Jump to content

Active Directory Enumeration


Recommended Posts

Hey there,

First of all - new user to the forum and AutoIT.

I've been using Kixtart for some considerable time but am keen to expand my scripting knowledge so I can use the right tool for the right job. I've noticed that AutoIT seems to be alot better to use when it comes to building GUI tools and seems to have a more 'C-Like' feel to it (I've got a bit of a background in C) and a big plus... it has TCP/UDP socket handling built in.

So I'm looking at learning AutoIT (I've downloaded the tutorial) - however I'm curious as to how I can get AutoIT to enumerate all user objects in an active directory forest.

Does anyone have a quick example I can look at and expand upon? I've downloaded the 'adfunctions' tools but I'm still a little confused, it looks like it all uses ADO.

Any thoughts or ideas?

Az

Link to comment
Share on other sites

Hi Azrael,

welcome on board!

I've written some tools to display users and groups and so on ... please see here.

HTH

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Hi Azrael,

welcome on board!

I've written some tools to display users and groups and so on ... please see here.

HTH

Thank you water :)

After looking around and poking around - it turns out my code is what was flawed.

However, now I'm unsure how to make it output to the console window.

I can enumerate the AD objects - but I want them in a list - in KIX I can simply use KIX32 (which is the non-Windows) version, which uses the current command-prompt window.

I have tried ConsoleWrite but it doesn't show anything at all - am I missing something really simple here?

Thanks :)

Az

Link to comment
Share on other sites

Do you compile and then run your script? For a compiled script there is no Console to write to.

Can you post your code so we can have a look at it?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Do you compile and then run your script? For a compiled script there is no Console to write to.

Can you post your code so we can have a look at it?

Aha! I think this may be my problem - unlike KIX, I have to compile the AutoIT code before it will write to a console. I didn't do this and thought I could just run it using 'autoit3.exe test.au3'.

As for a look at it - sure :)

KIX:

CODE
$SearchDomain = "MYDOM"

$SearchDomainDNS = "mydom.local"

$adsDomain = GetObject("WinNT://" + $SearchDomain + ",Domain")

$adsDomain.Filter = "User",""

For Each $Element in $adsDomain

$Username = $Element.Name

? "$Username"

Next

AutoIT:

CODE
Local $adsDomain, $SearchDomain, $Object, $SearchDomainDNS, $Username

$SearchDomain = "MYDOM"

$SearchDomainDNS = "mydom.local"

$adsDomain = ObjGet("WinNT://" & $SearchDomain & ",Domain")

$adsDomain.Filter = '"User",""'

For $Element In $adsDomain

$Username = $Element.Name

ConsoleWrite("$Username")

Next

Az

Link to comment
Share on other sites

To get a list of all users using adfunctions.au3 your script would look like:

#include <adfunctions.au3>
Global $asUser[2][5]                                            ; Table with max. 5 attribute per user
Global $sOU = "DC=microsoft,DC=com"                             ; Root of your AD or branch where to start
_ADGetObjectsInOU($asUser, $sOU, "(objectCategory=user)", 2, "department,cn,distinguishedName,sAMAccountName")
_ArrayDisplay($asUser)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

To get a list of all users using adfunctions.au3 your script would look like:

#include <adfunctions.au3>
Global $asUser[2][5]                                            ; Table with max. 5 attribute per user
Global $sOU = "DC=microsoft,DC=com"                             ; Root of your AD or branch where to start
_ADGetObjectsInOU($asUser, $sOU, "(objectCategory=user)", 2, "department,cn,distinguishedName,sAMAccountName")
_ArrayDisplay($asUser)
Ah nice :)

Makes it look alot more compact.

I'm assuming that all LDAP queries must use ADO?

Az

Link to comment
Share on other sites

You could use WinNT as well. See this post or search the forum for "+WinNT +active +directory" and you'll get a lot of hits.

I use LDAP and the adfunctions udf because it has all the functions I need. Therefore I can concentrate on the GUI and the filters.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

You could use WinNT as well. See this post or search the forum for "+WinNT +active +directory" and you'll get a lot of hits.

I use LDAP and the adfunctions udf because it has all the functions I need. Therefore I can concentrate on the GUI and the filters.

Ah, I tried the script above and it doesn't work - it returns a GUI but the array seems to be empty.

It doesn't make any difference if I give it the full DN (OU=SomeOU,DC=mydom,DC=local) or whether I just give it the domain name.

I have the adfunctions.au3 included where it should be, but it doesn't display anything at all and I have no idea why.

Az

Link to comment
Share on other sites

What version of adfunctions do you use? Version 3.1 had a bug in _ADGetObjectsInOU. Could you please download the current version from here and try again?

