Jump to content

Recommended Posts

Posted

Only _AD_GetObjectProperties translate internal formats.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

_AD_GetObjectAttribute handles a lot of different data types.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

What is the easiest way to see if a password can't be changed for a specific user? I was looking and I found something about useraccountcontrol but I'm not sure if that is actually what I need.

Posted

How about this:

#include <AD.au3>

_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

Global Const $PASSWD_CANT_CHANGE = 64
$aProperties = _AD_GetObjectProperties(@UserName, "UserAccountControl")
If BitAND($aProperties[1][1], $PASSWD_CANT_CHANGE) = $PASSWD_CANT_CHANGE Then
    MsgBox(0, "Result", "User can't change password!")
EndIf
_AD_Close()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

it's strange... I checked an account that has the "password can't change" setting but when I run the function it returns 66048 which doesn't include $PASSWD_CANT_CHANGE

Posted

When running _AD_GetObjectProperties for this account you should get

"66048 - DontExpire Password, Normal Account" in field "UserAccountControl"

for this user.

You could unset "password can't change" for this user. Run _AD_GetObjectProperties and export the displayed array to a file.

Then set "password can't change" and do the same to another file.

Compare the file and we will see the difference.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

So the last script should answer your question.

translating it to AutoIt should be easy.

Have you already tried?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

i don't get the script at all :-s

also i don't need to change it, only read it so i can show that it is enabled or disabled

autoit is is like one of the only scripting languages that I know. translating other code to autoit sounds like chinese to me

I was happy that I was able to call a cmd prompt and run a command in it from within an autoit script

Edited by colombeen
Posted

How about this?

#include <ad.au3>
_AD_Open()
Global $iUserCantChangePWD = _AD_UserRights()
MsgBox(0, "Info", "User can't change password: " & $iUserCantChangePWD)
_AD_Close()

Func _AD_UserRights($sUser = @UserName)
    Const $CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
    If _AD_ObjectExists($sUser) = 0 Then Return SetError(1, 0, 0)
    If StringMid($sUser, 3, 1) <> "=" Then $sUser = _AD_SamAccountNameToFQDN($sUser) ; sAMAccountName provided
    Local $oUser = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sUser)
    If IsObj($oUser) Then
        Local $oSecurity = $oUser.Get("ntSecurityDescriptor")
        Local $oDACL = $oSecurity.DiscretionaryAcl
        For $oACE In $oDACL
            If (($oAce.AceType = $ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
                    (StringLower($oAce.ObjectType) = $CHANGE_PASSWORD_GUID)) Then
                Return 1
            EndIf
        Next
    EndIf
    Return 0

EndFunc   ;==>_AD_UserRights

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

I'll give it a try :)

thx water

EDIT : when I run the function, it always returns 1

water, do you have any idea why this happens?

Edited by colombeen
Posted (edited)

I found : http://msdn.microsoft.com/en-us/library/aa746448(v=vs.85).aspx

I was able to translate the function to this (in combination with the other function water translated into autoit) :

#include <AD.au3>
Func _AD_IsPasswordChangeDisabled ($sUser = @UserName)
    Const $CHANGE_PASSWORD_GUID     =   "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
    Local $iEveryone, $iSelf        =   0

    If _AD_ObjectExists($sUser) = 0 Then Return SetError(1, 0, 0)

    If StringMid($sUser, 3, 1) <> "=" Then $sUser = _AD_SamAccountNameToFQDN($sUser) ; sAMAccountName provided

    Local $oUser            =   __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sUser)

    If IsObj($oUser) Then
        Local $oSecurity    =   $oUser.Get("ntSecurityDescriptor")
        Local $oDACL        =   $oSecurity.DiscretionaryAcl

        For $oACE In $oDACL
            If StringUpper ($oACE.ObjectType) = StringUpper ($CHANGE_PASSWORD_GUID) Then
                If $oACE.Trustee = "Everyone" And $oACE.AceType = $ADS_ACETYPE_ACCESS_DENIED_OBJECT Then
                    Local $iEveryone=   1
                EndIf
                If $oACE.Trustee = "NT AUTHORITY\SELF" And $oACE.AceType = $ADS_ACETYPE_ACCESS_DENIED_OBJECT Then
                    Local $iSelf    =   1
                EndIf
            EndIf
        Next
    EndIf

    If $iEveryone = 1 And $iSelf = 1 Then Return 1
    Return 0
EndFunc   ;==>_AD_IsPasswordChangeDisabled

It seems to work. Anyone who can try this out too?

@water ??

Edited by colombeen
Posted

I will check next week. But I'm not sure I have users that can not change their passwords.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

I tried for my user and it returns 0 (as expected). Unfortunately I couldn't find any user that can not change their passwords.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

i have a strange problem. in some cases I get an error 4 with the extendederror -2147024843 when running _AD_Open ()

sometimes it happens on 1 machine with a specific account but on another machine it works normally (with the same account).

on the machine that throws the error, it does work for a different user.

is there a way to fix this error?

Edited by colombeen
Posted

I had a similar problem when the compiled script was started from a non trusted location.

Copy the exe to another drive and try again.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

IIRC it is a security pilocy setting to only allow programs to be executed from defined "secure" locations.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Guest
This topic is now closed to further replies.
×
×
  • Create New...