supersonic Posted July 24, 2009 Share Posted July 24, 2009 Hi! I'm trying to figure out whether the CURRENTLY LOGGED ON user has AD write permissons or not. Therefore I use the UDF adfunctions.au3 (latest release; see "Download"). With the function called _ADHasFullRights() I check for access rights to the user object "Administrator": MsgBox(0, "", _ADHasFullRights(_ADSamAccountNameToFQDN("Administrator"), @UserName), 0) As described in the UDF you have to activate the following code line (after global defs): _ADRecursiveGetMemberOf ($loggedonusergroups, _ADSamAccountNameToFQDN (@UserName)) ... I have done so. My problem is: Even when the currently logged on user has successfully authenticated against the AD as Administrator (e. g. "NET.EXE USER \\SERVER\IPC$ /USER:DOMAIN\Administrator <PASSWORD>") and can actually write to the AD the functions always returns 0. When running the function against e. g. "Administrator" (or any other administrative user account) the functions returns 1: MsgBox(0, "", _ADHasFullRights(_ADSamAccountNameToFQDN("Administrator"), "Administrator"), 0) Maybe the function checks for access rights only within the AD? Anyone any idea to solve this issue? Greets, -supersonic. Link to comment Share on other sites More sharing options...
99ojo Posted July 24, 2009 Share Posted July 24, 2009 Hi! I'm trying to figure out whether the CURRENTLY LOGGED ON user has AD write permissons or not. Therefore I use the UDF adfunctions.au3 (latest release; see "Download"). With the function called _ADHasFullRights() I check for access rights to the user object "Administrator": MsgBox(0, "", _ADHasFullRights(_ADSamAccountNameToFQDN("Administrator"), @UserName), 0) As described in the UDF you have to activate the following code line (after global defs): _ADRecursiveGetMemberOf ($loggedonusergroups, _ADSamAccountNameToFQDN (@UserName)) ... I have done so. My problem is: Even when the currently logged on user has successfully authenticated against the AD as Administrator (e. g. "NET.EXE USER \\SERVER\IPC$ /USER:DOMAIN\Administrator <PASSWORD>") and can actually write to the AD the functions always returns 0. When running the function against e. g. "Administrator" (or any other administrative user account) the functions returns 1: MsgBox(0, "", _ADHasFullRights(_ADSamAccountNameToFQDN("Administrator"), "Administrator"), 0) Maybe the function checks for access rights only within the AD? Anyone any idea to solve this issue? Greets, -supersonic. Hi, i think the problem is, that the function uses macro reference @UserName. This is currently logged on user. I think this value doesn't change, even if you use your mentioned 'net.exe User....'. Just try: msgbox (0,"",@Username) RunWait (@comspec & " /c " & "NET.EXE USER \\SERVER\IPC$ /USER:DOMAIN\Administrator <PASSWORD>") msgbox (0,"",@Username) ;-)) Stefan Link to comment Share on other sites More sharing options...
supersonic Posted July 24, 2009 Author Share Posted July 24, 2009 Running the NET command will not change value for @UserName, of course... But how can I figure out whether a user have authenticated himself againt the AD by a different user/password? Maybe _ADHasFullRights() is not the way to go... Hi, i think the problem is, that the function uses macro reference @UserName. This is currently logged on user. I think this value doesn't change, even if you use your mentioned 'net.exe User....'. Just try: msgbox (0,"",@Username) RunWait (@comspec & " /c " & "NET.EXE USER \\SERVER\IPC$ /USER:DOMAIN\Administrator <PASSWORD>") msgbox (0,"",@Username) ;-)) Stefan Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now