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

What version of adfunctions do you use? Version 3.1 had a bug in _ADGetObjectsInOU. Could you please download the current version from here and try again?

Did that and still nothing - I will check on another PC incase my PC colour scheme makes it impossible to read.

Nope - the form appears, lots of grid-lines and 2 rows, but no data.

I'm guessing it's meant to display something.

Az

Edit: Okay, it works on my local domain - but does not work on a remote domain (I'm an Enterprise Admin across the site) - is this usual behaviour?

Edited by Azrael
Link to comment
Share on other sites

Aha! I think this may be my problem - unlike KIX, I have to compile the AutoIT code before it will write to a console.

If you want it to write to the console, you need to compile it as a console app (GUI is default). You can do that with a commandline option to Aut2Exe.exe of "/console", or put a compiler directive at the top of your script:
#AutoIt3Wrapper_Change2CUI=y

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites

Haven't done it myself but when you have a look at the adfunctions udf you have to change 3 lines to connect to another AD domain.

Global $objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext"); Retrieve the current AD domain name
Global $strHostServer = $objRootDSE.Get("dnsHostName"); Retrieve the name of the connected DC
Global $strConfiguration = $objRootDSE.Get("ConfigurationNamingContext"); Retrieve the Configuration naming context

; Or use comment out above 3 lines and uncomment below to specify settings:
;Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"
;Global $strHostServer = "servername.subdomain.example.com"
;Global $strConfiguration = "CN=Configuration,DC=subdomain,DC=example,DC=com"
I have only one domain so could you please test the following code:
#include <adfunctions.au3>
Global $asUser[2][5]                                            ; Table with max. 5 attribute per user
Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"                          ; <== Replace with your values
Global $strHostServer = "servername.subdomain.example.com"                       ; <== Replace with your values
Global $strConfiguration = "CN=Configuration,DC=subdomain,DC=example,DC=com"     ; <== Replace with your values
Global $sOU = "DC=microsoft,DC=com"                             ; Root of your AD or branch where to start
_ADGetObjectsInOU($asUser, $sOU, "(objectCategory=user)", 2, "department,cn,distinguishedName,sAMAccountName")
_ArrayDisplay($asUser)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Im am by no standard an expert on this, but recently ran into authentication problems when trying to query from a non domain pc.

You may want to look at my latest post on how to build the ADODB.Connection with different credentials aswell

+==================================================================+| The Definition of Madness: Creating a GUI, with GUI automation scripts |+==================================================================+
Link to comment
Share on other sites

Haven't done it myself but when you have a look at the adfunctions udf you have to change 3 lines to connect to another AD domain.

Global $objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get("defaultNamingContext"); Retrieve the current AD domain name
Global $strHostServer = $objRootDSE.Get("dnsHostName"); Retrieve the name of the connected DC
Global $strConfiguration = $objRootDSE.Get("ConfigurationNamingContext"); Retrieve the Configuration naming context

; Or use comment out above 3 lines and uncomment below to specify settings:
;Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"
;Global $strHostServer = "servername.subdomain.example.com"
;Global $strConfiguration = "CN=Configuration,DC=subdomain,DC=example,DC=com"
I have only one domain so could you please test the following code:
#include <adfunctions.au3>
Global $asUser[2][5]                                            ; Table with max. 5 attribute per user
Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"                          ; <== Replace with your values
Global $strHostServer = "servername.subdomain.example.com"                       ; <== Replace with your values
Global $strConfiguration = "CN=Configuration,DC=subdomain,DC=example,DC=com"     ; <== Replace with your values
Global $sOU = "DC=microsoft,DC=com"                             ; Root of your AD or branch where to start
_ADGetObjectsInOU($asUser, $sOU, "(objectCategory=user)", 2, "department,cn,distinguishedName,sAMAccountName")
_ArrayDisplay($asUser)

Oddly enough if I use the WinNT provider (WINNT://) I can happily connect to my other domains, I guess I hadn't used ADO all that much.

Your code above works though - I made a few changes as usually your DNS Domain is the same across the variables.

Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"
Global $strHostServer = "servername.subdomain.example.com"
Global $strConfiguration = "CN=Configuration,DC=subdomain,DC=example,DC=com"
Global $sOU = "DC=microsoft,DC=com"

Becomes:

Global $strDNSDomain = "DC=subdomain,DC=example,DC=com"
Global $strHostServer = "servername.subdomain.example.com"
Global $strConfiguration = "CN=Configuration," & $strDNSDomain
Global $sOU = $strDNSDomain

Obviously in $sOU you add any specifics you need there :)

But now it works - thankfully :)

Appreciate all your help - now I just need to work out to how to manipulate the data it returns but that's just standard LDAP filters.

Az

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...