Jump to content

Recommended Posts

Posted (edited)

  • _AD_Open()

    uses the credentials of the currently logged on user

  • _AD_Open($sAD_UserIdParam, $sAD_PasswordParam)

    uses the specified credentials to connect to the domain the computer is a member of

  • _AD_Open("", "", $sAD_DNSDomainParam, $sAD_HostServerParam, $sAD_ConfigurationParam)

    uses the credentials of the currently logged on user to connect to the specified domain server. Necessary when the computer is not a member of a domain or if you want to connect to another domain or just want to connect to a specific domain server in the current domain

  • _AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam, $sAD_ConfigurationParam)

    uses the specified credentials to connect to the specified domain (server)

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

  • _AD_Open()

    uses the credentials of the currently logged on user

  • _AD_Open($sAD_UserIdParam, $sAD_PasswordParam)

    uses the specified credentials to connect to the domain the computer is a member of

  • _AD_Open("", "", $sAD_DNSDomainParam, $sAD_HostServerParam, $sAD_ConfigurationParam)

    uses the credentials of the currently logged on user to connect to the specified domain server. Necessary when the computer is not a member of a domain or if you want to connect to another domain or just want to connect to a specific domain server in the current domain

  • _AD_Open($sAD_UserIdParam, $sAD_PasswordParam, $sAD_DNSDomainParam, $sAD_HostServerParam, $sAD_ConfigurationParam)

    uses the specified credentials to connect to the specified domain (server)

Sorry, maybe I've written the question not correctly.

Can I use something like this?:

_AD_Open()
RunAs ($sAD_UserId, @LogonDomain, $sAD_Password, flag, "\\ip-adress\share\file.exe")
_AD_Close()

How can I assign current userId and password to RunAs using AD UDF.

Posted

How can I assign current userId and password to RunAs using AD UDF.

You can't. The AD UDF doesn't set any variables with userid and/or password.

If you want to connect to AD with different credentials you have to pass them to _AD_Open.

But why do you want to use runas when you use the credentials of the current user? I would suggest to use run in this case.

If you need to use the credentials of another user you have to pass them to _AD_Open AND runas.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

You can't. The AD UDF doesn't set any variables with userid and/or password.

If you want to connect to AD with different credentials you have to pass them to _AD_Open.

But why do you want to use runas when you use the credentials of the current user? I would suggest to use run in this case.

If you need to use the credentials of another user you have to pass them to _AD_Open AND runas.

Ranas was just an example.

I have the program which connects to bugtracking system with same credentials as in AD.

So it will be comfortable to use current credentials.

Posted

I see.

It would be a security hole if you could extract the password of the logged in user.

The problem you describe is the problem of each single-signon-solution. The started solution has to be able to check permissions of the user (either current user or passed credentials).

I fear that the AD UDF can't help in this case.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

I see.

It would be a security hole if you could extract the password of the logged in user.

The problem you describe is the problem of each single-signon-solution. The started solution has to be able to check permissions of the user (either current user or passed credentials).

I fear that the AD UDF can't help in this case.

Ok. Thanks a lot for information.
Posted (edited)

About the connexion, still for specific purpose I've modified a little bit the _AD_Open function.

I sometime connect to a server without knowing his AD name .. so here is the modification (not much) :

If $sAD_DNSDomainParam <> "" Then
        If $sAD_HostServerParam = "" Or $sAD_ConfigurationParam = "" Then Return SetError(6, 0, 0)
        $oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServerParam & "/RootDSE")
        If Not IsObj($oAD_RootDSE) Or @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $sAD_DNSDomainParam
        $sAD_HostServer = $sAD_HostServerParam
        $sAD_Configuration = $sAD_ConfigurationParam
    ElseIf $sAD_HostServerParam <> "" Then                      ;=> added to allow connexion with no AD Name
        $oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServerParam & "/RootDSE")
        If Not  IsObj($oAD_RootDSE) Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $oAD_RootDSE.Get("defaultNamingContext")
        $sAD_HostServer = $sAD_HostServerParam
        $sAD_Configuration = $oAD_RootDSE.Get("ConfigurationNamingContext")         
    Else        
        $oAD_RootDSE = ObjGet("LDAP://RootDSE")
        If Not IsObj($oAD_RootDSE) Or @error <> 0 Then Return SetError(4, @error, 0)
        $sAD_DNSDomain = $oAD_RootDSE.Get("defaultNamingContext") ; Retrieve the current AD domain name
        $sAD_HostServer = $oAD_RootDSE.Get("dnsHostName") ; Retrieve the name of the connected DC
        $sAD_Configuration = $oAD_RootDSE.Get("ConfigurationNamingContext") ; Retrieve the Configuration naming context
        $oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServer & "/RootDSE") ; To guarantee a persistant binding
    EndIf
Edited by Suba
Posted

Hi Suba,

thanks for the code. I will have a look at it over the weekend.

