Jump to content

Active Directory UDF - Help & Support


water
 Share

Recommended Posts

Hello there Waters, This is a awsome script I read through it and I wonder if there is a function which i can reach...

Is it possible to get the date when the password will expire on a user? or is that the Array key in the _AD_GetPasswordInfo #9 and #14?

Edited by scarboni
Link to comment
Share on other sites

Correct. Password expiration date/time can be found in element #9 and #11 (local time and UTC).

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Could you please run this test script with your data and post the result?

Global $sAD_Password = $first & $last &"1234"
ConsoleWrite(">>" & $sAD_Password & "<<" & @CRLF)
$iValue = _AD_SetPassword($username, $sAD_Password)
ConsoleWrite(">>SetPassword: " & $iValue & "--" & @error & @CRLF)

So we can check that the variable contains what we expect.

Unfortunately I will not be back at work to work on this until friday. But I have tested the value of iValue for the accounts created after the password is set, and this does, in fact, return a value of "1"...

Thanks for taking time and helping, either way!

Link to comment
Share on other sites

So if you get returncode 1 for EVERY password you set it is even more important to check that we set what we later need to enter as the password.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Im sorry im kinda new to using others script or my brain just had a blackout.

Lets make a simple example and see if i made it correct :graduated: I want to make a msg box with the info from the AD user.

#include <AD.au3>
 
$domain = "domain1"
$username = "user1"
$password = "passwd"
$fetchedUsername = "fromADUsername"
 
_AD_Open($domain&"\"&$username, $password)
 
$passwordExpireTime = _AD_GetPasswordInfo($fetchedUsername)
 
msgbox(0,"","Password expire time Local Time: "& $passwordExpireTime[9])
msgbox(0,"","Password expire time UTC: "& $passwordExpireTime[11])
 
_AD_Close()

And does

$ADUsers = _AD_GetGroupMemberOf("Users")
 
 
$maxUsers = $ADUser[0]

$maxUser result in the maximum amount of users in the users group by typing $ADUser[0]?

And while you look this through I wonder if there is a way to be able to get the date of 11 days befor the password expires. So lets say i get the user "Tony" and his passwordExpireTime = 2011-01-20 I would like to be able to get the date 11 days befor that which would result in 2011-01-09 and wonder how i convert the _Date_Time_SystemTimeToDateTimeStr or $sAD_Temp2 to be able to calculate 11 days ;) . If you didnt understand anything of that please tell...

Edited by scarboni
Link to comment
Share on other sites

You can try to connect to the AD without using credentials. Just use "_AD_Open()". Here everybody has full read access to the AD.

To subtract 11 days use the following code:

#Include <Date.au3>
$Result = _DateAdd("D", -11, $passwordExpireTime[9])

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Awsome Water thanks! Can I use the $ADUser[0] to get the total of the Array?

Do you think this script would work on a exchange server and AD accessed.

11 days befor the password expires the user will get a email giving them information about the password change.

;=========================== Include ===========================
#include <AD.au3>
#include <OutlookEX.au3>
#include <date.au3>
 
;========================== Parameters ==========================
local $i
local $currentDate = _NowDate()
Global $ADUsers = _AD_GetGroupMemberOf("Users")
 
;========== Connect to Outlook and Active Directory =============
Global $oAD = _AD_Open()
Global $oOL = _OL_Open()
 
;========================== E N D ===============================
 
 
For $i = 1 to $ADUser[0]
$passwordInfo = _AD_GetPasswordInfo($ADUser[$i])
$passwordExpireTime = $passwordInfo[9]
$calcElevenDays = _DateAdd("D", -11, $passwordExpireTime)
 
   If ($currentDate <= $calcElevenDays) Then
      msgbox(0,"","Password expire time: "  & $passwordInfo[9] & @CRLF & "Mail time: " & $calcElevenDays)
      _OL_Wrapper_SendMail($oOL, $ADUser[$i], "", "", "Password Expires in 10 days", "<h2>User account password Expire</h2><br />      <br /><h3>Information</h3><br /><br /><p>Your accounts password will expire in 10 days,</p>", "", $olFormatHTML,     $olImportanceHigh)
   EndIf
 
Next
 
_OL_Close() ;==>_OL_Start
_AD_Close() ;== _AD_Start
Edited by scarboni
Link to comment
Share on other sites

Sure. The help file for functions _AD_GetPasswordInfo talks about it:

; Return values .: Success - Returns a one-based array with the following information:

This means that the element with index 1of the array is the first "data element" and the element with index 0 holds the number of rows in the array

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

  • 4 weeks later...

