scarboni Posted September 19, 2011 Posted September 19, 2011 (edited) Hello there Waters, This is a awsome script I read through it and I wonder if there is a function which i can reach... Is it possible to get the date when the password will expire on a user? or is that the Array key in the _AD_GetPasswordInfo #9 and #14? Edited September 19, 2011 by scarboni
water Posted September 19, 2011 Author Posted September 19, 2011 Correct. Password expiration date/time can be found in element #9 and #11 (local time and UTC). My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
ICANSEEYOU7687 Posted September 20, 2011 Posted September 20, 2011 Could you please run this test script with your data and post the result? Global $sAD_Password = $first & $last &"1234" ConsoleWrite(">>" & $sAD_Password & "<<" & @CRLF) $iValue = _AD_SetPassword($username, $sAD_Password) ConsoleWrite(">>SetPassword: " & $iValue & "--" & @error & @CRLF) So we can check that the variable contains what we expect. Unfortunately I will not be back at work to work on this until friday. But I have tested the value of iValue for the accounts created after the password is set, and this does, in fact, return a value of "1"... Thanks for taking time and helping, either way!
water Posted September 20, 2011 Author Posted September 20, 2011 So if you get returncode 1 for EVERY password you set it is even more important to check that we set what we later need to enter as the password. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
scarboni Posted September 20, 2011 Posted September 20, 2011 (edited) Im sorry im kinda new to using others script or my brain just had a blackout. Lets make a simple example and see if i made it correct I want to make a msg box with the info from the AD user. #include <AD.au3> $domain = "domain1" $username = "user1" $password = "passwd" $fetchedUsername = "fromADUsername" _AD_Open($domain&"\"&$username, $password) $passwordExpireTime = _AD_GetPasswordInfo($fetchedUsername) msgbox(0,"","Password expire time Local Time: "& $passwordExpireTime[9]) msgbox(0,"","Password expire time UTC: "& $passwordExpireTime[11]) _AD_Close() And does $ADUsers = _AD_GetGroupMemberOf("Users") $maxUsers = $ADUser[0] $maxUser result in the maximum amount of users in the users group by typing $ADUser[0]? And while you look this through I wonder if there is a way to be able to get the date of 11 days befor the password expires. So lets say i get the user "Tony" and his passwordExpireTime = 2011-01-20 I would like to be able to get the date 11 days befor that which would result in 2011-01-09 and wonder how i convert the _Date_Time_SystemTimeToDateTimeStr or $sAD_Temp2 to be able to calculate 11 days . If you didnt understand anything of that please tell... Edited September 20, 2011 by scarboni
water Posted September 20, 2011 Author Posted September 20, 2011 You can try to connect to the AD without using credentials. Just use "_AD_Open()". Here everybody has full read access to the AD. To subtract 11 days use the following code: #Include <Date.au3> $Result = _DateAdd("D", -11, $passwordExpireTime[9]) My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
scarboni Posted September 20, 2011 Posted September 20, 2011 (edited) Awsome Water thanks! Can I use the $ADUser[0] to get the total of the Array? Do you think this script would work on a exchange server and AD accessed. 11 days befor the password expires the user will get a email giving them information about the password change. ;=========================== Include =========================== #include <AD.au3> #include <OutlookEX.au3> #include <date.au3> ;========================== Parameters ========================== local $i local $currentDate = _NowDate() Global $ADUsers = _AD_GetGroupMemberOf("Users") ;========== Connect to Outlook and Active Directory ============= Global $oAD = _AD_Open() Global $oOL = _OL_Open() ;========================== E N D =============================== For $i = 1 to $ADUser[0] $passwordInfo = _AD_GetPasswordInfo($ADUser[$i]) $passwordExpireTime = $passwordInfo[9] $calcElevenDays = _DateAdd("D", -11, $passwordExpireTime) If ($currentDate <= $calcElevenDays) Then msgbox(0,"","Password expire time: " & $passwordInfo[9] & @CRLF & "Mail time: " & $calcElevenDays) _OL_Wrapper_SendMail($oOL, $ADUser[$i], "", "", "Password Expires in 10 days", "<h2>User account password Expire</h2><br /> <br /><h3>Information</h3><br /><br /><p>Your accounts password will expire in 10 days,</p>", "", $olFormatHTML, $olImportanceHigh) EndIf Next _OL_Close() ;==>_OL_Start _AD_Close() ;== _AD_Start Edited September 20, 2011 by scarboni
water Posted September 20, 2011 Author Posted September 20, 2011 Sure. The help file for functions _AD_GetPasswordInfo talks about it: ; Return values .: Success - Returns a one-based array with the following information: This means that the element with index 1of the array is the first "data element" and the element with index 0 holds the number of rows in the array My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
