Active Directory UDF

[water]

Hi supersonic,

this changed version of function _ADGetUserGroups should work fine:

Func _AD_GetUserGroups($sAD_User = @UserName, $fAD_IncludePrimaryGroup = 0)

    If _AD_ObjectExists($sAD_User) = 0 Then Return SetError(1, 0, "")
    Local $sAD_Property = "sAMAccountName"
    If StringMid($sAD_User, 3, 1) = "=" Then $sAD_Property = "distinguishedName" ; FQDN provided
    $oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(" & $sAD_Property & "=" & $sAD_User & ");ADsPath;subtree"
    Local $oAD_RecordSet = $oAD_Command.Execute ; Retrieve the FQDN for the logged on user
    Local $sAD_LDAPEntry = $oAD_RecordSet.fields(0).value
    Local $oAD_Object = _AD_ObjGet($sAD_LDAPEntry) ; Retrieve the COM Object for the logged on user
    Local $aAD_Groups = $oAD_Object.GetEx("memberof")
    If IsArray($aAD_Groups) Then
        If $fAD_IncludePrimaryGroup Then _ArrayAdd($aAD_Groups, _AD_GetUserPrimaryGroup($sAD_User))
        _ArrayInsert($aAD_Groups, 0, UBound($aAD_Groups))
    Else
        Local $aAD_Groups[1] = [0]
        If $fAD_IncludePrimaryGroup Then _ArrayAdd($aAD_Groups, _AD_GetUserPrimaryGroup($sAD_User))
        $aAD_Groups[0] = UBound($aAD_Groups) - 1
    Endif
    Return $aAD_Groups

EndFunc   ;==>_AD_GetUserGroups

[supersonic]

Hi water,

thank you, works fine.

Greets,

-supersonic.

[water]

Great, will be included in the next version.

[darkleton]

If I create a user, the cn and name attributes are automatically set to, for example, JBloggs despite me putting that they should be a full name.

If $name = "Joe Bloggs"

This works

_AD_ModifyAttribute($username, "displayName", $name)

While these two don't. Is there something I'm missing?

_AD_ModifyAttribute($username, "name", $name)

_AD_ModifyAttribute($username, "cn", $name)

[water]

"cn" can't be modified by _AD_ModifyAttribute because it's part of the FQDN. To change it you have to use _AD_RenameObject.

I'm not 100% sure but I think this is true for name as well because this is set when creating the object.

[darkleton]

"cn" can't be modified by _AD_ModifyAttribute because it's part of the FQDN. To change it you have to use _AD_RenameObject.

I'm not 100% sure but I think this is true for name as well because this is set when creating the object.

aha that would explain it. my apologies for not reading through the other options.

Thanks so much

[darkleton]

hi water, me again, sorry!

i've just read through some previous replies, is it still the case that the _ad_createmailbox won't work with exchange 2007/2010 even if i have the exchange management tools installed? i just wanted to double check before I spend time troubleshooting.

thanks

[water]

Nothing has changed - and I fear nothing will be changed by M$. They removed the CDO way to create a mailbox. As far as I understand it Powershell is the way to go.

The remarks in function _AD_CreateLaibox are still true. Please check this

[darkleton]

not a problem, thanks for the update

[darkleton]

sorry, me again!!!

i'm trying to get a little tool to select an OU. I want it to display the AD structure and you select an OU and it will copy to notepad (or wherever) the full ou you have selected.

I have this code from an old script i found that someone had done that will display all the structure as i want, but in doing so it strips the full OU down to just the name. is there a way of having this sort of display, but when you click the > button it will display for example OU=Test,OU=BigTest,DC=Test,DC=Com rather than just "Test"

expandcollapse popup

#include <ad.au3>
#include <GuiListBox.au3>
#include <ListBoxConstants.au3>
#Include <GUIConstants.au3>
#Include <GuiListView.au3>
#include <WindowsConstants.au3>
#include <Constants.au3>
#Include <GuiTreeView.au3>
#include <GUIConstantsEx.au3>
#include <array.au3>

Dim $listmenu, $treemenu, $listselect, $ou
Const $ouIdentifier = "OU="
Const $cnIdentifier = "CN="
Const $ouSeparator = "\"
Global $gui = GUICreate("OU Browser",400,600)
GUISetBkColor("0xA0A0A0")

UpdateTree()
GUISetState()

$checktree = GUICtrlRead ($treemenu)
While 1
    $msg = GUIGetMsg()
    Select
        Case $msg = $GUI_EVENT_CLOSE
            Exit
        Case $msg = $listselect
;;;;need command here to display the full ou path to the ou selected
    EndSelect

    If IsNumber (Number (GUICtrlRead ($treemenu))) And  GUICtrlRead ($treemenu) <> $checktree Then
        $checktree = GUICtrlRead ($treemenu)
        EndIf
    WEnd