Hello,

I keep getting this error when running scripts with the UDF:

\\cel-fil-001\qascripts\AD\AD.au3 (505) : ==> Variable must be of type "Object".:

$oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(sAMAccountName=" & $sAD_SamAccountName & ");distinguishedName;subtree"

$oAD_Command^ ERROR

Now, I'm assuming that means it's not pulling the object correctly. But I'll be darned if I can figure out why.

#include <\\cel-fil-001\qascripts\AD\AD.au3>
MsgBox(0,"X",_AD_SamAccountNameToFQDN(@UserName))

Windows 7 x64 (AutoIT x32)

Link to comment
Share on other sites

Your script has to call _AD_Open first to open a connection to AD. Check any of the example scripts or the help file.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

  • 2 weeks later...

Hey Water,

I am using the _AD_JoinDomain function and I am getting the error 5. Using the extended error checking gives me an error of 8525. What does error number 8525 generally mean?

FYI. The script successfully created the computer account in AD. I haven't seen this error on other machines yet, so I am at a bit of a loss as to what is wrong.

Thanks,

Jeff

Link to comment
Share on other sites

@extended returned 8525? If yes, this means (according to http://msdn.microsoft.com/en-us/library/ms681390(v=VS.85).aspx):

ERROR_DS_COULDNT_UPDATE_SPNS - 8525 (0x214D)

While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync.

Unfortunately, this doesn't tell me anything.

Can you please post the code that gives you the error + how you do the extended error checking?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Thanks for the quick response Water.

here is my code.

Func _JoinDomain()
;Choose domain OU
Sleep(5000)
;$DC = Random(1, 3, 1)
_AD_Open("username", "password", "DC=domain,DC=net", "server.domain.net", "CN=Configuration,DC=domain,DC=net")
Global $adOU = _AD_GetAllOUs("OU=Workstations,DC=domain,DC=net", "")
For $iCount = 1 To $adOU[0][0]
  If $iCount = 1 Then
   $sOU = $adOU[$iCount][0]
  Else
   $sOU = $sOU & "|" & $adOU[$iCount][0]
  EndIf
Next
#region ### START Koda GUI section ###
$main2 = GUICreate("Active Directory", 780, 344, 150, 124)
$ListOU = GUICtrlCreateList("", 7, 8, 768, 279, BitOR($LBS_SORT, $LBS_STANDARD, $LBS_EXTENDEDSEL, $LBS_DISABLENOSCROLL, $WS_VSCROLL, $WS_HSCROLL, $WS_BORDER))
GUICtrlSetData($ListOU, $sOU)
$btnCont2 = GUICtrlCreateButton("Continue", 7, 291, 768, 41, $WS_GROUP)
GUICtrlSetFont(-1, 20, 400, 0, "Impact")
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###
While 1
  $nMsg = GUIGetMsg()
  Switch $nMsg
   Case $GUI_EVENT_CLOSE
    Exit
   Case $btnCont2
    ; Check what OU has been selected in the listbox
    $selOU = _GUICtrlListBox_GetSelItems($ListOU)
    Global $selectedItem = $selOU[1] + 1
    ;Create computer account in AD
    Global $iComp = _AD_CreateComputer($adOU[$selectedItem][1], @ComputerName, "username")
    If $iComp = 1 Then
     MsgBox(64, "Successful", @ComputerName & " is in the Domain.", 5)
    ElseIf @error = 1 Then
     MsgBox(64, "Fail", "The Computers OU can not be found to create Computer account in AD.")
    ElseIf @error = 2 Then
     MsgBox(64, "Fail", @ComputerName & " already exists in the Domain.")
    ElseIf @error = 3 Then
     MsgBox(64, "Fail", "The user does not exist.")
     ;Else
     ; MsgBox(64, "Active Directory Functions", "Creating Computer account - Return code '" & @error & "' from Active Directory")
    EndIf
    ;Join computer to AD account
    Global $iDom = _AD_JoinDomain(@ComputerName, "domain\username", "password")
    If $iDom = 1 Then
     MsgBox(64, "Successful", @ComputerName & " has now been joined to the Domain", 5)
    EndIf
    If @error = 1 Then
     MsgBox(64, "Fail", @ComputerName & " does not exist in the Domain.")
    ElseIf @error = 2 Then
     MsgBox(64, "Fail", "The user could not be found in the Domain.")
    ElseIf @error = 3 Then
     MsgBox(64, "Fail", "WMI Object could not be created. Return code - " & @extended)
    ElseIf @error = 4 Then
     MsgBox(64, "Fail", @ComputerName & " is already a member of the Domain.")
    ElseIf @error = 5 Then
     MsgBox(64, "Fail", @ComputerName & " was unable to join the Domain. Return code - " & @extended)
    EndIf
    _Final()
  EndSwitch
WEnd
_AD_Close()
EndFunc   ;==>_JoinDomain

We have multiple DNS server running out our school. Maybe we have an issue with the AD sync. I'll check the event logs.