FreakyMonkey Posted October 13, 2011 Posted October 13, 2011 Hello, I keep getting this error when running scripts with the UDF: \\cel-fil-001\qascripts\AD\AD.au3 (505) : ==> Variable must be of type "Object".: $oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(sAMAccountName=" & $sAD_SamAccountName & ");distinguishedName;subtree" $oAD_Command^ ERROR Now, I'm assuming that means it's not pulling the object correctly. But I'll be darned if I can figure out why. #include <\\cel-fil-001\qascripts\AD\AD.au3> MsgBox(0,"X",_AD_SamAccountNameToFQDN(@UserName)) Windows 7 x64 (AutoIT x32)
water Posted October 14, 2011 Author Posted October 14, 2011 Your script has to call _AD_Open first to open a connection to AD. Check any of the example scripts or the help file. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
jazzyjeff Posted October 24, 2011 Posted October 24, 2011 Hey Water, I am using the _AD_JoinDomain function and I am getting the error 5. Using the extended error checking gives me an error of 8525. What does error number 8525 generally mean? FYI. The script successfully created the computer account in AD. I haven't seen this error on other machines yet, so I am at a bit of a loss as to what is wrong. Thanks, Jeff
water Posted October 24, 2011 Author Posted October 24, 2011 @extended returned 8525? If yes, this means (according to http://msdn.microsoft.com/en-us/library/ms681390(v=VS.85).aspx): ERROR_DS_COULDNT_UPDATE_SPNS - 8525 (0x214D) While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync. Unfortunately, this doesn't tell me anything.Can you please post the code that gives you the error + how you do the extended error checking? My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
jazzyjeff Posted October 24, 2011 Posted October 24, 2011 (edited) Thanks for the quick response Water. here is my code. expandcollapse popupFunc _JoinDomain() ;Choose domain OU Sleep(5000) ;$DC = Random(1, 3, 1) _AD_Open("username", "password", "DC=domain,DC=net", "server.domain.net", "CN=Configuration,DC=domain,DC=net") Global $adOU = _AD_GetAllOUs("OU=Workstations,DC=domain,DC=net", "") For $iCount = 1 To $adOU[0][0] If $iCount = 1 Then $sOU = $adOU[$iCount][0] Else $sOU = $sOU & "|" & $adOU[$iCount][0] EndIf Next #region ### START Koda GUI section ### $main2 = GUICreate("Active Directory", 780, 344, 150, 124) $ListOU = GUICtrlCreateList("", 7, 8, 768, 279, BitOR($LBS_SORT, $LBS_STANDARD, $LBS_EXTENDEDSEL, $LBS_DISABLENOSCROLL, $WS_VSCROLL, $WS_HSCROLL, $WS_BORDER)) GUICtrlSetData($ListOU, $sOU) $btnCont2 = GUICtrlCreateButton("Continue", 7, 291, 768, 41, $WS_GROUP) GUICtrlSetFont(-1, 20, 400, 0, "Impact") GUISetState(@SW_SHOW) #endregion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $btnCont2 ; Check what OU has been selected in the listbox $selOU = _GUICtrlListBox_GetSelItems($ListOU) Global $selectedItem = $selOU[1] + 1 ;Create computer account in AD Global $iComp = _AD_CreateComputer($adOU[$selectedItem][1], @ComputerName, "username") If $iComp = 1 Then MsgBox(64, "Successful", @ComputerName & " is in the Domain.", 5) ElseIf @error = 1 Then MsgBox(64, "Fail", "The Computers OU can not be found to create Computer account in AD.") ElseIf @error = 2 Then MsgBox(64, "Fail", @ComputerName & " already exists in the Domain.") ElseIf @error = 3 Then MsgBox(64, "Fail", "The user does not exist.") ;Else ; MsgBox(64, "Active Directory Functions", "Creating Computer account - Return code '" & @error & "' from Active Directory") EndIf ;Join computer to AD account Global $iDom = _AD_JoinDomain(@ComputerName, "domain\username", "password") If $iDom = 1 Then MsgBox(64, "Successful", @ComputerName & " has now been joined to the Domain", 5) EndIf If @error = 1 Then MsgBox(64, "Fail", @ComputerName & " does not exist in the Domain.") ElseIf @error = 2 Then MsgBox(64, "Fail", "The user could not be found in the Domain.") ElseIf @error = 3 Then MsgBox(64, "Fail", "WMI Object could not be created. Return code - " & @extended) ElseIf @error = 4 Then MsgBox(64, "Fail", @ComputerName & " is already a member of the Domain.") ElseIf @error = 5 Then MsgBox(64, "Fail", @ComputerName & " was unable to join the Domain. Return code - " & @extended) EndIf _Final() EndSwitch WEnd _AD_Close() EndFunc ;==>_JoinDomain We have multiple DNS server running out our school. Maybe we have an issue with the AD sync. I'll check the event logs. Still doesn't explain why it happened on that particular machine. I ran it on another machine and it worked fine. I am in the process of reimaging the machine right now, so maybe that will fix the issue. The URL is helpfult though as I can get an idea of what maybe wrong. Edited October 24, 2011 by jazzyjeff
jazzyjeff Posted October 24, 2011 Posted October 24, 2011 So a reimage didn't resolve it. I am looking through logs now on the DNS servers now.
