Check location in AD

[daishi5]

I have a script that I was helped with that retrieved a list of machines from a location in AD, and then did some other stuff that is not important.

Now, I want to have a second script that when it runs, it double checks to make sure that the machine is still in that part of the AD, and if it is not the script exits.

I have no experience working with AD, so I was going to take the script that I had, get a list of all the machines and then see if the machine's name is in that list. However, I am pretty sure I am trying to use a hammer on screws. Surely there must be a better way to do this?

This is what I was going to use, but again I am pretty certain this is not the best way to go about this.

expandcollapse popup

#include <Array.au3>
#Include <date.au3>
;declare variables
Opt("MustDeclareVars", 1)
dim $ADlocation
Dim $list[1]
Dim $fail
;retrieve the AD ou container from the network INI file

$ADlocation=string(iniread("\scripts\rebootscript\Reboot.ini", "options", "ADlocation","Error"))

$fail=string(iniread("\scripts\rebootscript\Reboot.ini", "options", "failurefile", "Error"))

_getADComputer()
_checkOnline($list)
;_ArrayDisplay($list)

Func _getADComputer()
    
    Local $objCommand = ObjCreate("ADODB.Command")
    Local $objConnection = ObjCreate("ADODB.Connection")

;open the connection to AD
    $objConnection.Provider = "ADsDSOObject"
    $objConnection.Open("Active Directory Provider")
    $objCommand.ActiveConnection = $objConnection

;combine the inifile setting into an LDAP query, and then query Active directory for the computer list
    Local $strBase = "<LDAP://" & $ADlocation & ">";combine the location
    Local $strFilter = "(objectCategory=computer)";filter for only computers               
    Local $strAttributes = "cn"
    Local $strQuery = $strBase & ";" & $strFilter & ";" & $strAttributes & ";subtree";combine all the previous parts into a full LDAP query

;create the command to be run, and set properties to prevent it from running amok
    $objCommand.CommandText = $strQuery
    $objCommand.Properties("Page Size") = 100
    $objCommand.Properties("Timeout") = 30
    $objCommand.Properties("Cache Results") = False
    Local $ADS_SCOPE_SUBTREE = 5
    $objCommand.Properties("searchscope") = $ADS_SCOPE_SUBTREE
;run the command
    Local $objRecordSet = $objCommand.Execute
;populate the results into the list array
    While Not $objRecordSet.EOF
        If $list[UBound($list) - 1] <> '' Then
            ReDim $list[UBound($list) + 1]
        EndIf

        $list[UBound($list) - 1] = $objRecordSet.Fields("cn" ).Value
        $objRecordSet.MoveNext
    WEnd
 ;close the connection
    $objConnection.Close
    $objConnection = ""
    $objCommand = ""
    $objRecordSet = ""
EndFunc

Edited May 29, 2009 by daishi5

[Inverted]

I got a question myself, what is AD ?

[daishi5]

I got a question myself, what is AD ?

Sorry, active directory.

[water]

Did you have a look at ADfunctions.au3? Latest version can be downloaded from here.

You could use function _ADObjectExists to check if the object exists in the AD tree. Set $strDNSDomain to the subtree you want to check.

[Tec]

Use $strFilter for this.

Example:

expandcollapse popup

#include <Array.au3>
#Include <date.au3>

Opt("MustDeclareVars", 1)
dim $ADlocation
Dim $list[1]

_getADComputer("COMPUTERNAME")
If StringLen($list[0]) > 0 Then
    _ArrayDisplay($list)
Else
    MsgBox( 4096, "Error", "PC not in List")
EndIf


Func _getADComputer($strComputer)
    
    Local $objCommand = ObjCreate("ADODB.Command")
    Local $objConnection = ObjCreate("ADODB.Connection")

;open the connection to AD
    $objConnection.Provider = "ADsDSOObject"
    $objConnection.Open("Active Directory Provider")
    $objCommand.ActiveConnection = $objConnection

;combine the inifile setting into an LDAP query, and then query Active directory for the computer list
    Local $strBase = "<LDAP://dc=DOMAIN,dc=LOCAL>"  
    Local $strFilter = "(&(objectCategory=computer)(cn=" & $strComputer & "))";filter for only computers              
    Local $strAttributes = "cn"
    Local $strQuery = $strBase & ";" & $strFilter & ";" & $strAttributes & ";subtree";combine all the previous parts into a full LDAP query

;create the command to be run, and set properties to prevent it from running amok
    $objCommand.CommandText = $strQuery
    $objCommand.Properties("Page Size") = 100
    $objCommand.Properties("Timeout") = 30
    $objCommand.Properties("Cache Results") = False
    Local $ADS_SCOPE_SUBTREE = 5
    $objCommand.Properties("searchscope") = $ADS_SCOPE_SUBTREE
;run the command
    Local $objRecordSet = $objCommand.Execute
;populate the results into the list array
    While Not $objRecordSet.EOF
        If $list[UBound($list) - 1] <> '' Then
            ReDim $list[UBound($list) + 1]
        EndIf

        $list[UBound($list) - 1] = $objRecordSet.Fields("cn" ).Value
        $objRecordSet.MoveNext
    WEnd
;close the connection
    $objConnection.Close
    $objConnection = ""
    $objCommand = ""
    $objRecordSet = ""
EndFunc

Edited June 2, 2009 by Tec