antmar904

Also, when I use powershell "Get-Aduser username -pr *" the CN attribute retuned is the whole users display name BUT the CanonicalName attribute returns what I want to search for in my script...

Yes, the DC holds more accounts with either "consultants" or "contractor" in their cn. I modified to connect to GC on port 3269 and still only returned one results.

Here is the quick test script: #include <AD.au3> #include <MsgBoxConstants.au3> _AD_Open() If @error Then Exit MsgBox("", "", "Active Directory Error. Function _AD_Open encountered a problem. Error: " & @error & " extended error: " & @extended) $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(cn=*Contractor*))", 2, "sAMAccountName,Name") ;Debug _ArrayDisplay($aUserObjects) _AD_Close() Exit I'm using AD.au3 version 1.6.1.0

More

This is returning one user account in the array who's cn is "mydomain.internal/Users/Service Contractor" $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(cn=*Contractor*))", 2, "sAMAccountName,Name") This is the only thing it's returning to be clear. I have many other accounts that have "contractor" in their cn.

This returns nothing: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(canonicalname=*Contractor*))", 2, "sAMAccountName,Name")

For which line? Sorry

Test 1 example 2: It successfully returns the: sAMAccountName, CN, Name

I'm having more issues with this. I was also trying to connect to GC so I can also query users in our sub-domains but now it's only returning the sAMAccountName and Name. The accountExpires is missing only when connecting to Global Catalog.

Even using the following returns nothing. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(canonicalname=*Contractor*))", 2, "sAMAccountName,accountExpires,Name")

This not returning anything and no errors: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(cn=*Contractor*))", 2, "sAMAccountName,accountExpires,Name")

Ok, just a fyi this has been working for me all along: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*))))", 2, "sAMAccountName,accountExpires,Name") It's when I add the two CN filters at the end that's when it does not work: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*)(cn=*contractor*)(cn=*consultant*))))", 2, "sAMAccountName,accountExpires,Name") to answer your question this does work: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(description=*contractor*))", 2, "sAMAccountName,accountExpires,Name") and this works also: $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(description=*Contractor*))", 2, "sAMAccountName,accountExpires,Name")

Hi This is not working, no errors produced it's just not returning my test account which has "Consultants" in the CN. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*)(cn=*contractor*)(cn=*consultant*))))", 2, "sAMAccountName,accountExpires,Name")

Hi. I am having issues filtering accounts by CanonicalName. I'd like to add to my current filter any user object that has the word "consultant" or "contractor" in their CN. I think I have to loop through the array $aUserObjects and search for this and I might not be able to by using _AD_GetObjectsInOU, is that correct? $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(cn=*contractor*)(cn=*consultant*))))", 2, "sAMAccountName,accountExpires,Name)

Hi I have a script that was piecemealed together and is working but I know it can be better. I'm looking for some help on improving it while helping add one additional functionality to it. This script will check all user objects in AD that are none-FTE (contractors/consultants) and check if they have NO expire date, send this to an array, convert the array to a string and email the results. This is working but the email is not formatted in a nice way like I would prefer. The added functionality that I would like to add is to check if these accounts do have a expire date GREATER than 30 days and if so then add them to the array and email also in the same report. I'm also going to implement this UDF so I can email the list to more than one user: #include <AD.au3> #include <AD.au3> #include <File.au3> #include <Inet.au3> #include <Date.au3> Global $logFile = @ScriptDir & "\non-FTE out of compliance log.log", $hFile = FileOpen($logFile, 1) _GetUsers() Func _GetUsers() _FileWriteLog($hFile, "Started") _AD_Open() If @error Then Exit _FileWriteLog($hFile, "Active Directory Error. Function _AD_Open encountered a problem. Error: " & @error & " extended error: " & @extended) ; Search all of AD for contractors and exclude _DT accounts. $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*))))", 2, "sAMAccountName,accountExpires,Name") For $i = 0 To UBound($aUserObjects) -1 If IsObj($aUserObjects[$i][1]) Then $aUserObjects[$i][1] = _GetADDateTime($aUserObjects[$i][1], 1) Next ;Debug ;_ArrayDisplay($aUserObjects, "All contractors") Local $NewArray[1][2] For $x = 0 to UBound($aUserObjects) -1 If $aUserObjects[$x][1] = 0 Then _ArrayAdd($NewArray, $aUserObjects[$x][0]) _ArrayAdd($NewArray, $aUserObjects[$x][2]) EndIf Next ;Debug ;_ArrayDisplay($NewArray) _AD_Close() ;Convert array to string so I can email Global $BadUsers = _ArrayToString($NewArray, " ") ;Email list of out of compliance users _SendEmail($BadUsers) EndFunc ;==>_GetUsers Func _GetADDateTime($_oADObject, $_iFlag = 0) Local $sAD_DTStruct, $sTemp3 If $_iFlag = 1 Then If $_oADObject.LowPart = -1 Then Return 0 If $_oADObject.LowPart > 0 And $_oADObject.HighPart > 0 Then $sAD_DTStruct = DllStructCreate("dword low;dword high") DllStructSetData($sAD_DTStruct, "Low", $_oADObject.LowPart) DllStructSetData($sAD_DTStruct, "High", $_oADObject.HighPart) $sAD_Temp = _Date_Time_FileTimeToSystemTime(DllStructGetPtr($sAD_DTStruct)) $sTemp3 = _Date_Time_SystemTimeToTzSpecificLocalTime(DllStructGetPtr($sAD_Temp)) Return _Date_Time_SystemTimeToDateTimeStr($sTemp3, 1) EndIf EndIf ; Convert IADsLargeInteger parts to 100ns count $iLowPart = $_oADObject.LowPart $iHighPart = $_oADObject.HighPart If $iLowPart < 0 Then $iHighPart += 1; Compensate for IADsLargeInteger interface error $iDateParts= $iHighPart * 2 ^ 32 $iDateParts+= $iLowPart ; Check if user ever logged in If $iDateParts= 0 Then Return "n/a" Else ; Convert 100ns count to integer seconds $iSeconds = Floor($iDateParts/ 10000000) ; Convert seconds since 12:00AM January 01, 1601 to date string $sDateTime = _DateAdd("S", $iSeconds, "1601/01/01 00:00:00") ; Display result Return $sDateTime EndIf EndFunc Func _SendEmail($List) Local $s_SmtpServer = "removed" Local $s_FromName = "removed" Local $s_FromAddress = "removed" Local $s_ToAddress = "removed" Local $s_Subject = "test report" Local $as_Body[3] $as_Body[0] = "Here is a list of contractor out of compliance." $as_Body[1] = $List $as_Body[2] = @CRLF & @CRLF & @CRLF & @CRLF & @CRLF & @CRLF & "Report created on: " & _NowDate() & " " & _NowTime() & " " & "on server: " & @ComputerName Local $iResponse = _INetSmtpMail($s_SmtpServer, $s_FromName, $s_FromAddress, $s_ToAddress, $s_Subject, $as_Body) Local $iErr = @error If $iResponse = 1 Then _FileWriteLog($hFile, "List: " & $List) _FileWriteLog($hFile, "Mail sent") Else _FileWriteLog($hFile, "Error! " & "Mail failed with error code " & @error & "extended error: " & @extended) EndIf EndFunc