jazzyjeff Posted October 24, 2011 Posted October 24, 2011 I am not seeing any errors on the DNS servers related to sysnc issues.
water Posted October 24, 2011 Author Posted October 24, 2011 Could you please run the script with some more error checking? expandcollapse popupFunc _JoinDomain() ;Choose domain OU Sleep(5000) ;$DC = Random(1, 3, 1) $iAD_Debug = 2 ; <== Debugging _AD_Open("username", "password", "DC=domain,DC=net", "server.domain.net", "CN=Configuration,DC=domain,DC=net") Msgbox(0, "_AD_Open", "@error: " & @error & ", @extended: " & @extended) ; <== Debugging Global $adOU = _AD_GetAllOUs("OU=Workstations,DC=domain,DC=net", "") Msgbox(0, "_AD_GetAllOUs", "@error: " & @error & ", @extended: " & @extended) ; <== Debugging For $iCount = 1 To $adOU[0][0] If $iCount = 1 Then $sOU = $adOU[$iCount][0] Else $sOU = $sOU & "|" & $adOU[$iCount][0] EndIf Next #region ### START Koda GUI section ### $main2 = GUICreate("Active Directory", 780, 344, 150, 124) $ListOU = GUICtrlCreateList("", 7, 8, 768, 279, BitOR($LBS_SORT, $LBS_STANDARD, $LBS_EXTENDEDSEL, $LBS_DISABLENOSCROLL, $WS_VSCROLL, $WS_HSCROLL, $WS_BORDER)) GUICtrlSetData($ListOU, $sOU) $btnCont2 = GUICtrlCreateButton("Continue", 7, 291, 768, 41, $WS_GROUP) GUICtrlSetFont(-1, 20, 400, 0, "Impact") GUISetState(@SW_SHOW) #endregion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $btnCont2 ; Check what OU has been selected in the listbox $selOU = _GUICtrlListBox_GetSelItems($ListOU) Global $selectedItem = $selOU[1] + 1 ;Create computer account in AD Global $iComp = _AD_CreateComputer($adOU[$selectedItem][1], @ComputerName, "username") If $iComp = 1 Then MsgBox(64, "Successful", @ComputerName & " is in the Domain.", 5) ElseIf @error = 1 Then MsgBox(64, "Fail", "The Computers OU can not be found to create Computer account in AD.") ElseIf @error = 2 Then MsgBox(64, "Fail", @ComputerName & " already exists in the Domain.") ElseIf @error = 3 Then MsgBox(64, "Fail", "The user does not exist.") Else MsgBox(64, "Active Directory Functions", "Creating Computer account - Return code '" & @error & "' from Active Directory") ; <== Debugging EndIf ;Join computer to AD account Global $iDom = _AD_JoinDomain(@ComputerName, "domain\username", "password") If $iDom = 1 Then MsgBox(64, "Successful", @ComputerName & " has now been joined to the Domain", 5) EndIf If @error = 1 Then MsgBox(64, "Fail", @ComputerName & " does not exist in the Domain.") ElseIf @error = 2 Then MsgBox(64, "Fail", "The user could not be found in the Domain.") ElseIf @error = 3 Then MsgBox(64, "Fail", "WMI Object could not be created. Return code - " & @extended) ElseIf @error = 4 Then MsgBox(64, "Fail", @ComputerName & " is already a member of the Domain.") ElseIf @error = 5 Then MsgBox(64, "Fail", @ComputerName & " was unable to join the Domain. Return code - " & @extended) EndIf _Final() EndSwitch WEnd _AD_Close() EndFunc ;==>_JoinDomain My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
jazzyjeff Posted October 24, 2011 Posted October 24, 2011 Thanks Water. I have tried this, and here are my results: @error: 0 @extneded: 1 @error:0 @extended:0 Then I receive the error 8525 again. I am going to add a different username to the account that opens ad and joins the domain.
jazzyjeff Posted October 24, 2011 Posted October 24, 2011 Ok, I changed the account and now it works. I setup a delegated account to join machines to the domain, but obviously something isn't working. Thanks for your help. I am all set now. Just need to fix my delegated account.
water Posted October 24, 2011 Author Posted October 24, 2011 (edited) Glad the problem could be solved I still don't understand the cryptic extended error code. It looks like being a problem of missing permissions but the error code is quite misleading. Edited October 25, 2011 by water My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
jazzyjeff Posted October 25, 2011 Posted October 25, 2011 Is it misleading. I ended up settings the delegation as shown in this URL, as opposed to using the pre-built delegation option of joining a PC to the domain.http://support.microsoft.com/kb/932455 You're right it is a permission issue. You're UDF is awesome by the way. It's used daily at our school for a login script and to give select users the ability to reset passwords and unlock accounts.
Recommended Posts