Jump to content

Active Directory UDF


water
 Share

Recommended Posts

Only _AD_GetObjectProperties translate internal formats.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

_AD_GetObjectAttribute handles a lot of different data types.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

How about this:

#include <AD.au3>

_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

Global Const $PASSWD_CANT_CHANGE = 64
$aProperties = _AD_GetObjectProperties(@UserName, "UserAccountControl")
If BitAND($aProperties[1][1], $PASSWD_CANT_CHANGE) = $PASSWD_CANT_CHANGE Then
    MsgBox(0, "Result", "User can't change password!")
EndIf
_AD_Close()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

When running _AD_GetObjectProperties for this account you should get

"66048 - DontExpire Password, Normal Account" in field "UserAccountControl"

for this user.

You could unset "password can't change" for this user. Run _AD_GetObjectProperties and export the displayed array to a file.

Then set "password can't change" and do the same to another file.

Compare the file and we will see the difference.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

It returns exactly the same result... I don't get it :-s

EDIT :

found on a forum that it is extracted from the ntsecuritydescriptor.

NT AUTHORITYSELF gets a deny on "change password"

...

pffff :(

found this page now : http://www.activexperts.com/network-monitor/windowsmanagement/scripts/activedirectory/user/passwords/#PreventUsersChanging.htm

Edited by colombeen
Link to comment
Share on other sites

So the last script should answer your question.

translating it to AutoIt should be easy.

Have you already tried?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

i don't get the script at all :-s

also i don't need to change it, only read it so i can show that it is enabled or disabled

autoit is is like one of the only scripting languages that I know. translating other code to autoit sounds like chinese to me

I was happy that I was able to call a cmd prompt and run a command in it from within an autoit script

Edited by colombeen
Link to comment
Share on other sites

How about this?

#include <ad.au3>
_AD_Open()
Global $iUserCantChangePWD = _AD_UserRights()
MsgBox(0, "Info", "User can't change password: " & $iUserCantChangePWD)
_AD_Close()

Func _AD_UserRights($sUser = @UserName)
    Const $CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
    If _AD_ObjectExists($sUser) = 0 Then Return SetError(1, 0, 0)
    If StringMid($sUser, 3, 1) <> "=" Then $sUser = _AD_SamAccountNameToFQDN($sUser) ; sAMAccountName provided
    Local $oUser = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sUser)
    If IsObj($oUser) Then
        Local $oSecurity = $oUser.Get("ntSecurityDescriptor")
        Local $oDACL = $oSecurity.DiscretionaryAcl
        For $oACE In $oDACL
            If (($oAce.AceType = $ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
                    (StringLower($oAce.ObjectType) = $CHANGE_PASSWORD_GUID)) Then
                Return 1
            EndIf
        Next
    EndIf
    Return 0

EndFunc   ;==>_AD_UserRights

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I found : http://msdn.microsoft.com/en-us/library/aa746448(v=vs.85).aspx

I was able to translate the function to this (in combination with the other function water translated into autoit) :

#include <AD.au3>
Func _AD_IsPasswordChangeDisabled ($sUser = @UserName)
    Const $CHANGE_PASSWORD_GUID     =   "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
    Local $iEveryone, $iSelf        =   0

    If _AD_ObjectExists($sUser) = 0 Then Return SetError(1, 0, 0)

    If StringMid($sUser, 3, 1) <> "=" Then $sUser = _AD_SamAccountNameToFQDN($sUser) ; sAMAccountName provided

    Local $oUser            =   __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sUser)

    If IsObj($oUser) Then
        Local $oSecurity    =   $oUser.Get("ntSecurityDescriptor")
        Local $oDACL        =   $oSecurity.DiscretionaryAcl

        For $oACE In $oDACL
            If StringUpper ($oACE.ObjectType) = StringUpper ($CHANGE_PASSWORD_GUID) Then
                If $oACE.Trustee = "Everyone" And $oACE.AceType = $ADS_ACETYPE_ACCESS_DENIED_OBJECT Then
                    Local $iEveryone=   1
                EndIf
                If $oACE.Trustee = "NT AUTHORITY\SELF" And $oACE.AceType = $ADS_ACETYPE_ACCESS_DENIED_OBJECT Then
                    Local $iSelf    =   1
                EndIf
            EndIf
        Next
    EndIf

    If $iEveryone = 1 And $iSelf = 1 Then Return 1
    Return 0
EndFunc   ;==>_AD_IsPasswordChangeDisabled

It seems to work. Anyone who can try this out too?

@water ??

Edited by colombeen
Link to comment
Share on other sites

I will check next week. But I'm not sure I have users that can not change their passwords.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I tried for my user and it returns 0 (as expected). Unfortunately I couldn't find any user that can not change their passwords.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

i have a strange problem. in some cases I get an error 4 with the extendederror -2147024843 when running _AD_Open ()

sometimes it happens on 1 machine with a specific account but on another machine it works normally (with the same account).

on the machine that throws the error, it does work for a different user.

is there a way to fix this error?

Edited by colombeen
Link to comment
Share on other sites

I had a similar problem when the compiled script was started from a non trusted location.

Copy the exe to another drive and try again.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

IIRC it is a security pilocy setting to only allow programs to be executed from defined "secure" locations.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...