Network credentials only. 4 - Inherit the calling processes environment instead of the user's. filename The name of the executable (EXE, BAT, COM, or PIF) to run. Edited April 7, 2009 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
kor Posted April 7, 2009 Author Share Posted April 7, 2009 Awesome, the netonly worked. Now my last problem is checking to see if the password entered for a domain account matches the AD password for that user. Any ideas? Link to comment Share on other sites More sharing options...
kor Posted April 7, 2009 Author Share Posted April 7, 2009 (edited) Ok, I found this code and got it to work, but once again it only verifies my password if my computer is already on the domain. $strUser = inputbox("username", "enter username:") $strpassword = inputbox("password", "password:", '', '*') $strDomain = inputbox("domain", "the domain:") MsgBox (0, "", _ValidUserPass ($strUser, $strDomain, $strPassword)) Func _ValidUserPass($username, $computer, $password) Local $valid = True RunAs($username, $computer, $password, 0, @ComSpec & " /c echo test", @SystemDir, @SW_Hide) If @error Then $valid = False Return $valid EndFunc I can't hard code in the variables because multiple people will be using this script so I don't know how to do the runas trick. Is there a way to compile this script into an EXE then do a runas on it but be able to pass the variables to it? Or some other way? Edited April 7, 2009 by kor Link to comment Share on other sites More sharing options...
spudw2k Posted April 7, 2009 Share Posted April 7, 2009 (edited) ...I can't hard code in the variables because multiple people will be using this script so I don't know how to do the runas trick. Is there a way to compile this script into an EXE then do a runas on it but be able to pass the variables to it? Or some other way? If you change the 0 to a 2 in this line RunAs($username, $computer, $password, 0, @ComSpec & " /c echo test", @SystemDir, @SW_Hide) it should be the same as the /netonly flag. If you don't want to hardcode the vars (good choice) then perhaps the runas.exe /netonly is better suited for you. You could pass varibles as cmdline params too. Search for $CMDLINE. I test domain credentials by attempting to map to a network share using "NET USE". Pretty safe way to test without risking locking out the user, unless multiple attempts are made. I do know that using the netonly flag for runas.exe; if the password is incorrect, will lockout the user upon first attempt at connecting to a machine in that domain. Edited April 7, 2009 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
kor Posted April 7, 2009 Author Share Posted April 7, 2009 We don't have any account lock out policies in place so would passing an incorrect password through the runas still lock the account out? We have nothing set for maximum retries for a password in group policy. Link to comment Share on other sites More sharing options...
kor Posted April 7, 2009 Author Share Posted April 7, 2009 (edited) If you change the 0 to a 2 in this line RunAs($username, $computer, $password, 0, @ComSpec & " /c echo test", @SystemDir, @SW_Hide) it should be the same as the /netonly flag. If you don't want to hardcode the vars (good choice) then perhaps the runas.exe /netonly is better suited for you.I tried changing the 0 to a 2, and now run I run it on a workgroup computer it returns true for everything. It doesnt matter what username I use, or a correct or incorrect password. It says everything is true. The goal is to NOT have to have this code as an exe and call it from another script, I want to preform everything within 1 script. I'm hoping there is some way to authenticate or do a runas inside the script itself without having to get something from outside. Can you post your code on how to do a net use to check if AD password is correct? Edited April 7, 2009 by kor Link to comment Share on other sites More sharing options...
kor Posted April 7, 2009 Author Share Posted April 7, 2009 Alright, I've figured out a way instead of netuse I am going to use netdom. Here is my code. $strUser = inputbox("username", "enter username:") $strPassword = inputbox("password", "password:", '', '*') $strDomain = inputbox("domain", "the domain:") $test = "netdom query /domain:" & $strDomain & " /userD:" & $strUser & " /passwordD:" & $strPassword & " dc" $strResult = RunWait(@ComSpec & " /C " & $test,'',@SW_Hide) MsgBox (0, "output", "output: " & $strResult, " blah") The only problem I am having though is my msgbox that displays the output is giving me "output: 0" every time. If I run that exact netdom query command in a dos window it works fine. I've tested the $test var to make sure it's outputing the correct command and it is. Here is the thing I'm interested in. I don't really care about the output of the query command (it returns a list of all DC's on the domain), all I care about is if the command complete successfully. It is either going to give you a list of all the DC's, or it's going to say the username/password was incorrect. That is what I am after. If it says username/password is incorrect then I need to know that somehow, everything else I'm not worried about. Link to comment Share on other sites More sharing options...
spudw2k Posted April 7, 2009 Share Posted April 7, 2009 Check the helpfile for StdoutRead. You can use that to read the output from netdom but only RunAs allows use of "standard_i/o_flag". Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
kor Posted April 7, 2009 Author Share Posted April 7, 2009 SUCCESS. I have it working, finally. Here is my code for everyone else. #include <String.au3> Opt("TrayIconHide", 1); Hides tray icon ; Prompt for AD Username Do $strUsername = InputBox("AD Username", "Please enter your AD username:",'', '', 200, 130, default, default) If @error Then Exit EndIf Until $strUsername <> "" ; Prompt for AD Password $strGoodPassword = 0 Do $strPassword = InputBox("AD Password", "Please enter your AD Password:",'','*M', 200, 130, default, default) If @error Then Exit EndIf $strNetDom = "netdom query /domain:*youdomain* /userD:" & $strUsername & " /passwordD:" & $strPassword & " dc" $strNetDomResult = RunWait(@Comspec & " /C" & $strNetDom,'',@SW_HIDE) If $strNetDomResult <> 0 Then MsgBox (16, "Error", "The password is incorrect") $strGoodPassword = 0 Else $strGoodPassword = 1 EndIf Until $strGoodPassword = 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now