supersonic Posted July 24, 2009 Posted July 24, 2009 Hi! I'm trying to figure out whether the CURRENTLY LOGGED ON user has AD write permissons or not. Therefore I use the UDF adfunctions.au3 (latest release; see "Download"). With the function called _ADHasFullRights() I check for access rights to the user object "Administrator": MsgBox(0, "", _ADHasFullRights(_ADSamAccountNameToFQDN("Administrator"), @UserName), 0) As described in the UDF you have to activate the following code line (after global defs): _ADRecursiveGetMemberOf ($loggedonusergroups, _ADSamAccountNameToFQDN (@UserName)) ... I have done so. My problem is: Even when the currently logged on user has successfully authenticated against the AD as Administrator (e. g. "NET.EXE USER \\SERVER\IPC$ /USER:DOMAIN\Administrator <PASSWORD>") and can actually write to the AD the functions always returns 0. When running the function against e. g. "Administrator" (or any other administrative user account) the functions returns 1: MsgBox(0, "", _ADHasFullRights(_ADSamAccountNameToFQDN("Administrator"), "Administrator"), 0) Maybe the function checks for access rights only within the AD? Anyone any idea to solve this issue? Greets, -supersonic.
99ojo Posted July 24, 2009 Posted July 24, 2009 Hi! I'm trying to figure out whether the CURRENTLY LOGGED ON user has AD write permissons or not. Therefore I use the UDF adfunctions.au3 (latest release; see "Download"). With the function called _ADHasFullRights() I check for access rights to the user object "Administrator": MsgBox(0, "", _ADHasFullRights(_ADSamAccountNameToFQDN("Administrator"), @UserName), 0) As described in the UDF you have to activate the following code line (after global defs): _ADRecursiveGetMemberOf ($loggedonusergroups, _ADSamAccountNameToFQDN (@UserName)) ... I have done so. My problem is: Even when the currently logged on user has successfully authenticated against the AD as Administrator (e. g. "NET.EXE USER \\SERVER\IPC$ /USER:DOMAIN\Administrator <PASSWORD>") and can actually write to the AD the functions always returns 0. When running the function against e. g. "Administrator" (or any other administrative user account) the functions returns 1: MsgBox(0, "", _ADHasFullRights(_ADSamAccountNameToFQDN("Administrator"), "Administrator"), 0) Maybe the function checks for access rights only within the AD? Anyone any idea to solve this issue? Greets, -supersonic. Hi, i think the problem is, that the function uses macro reference @UserName. This is currently logged on user. I think this value doesn't change, even if you use your mentioned 'net.exe User....'. Just try: msgbox (0,"",@Username) RunWait (@comspec & " /c " & "NET.EXE USER \\SERVER\IPC$ /USER:DOMAIN\Administrator <PASSWORD>") msgbox (0,"",@Username) ;-)) Stefan
supersonic Posted July 24, 2009 Author Posted July 24, 2009 Running the NET command will not change value for @UserName, of course... But how can I figure out whether a user have authenticated himself againt the AD by a different user/password? Maybe _ADHasFullRights() is not the way to go... Hi, i think the problem is, that the function uses macro reference @UserName. This is currently logged on user. I think this value doesn't change, even if you use your mentioned 'net.exe User....'. Just try: msgbox (0,"",@Username) RunWait (@comspec & " /c " & "NET.EXE USER \\SERVER\IPC$ /USER:DOMAIN\Administrator <PASSWORD>") msgbox (0,"",@Username) ;-)) Stefan
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now