    Func UpdateTree()
    Dim $allOUsArray
    _ad_open ()
    $arAllOU = _Ad_GetAllOUs ()
    _ad_close ()
    _ArrayDelete ($arAllOU, 0)
    Global $treemenu = GUICtrlCreateTreeView (5, 5, 300, 590, BitOR($GUI_SS_DEFAULT_TREEVIEW, $WS_BORDER), $WS_EX_CLIENTEDGE)
    Global $listselect = GUICtrlCreateButton(">",340,50,25)

    Dim $reversedAllOUsArray[1]
    For $i = 0 To UBound ($arAllOU, 1) - 1
        $reversedOU  = returnReversedOU($arAllOU [$i] [0])
        $arrayAddStatus = _ArrayAdd($reversedAllOUsArray, $reversedOU)
    Next
    $sortRevArrayStatus = _ArraySort($reversedAllOUsArray)
    Dim $treeIDArray[UBound($reversedAllOUsArray)*2]
    $adCurrentObjectNumber = 0
    For $i = 0 To UBound ($arAllOU) - 1

        $ou = returnReversedOU($arAllOU [$i] [0])

        $fullOU      = StringStripWS($ou, 3)
        $friendlyOU  = returnFriendlyName($fullOU)
        $parentFullOU   = returnParentOU($fullOU)
        $parentTreeID   = _ArraySearch($treeIDArray, $parentFullOU)

        If ( $parentTreeID <> "-1" ) Then
            $treeID = GUICtrlCreateTreeViewItem ($friendlyOU, $parentTreeID)
        Else
            $treeID = GUICtrlCreateTreeViewItem ($friendlyOU, $treemenu)
        EndIf

        $treeIDArray[$treeID] = $fullOU
        $adCurrentObjectNumber = $adCurrentObjectNumber + 1
    Next
EndFunc

Func returnReversedOU($ou)
    $subOUArray = StringSplit($ou, $ouSeparator)
    $reversedOU = ""
    For $i = (UBound($subOUArray) - 1 ) To 1 Step -1
        If $i = (UBound($subOUArray) -  1 ) Then
            $reversedOU = $reversedOU & $subOUArray[$i]
        Else
            $reversedOU = $reversedOU & $ouSeparator & $subOUArray[$i]
        EndIf
    Next
    return $reversedOU
EndFunc

Func returnFriendlyName($dn)
    return StringMid($dn, StringInStr($dn, "=")+1, StringInStr($dn, $ouSeparator)-(StringInStr($dn, "=")+1))
EndFunc

Func returnParentOU($fullOU)
    return StringRight($fullOU, ( StringLen($fullOU)-StringInStr($fullOU, $ouSeparator) ) )
EndFunc

[water]

Please have a look at the example scripts thread. I posted a new example (_AD_Example_GetOUTreeView) to display a TreeView of OUs. When the user selects an OU the OU name plus the FQDN are returned.

Edited September 13, 2011 by water

[darkleton]

you sir, have thought of just about everything haven't you

[water]

I do my very best

[cmacrun]

Has anyone experienced issues with _AD_Open when passing credentials, specifically a password that ends with a special characater such as @ or $? I've been using AD_Open as a means to test credentials that users are passing via gui interface. This works perfectly outside of those few folks who have a password like "mypassword@@@". Anyone willing to test this to see if they see the same issue? I must mention I am using version .41 of AD.au3 so it's possible this bug has been addressed with a more recent version and possibly already mentioned in one of the 27 pages of this post. I read through most of the pages, but didn't see anything mentioning this.

Thanks for any assistance!

[water]

I am not aware of any problems of the kind you describe.

In version 0.42 _AD_Open has changed a lot so I think it might be a good idea to test with the latest version.

Edited September 15, 2011 by water

[cmacrun]

I can build a test script with the latest version and see what happens.

[water]

That would be fine. When I'm at my office again tomorrow I can test if I see the same behaviour.

[water]

Do you use Kerberos?

It might be an encoding problem as described here.

Edited September 15, 2011 by water

[cmacrun]

Not certain on Kerberos, but the characters which I know are giving us issue, are included in the acceptable table in aforementioned kb:

Only characters that are identical in ASCII and ANSI are treated correctly. These characters have the same mapping in ANSI and ASCII:

!"#$%&'()*+,-./

0123456789:;<=>?

@ABCDEFGHIJKLMNO

PQRSTUVWXYZ[\]^

Still working to get a test script...should have something shortly.

[cmacrun]

Ok it appears to still fail in our lab using version 1.0 of ad.au3. I used the following credentials:

un: testcrazypassword

pw: password1@@@

I get the following returned from AD_Open:

ExitCode=0

@Error=8

@Extended=-2147352567 (if this matters)

Thanks!