Jump to content

Recommended Posts

Posted

You can pass the property to return to _AD_GetObjectProperties as well. The property seems to be encoded and only _AD_GetObjectProperties does the decoding for you.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted
22 hours ago, Lazegalli said:

I want to read the Value of the AD Attribute "ms-Mcs-AdmPwd" with the Function "_AD_GetObjectAttribute()". Sadly I always get an empty Value, although the Attribute is filled and @error is zero. If I call the Function "_AD_GetObjectProperties()" to get all Attributes, the Values are shown properly.

Hi @Lazegalli, It just so happens I created some functions for my script that you may find helpful.

It gets the Local Admin Password and checks the expiration time. Everything outputs to the console. Feel free to use/modify to your liking.

#include <AD.au3>
#include <Array.au3>
#include <Date.au3>

Global $g_iAdminTime
Global $g_sAdminPwd

_Get_Local_Admin()

Func _Get_Local_Admin()
    Local $aProperties, $aType[4] = ["3", "h", "n", "s"]
    Local $iDateCalc, $iAdminTime

    If @UserName = "Administrator" Then Return False

    _AD_Open()
    If @error Then
        _ArrayDisplay(_AD_GetLastADSIError(), "Error: _AD_Open", Default, 32)
    Else
        $aProperties = _AD_GetObjectProperties(@ComputerName & "$", "ms-Mcs-AdmPwd,ms-Mcs-AdmPwdExpirationTime")
        If Not @error Then
            $g_sAdminPwd = $aProperties[1][1]
            $g_iAdminTime = _Epoch2Date($aProperties[2][1])
            $iAdminTime = _SwapDate($g_iAdminTime)
            ConsoleWrite(@ComputerName & "\Administrator" & @CRLF & $g_sAdminPwd & @CRLF & @CRLF)

            For $i = 1 To $aType[0]
                $iDateCalc = _DateDiff($aType[$i], _NowCalcDate() & " " & _NowTime(5), $iAdminTime)
                ConsoleWrite("Type: " & $aType[$i] & @CRLF & "_NowCalcDate: " & _NowCalcDate() & " " & _NowTime(5) & @CRLF & "$iAdminTime:  " & _
                    $iAdminTime & @CRLF & "$g_iAdminTime: " & $g_iAdminTime & @CRLF)
                If Not @error Then
                    Switch $iDateCalc
                        Case 0
                            If $i <> $aType[0] Then
                                ContinueLoop
                            Else
                                ExitLoop
                            EndIf
                        Case Else
                            ConsoleWrite("Time Left: " & $iDateCalc & " " & $aType[$i] & @CRLF & "$g_iAdminTime: " & $g_iAdminTime & @CRLF)
                            ExitLoop
                    EndSwitch
                Else
                    ConsoleWrite("_DateDiff Error:" & @error & @CRLF)
                    ExitLoop
                EndIf
            Next
        Else
            ;|1 - $vObject could not be found
            ;|2 - No values for the specified property. The property in error is returned as the function result
            ;|3 - Error retrieving $vObject. @Extended is set to the error returned by LDAP
            ConsoleWrite("_AD_GetObjectProperties() Error: " & @error & @CRLF)
        EndIf
    EndIf
    _AD_Close()
EndFunc   ;==>__Get_Local_Admin

Func _SwapDate($iTime)
    Local $aMyDate, $aMyTime

    $iTime = StringStripWS($iTime, 2)
    Local $sAMPM = StringRight($iTime, 2)
    _DateTimeSplit($iTime, $aMyDate, $aMyTime)

    If $sAMPM = "PM" Then
        $aMyTime[1] += 12
    ElseIf $sAMPM = "AM" Then
        $aMyTime[1] = "0" & $aMyTime[1]
    EndIf

    For $i = 1 To $aMyDate[0]
        If StringLen($aMyDate[$i]) = 1 Then $aMyDate[$i] = "0" & $aMyDate[$i]
    Next

    For $i = 1 To $aMyTime[0]
        If StringLen($aMyTime[$i]) = 1 Then $aMyTime[$i] = "0" & $aMyTime[$i]
    Next

    Local $sMyTime = $aMyDate[3] & "/" & $aMyDate[1] & "/" & $aMyDate[2] & " " & $aMyTime[1] & ":" & $aMyTime[2] & ":" & $aMyTime[3]
    Return $sMyTime
EndFunc   ;==>SwapDate

Func _Epoch2Date($iTime)
    Local $sOutput = ""
    Local $iPID = Run(@ComSpec & " /c " & "w32tm.exe /ntte " & $iTime, "", @SW_HIDE, 2)
    While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then ExitLoop
    WEnd
    $sOutput = StringSplit($sOutput, " - ", 2 + 1)
    Return $sOutput[1]
EndFunc   ;==>Epoch2Date

 

_Get_Local_Admin.au3

Posted

:)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

@water:

I've changed the case "$ADSTYPE_LARGE_INTEGER" in Function "_AD_GetObjectProperties()" and added $sPropertyName = "ms-Mcs-AdmPwdExpirationTime" so I'll get a readable Date Format. Maybe this could be a general improvement for the next version.

 

@ Surf243 :

Your Function _Epoch2Date is good, but way too slow if you'll execute it on thousends of AD Objects! Additionally it ends in an infinite loop sometimes.