Still doesn't explain why it happened on that particular machine. I ran it on another machine and it worked fine.

I am in the process of reimaging the machine right now, so maybe that will fix the issue. The URL is helpfult though as I can get an idea of what maybe wrong.

Edited by jazzyjeff
Link to comment
Share on other sites

Could you please run the script with some more error checking?

Func _JoinDomain()
;Choose domain OU
Sleep(5000)
;$DC = Random(1, 3, 1)
$iAD_Debug = 2    ; <== Debugging
_AD_Open("username", "password", "DC=domain,DC=net", "server.domain.net", "CN=Configuration,DC=domain,DC=net")
Msgbox(0, "_AD_Open", "@error: " & @error & ", @extended: " & @extended)    ; <== Debugging
Global $adOU = _AD_GetAllOUs("OU=Workstations,DC=domain,DC=net", "")
Msgbox(0, "_AD_GetAllOUs", "@error: " & @error & ", @extended: " & @extended)    ; <== Debugging
For $iCount = 1 To $adOU[0][0]
  If $iCount = 1 Then
   $sOU = $adOU[$iCount][0]
  Else
   $sOU = $sOU & "|" & $adOU[$iCount][0]
  EndIf
Next
#region ### START Koda GUI section ###
$main2 = GUICreate("Active Directory", 780, 344, 150, 124)
$ListOU = GUICtrlCreateList("", 7, 8, 768, 279, BitOR($LBS_SORT, $LBS_STANDARD, $LBS_EXTENDEDSEL, $LBS_DISABLENOSCROLL, $WS_VSCROLL, $WS_HSCROLL, $WS_BORDER))
GUICtrlSetData($ListOU, $sOU)
$btnCont2 = GUICtrlCreateButton("Continue", 7, 291, 768, 41, $WS_GROUP)
GUICtrlSetFont(-1, 20, 400, 0, "Impact")
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###
While 1
  $nMsg = GUIGetMsg()
  Switch $nMsg
   Case $GUI_EVENT_CLOSE
    Exit
   Case $btnCont2
    ; Check what OU has been selected in the listbox
    $selOU = _GUICtrlListBox_GetSelItems($ListOU)
    Global $selectedItem = $selOU[1] + 1
    ;Create computer account in AD
    Global $iComp = _AD_CreateComputer($adOU[$selectedItem][1], @ComputerName, "username")
    If $iComp = 1 Then
     MsgBox(64, "Successful", @ComputerName & " is in the Domain.", 5)
    ElseIf @error = 1 Then
     MsgBox(64, "Fail", "The Computers OU can not be found to create Computer account in AD.")
    ElseIf @error = 2 Then
     MsgBox(64, "Fail", @ComputerName & " already exists in the Domain.")
    ElseIf @error = 3 Then
     MsgBox(64, "Fail", "The user does not exist.")
    Else
      MsgBox(64, "Active Directory Functions", "Creating Computer account - Return code '" & @error & "' from Active Directory")    ; <== Debugging
    EndIf
    ;Join computer to AD account
    Global $iDom = _AD_JoinDomain(@ComputerName, "domain\username", "password")
    If $iDom = 1 Then
     MsgBox(64, "Successful", @ComputerName & " has now been joined to the Domain", 5)
    EndIf
    If @error = 1 Then
     MsgBox(64, "Fail", @ComputerName & " does not exist in the Domain.")
    ElseIf @error = 2 Then
     MsgBox(64, "Fail", "The user could not be found in the Domain.")
    ElseIf @error = 3 Then
     MsgBox(64, "Fail", "WMI Object could not be created. Return code - " & @extended)
    ElseIf @error = 4 Then
     MsgBox(64, "Fail", @ComputerName & " is already a member of the Domain.")
    ElseIf @error = 5 Then
     MsgBox(64, "Fail", @ComputerName & " was unable to join the Domain. Return code - " & @extended)
    EndIf
    _Final()
  EndSwitch
WEnd
_AD_Close()
EndFunc   ;==>_JoinDomain

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Glad the problem could be solved :graduated:

I still don't understand the cryptic extended error code. It looks like being a problem of missing permissions but the error code is quite misleading.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Is it misleading.

I ended up settings the delegation as shown in this URL, as opposed to using the pre-built delegation option of joining a PC to the domain.

http://support.microsoft.com/kb/932455

You're right it is a permission issue.

You're UDF is awesome by the way. It's used daily at our school for a login script and to give select users the ability to reset passwords and unlock accounts.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...