Does it make sense to include this code in the UDF?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

It's just a minor modification of _AD_Open , I'll let you judge :)

In my case, yes : it's a lot easier to open a connexion with only the DC name, but I dunno if other ppl will use it like this.

Edited by Suba
  • 2 weeks later...
Posted

Hi Water.

Could you please help me to implement Exchange Hide From Address Lists through your udf:

VBS:

Const ADS_PROPERTY_UPDATE = 2 

cn_string = inputbox("Please enter users CN ex. cn=username,ou=OU_Names,dc=Domain,dc=Tld")
sLDAP = "LDAP://" & cn_string
'Write user properties
Set objGroup = GetObject(sLDAP) 
 
objGroup.Put "msExchHideFromAddressLists", "TRUE"

objGroup.SetInfo

wscript.echo "done"
Posted

I am on vacation amd will reply next week.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

Use function _AD_ModifyAttribute like this:

$sCN = InputBox ("title", "Please enter users CN ex. cn=username,ou=OU_Names,dc=Domain,dc=Tld")
$iRC = _AD_ModifyAttribute($sCN, "msExchHideFromAddressLists", True)
if @error <> 0 Then Exit MsgBox(16, "Example Script", "Error " & @error & " when setting attribute msExchHideFromAddressLists")

BTW: The function allows to pass the FQDN or the samaccountname of a user.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

Thanks,

with FQDN it works better

Global $sFQDN = _AD_SamAccountNameToFQDN(@UserName)
$iRC = _AD_ModifyAttribute($sFQDN, "msExchHideFromAddressLists", True)

Just one question else:

Can I delete all groups from Member Of Tab?

Something like this:

_AD_RemoveUserFromGroup(*, $sAD_User)
Edited by HaeMHuK
Posted (edited)

with FQDN it works better

Doesn't make any difference.

If the parameter doesn't contain a "=" (and therefore is a samaccountname) the parameter is atuomatically translated to FQDN by calling _AD_SamAccountNameToFQDN internally.

Can I delete all groups from Member Of Tab?

Something like this:

_AD_RemoveUserFromGroup(*, $sAD_User)
No, you have to specify a group from which the user will be removed.

So you'll have to use a two-step-approach:

  • Get all groups where the users is a member of using _AD_GetUserGroups
  • Loop through the resulting array and call _AD_RemoveUserFromGroup for each group
Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

Doesn't make any difference.

If the parameter doesn't contain a "=" (and therefore is a samaccountname) the parameter is atuomatically translated to FQDN by calling _AD_SamAccountNameToFQDN internally.

No, you have to specify a group from which the user will be removed.

So you'll have to use a two-step-approach:

  • Get all groups where the users is a member of using _AD_GetUserGroups
  • Loop through the resulting array and call _AD_RemoveUserFromGroup for each group
OK, thank you very much.
Posted

Right now I'm working on the I've started to place additional information (tips & tricks etc.) in the Wiki.

What do you think - is this something you would like to see for the AD UDF as well?

If yes, what kind of information do you want to see?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

Hi again!

It seems there are problems with _AD_DeleteObject

error code 80072032, "An invalid dn

syntax has been specified".

It doesn't work with PCs

Works only this string with user:

CN=Name Surname,OU=xxxxxx,DC=domain,DC=com

Edited by HaeMHuK
Posted (edited)

To delete a computer you either have to use

_AD_DeleteObject(<samaccountname>, "computer")
or

_AD_DeleteObject(<FQDN>, "computer")

Keep in mind that the samaccountname for a computer is the computername plus an appended dollar sign.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

To delete a computer you either have to use

_AD_DeleteObject(<samaccountname>, "computer")
or

_AD_DeleteObject(<FQDN>, "computer")

Keep in mind that the samaccountname for a computer is the computername plus an appended dollar sign.

Thanks, now it works. Why _AD_GetObjectClass(_AD_FQDNToSamAccountName($sObject)) doesn't work?
Guest
This topic is now closed to further replies.
×
×
  • Create New...