Edited by Lazegalli
Posted

Done ;)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

I referred to Lazegalli's request to add "ms-Mcs-AdmPwdExpirationTime" to _AD_GetObjectProperties.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

  • 3 weeks later...
Posted (edited)

@All

For Migration issue i needed a  function which shows the SID friendly name

_AD_GetObjectAttribute($object, "objectSID")
returns a value like this: 0x01020000000000052000000022020000

"Friendly Name" would be like this "S-1-5-32-546"

Maybe someone helps this...

#cs ----------------------------------------------------------------------------
    AutoIt Version: 3.3.14.2
    Author:         Martin Koeberle
    Script Function: Example for _AD_GetObjectSID
#ce ----------------------------------------------------------------------------

#include <AD.au3>

Local $iObject, $l_SID

_AD_Open()

$iObject = InputBox("AD Object", "Login / Groupname", "", "", 170, 130)

If $iObject = "" Then Exit

$l_SID = _AD_GetObjectSID($iObject)

If $l_SID <> "" Then
    MsgBox(64, "SID of " & $iObject, $l_SID)
    ClipPut($l_SID)
Else
    MsgBox(16, "Error", "Function _AD_GetObjectSID encountered a problem. @error = " & @error & ", @extended = " & @extended)
EndIf

_AD_Close()

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_GetObjectSID
; Description ...: Returns SID friendly name of a object
; Syntax.........: _AD_GetObjectSID($sObject)
; Parameters ....: $sObject - sAMAccountName or FQDN of the object the SID attribute should be retrieved from
; Return values .: Success - friendly name of SID
;                  Failure - "", sets @error to:
;                  |x - @error as set by function _AD_GetObjectAttribute
; Author ........: Martin Koeberle
; Remarks .......: Returns a SID like "S-1-5-32-546"
; ===============================================================================================================================

Func _AD_GetObjectSID($sObject)

    Local $l_SID_Hex, $l_SID, $l_No_of_groups
    Local $i, $j, $l_pos, $l_tmp

    $l_SID_Hex = _AD_GetObjectAttribute($sObject, "objectSID")
    If @error Then Return SetError(@error, @extended, "")
    ;Returns a Value like...
    ;0x0105000000000005150000003181E19BFC7F51A41EC4559907050000
    ;0x01020000000000052000000022020000

    $l_SID = "S-"

    ;Version
    $l_tmp = StringMid($l_SID_Hex, 03, 2)

    $l_SID &= Dec($l_tmp) & "-"

    ;Number of groups
    $l_tmp = StringMid($l_SID_Hex, 05, 2)
    $l_No_of_groups = Dec($l_tmp)

    ;Constante Big-Endian (6 Bytes A 2 Hexdigits from left to right)
    $l_pos = 7
    $l_tmp = StringMid($l_SID_Hex, $l_pos, 12)
    $l_SID &= Dec($l_tmp, 2) & "-"
    $l_pos = $l_pos + 12

    ;Get Groups Little Endian (4 Bytes from right to left)
    For $i = 1 To $l_No_of_groups
        $l_tmp = ""
        ;Next 4 Bytes
        For $j = 1 To 4
            $l_tmp = StringMid($l_SID_Hex, $l_pos, 2) & $l_tmp
            $l_pos = $l_pos + 2
        Next
        $l_SID &= Dec($l_tmp, 2)
        If $i < $l_No_of_groups Then $l_SID &= "-"
    Next

    Return ($l_SID)
EndFunc   ;==>_AD_GetObjectSID

 

Edited by mko
improvement
Posted

Function _AD_GetObjectProperties already returns the friendly name ;)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

I'm sure you've learned a lot about the internals of Active Directory ;)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

When running the script, is there a way to check from a normal domain user to make a check on itself (the current logged in user) if it's

domain administrator or not? 

 

Let's say I'm just a normal domain user, and i run the script, it will popup saying: Your not a domain admin.

 

I know i can just check if the user is a member of a specific group, but that's not an option, as it's a tool i want to use in multiple AD's without knowing the group name

Edited by legend
Posted

Sure:

$iResult = _AD_IsMemberOf("Domain Admins", "Your User name to check")

$iResult:

Success - 1, Specified object (user, group, computer) is a member of the specified group
Failure - 0, @error set
0 - $sObject is not a member of $sGroup
1 - $sGroup does not exist
2 - $sObject does not exist

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

  • 2 weeks later...
Posted (edited)

Is it just me or does _AD_GetObjectAttribute only works for user objects and not for machine objects?

_AD_GetObjectAttribute($machine_name, "extensionAttribute2")

but a user works fine: 

_AD_GetObjectAttribute($username, "extensionAttribute2")

 

Edited by legend
Posted

Did you add a "$" at the end of the machine object?
To get information about your computer you need to use:

#include <AD.au3>
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)
Global $sResult = _AD_GetObjectAttribute(@Computername & "$", "extensionAttribute2")
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_GetObjectAttribute encountered a problem. @error = " & @error & ", @extended = " & @extended)
MsgBox(16, "Active Directory Example Skript", "Value is: " & $sResult)

 

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted
1 hour ago, water said:

Did you add a "$" at the end of the machine object?
To get information about your computer you need to use:

#include <AD.au3>
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)
Global $sResult = _AD_GetObjectAttribute(@Computername & "$", "extensionAttribute2")
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_GetObjectAttribute encountered a problem. @error = " & @error & ", @extended = " & @extended)
MsgBox(16, "Active Directory Example Skript", "Value is: " & $sResult)

 

thank's :) that solved it

Posted

Such details can be found in the wiki ;)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

As the Active Directory UDF thread has grown too big, I start a new one.
The new thread can be found here.

 

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Guest
This topic is now closed to further replies.
×
×
  • Create New...