Active Directory UDF - Help & Support

[Tjalve]

Autoit 3.3.8.1

UDF: 1.2.2.0

[water]

With version 1.2.2.0 of the UDF you have to use at least AutoIt 3.3.9.2 (beta).

Or run version 1.2.2.0 of the UDF with AutoIt 3.3.8.1

[Tjalve]

of course that was the issue. My misstake for not reading the info. Sorry for that. Everything works great now.

[water]

I hope to merge the versions for production and beta AutoIt quite soon into a single UDF again.

[Iceman682]

Hi Water

It feels like I'm climbing Everest without oxygen and therefore are in need of some help if possible.

I'm on a part of my script and for the life of me I'm unable to find a way of pulling the description off the local machine and inserting the same in the computers description in AD. If there isn't one set in the local machine a message pops up telling them to insert one before the AD update takes place.

I've looked at, taken apart, put back together, all sorts but to no avail.

I've tried your _AD_ModifyAttribute script from your great UDF but it's only for users

I've tried changing it (no doubt incorrectly) and no go.

My poor attempt below

Any advice?

Many thanks in advance

expandcollapse popup

; *****************************************************************************
#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Modify the description of the current user.
; *****************************************************************************
#include <AD.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
;-------------------------
;Pulls Local machine name
;-------------------------
$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$sComputer = "localhost"
$sDescription=""
$objWMIService = ObjGet("winmgmts:\\" & $sComputer & "\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
If IsObj($colItems) then
   For $objItem In $colItems
      $sDescription = $objItem.Description & @CRLF
      ExitLoop
   Next
EndIf
; Open Connection to the Active Directory
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)
Global $iReply = MsgBox(308, "Active Directory Functions - Example 1", "This script changes the attribute 'description' for a user." & @CRLF & @CRLF & _
  "Are you sure you want to change the Active Directory?")
If $iReply <> 6 Then Exit
; Enter user account and description
#region ### START Koda GUI section ### Form=
Global $Form1 = GUICreate("Active Directory Functions - Example 1", 514, 124)
GUICtrlCreateLabel("User account (samAccountName or sAMAccountName):", 8, 10, 231, 34)
GUICtrlCreateLabel("New description:", 8, 42, 231, 17)
Global $sComputer = GUICtrlCreateInput(@ComputerName, 241, 8, 259, 21)
Global $sDescription = GUICtrlCreateInput("", 241, 40, 259, 21)
Global $BOK = GUICtrlCreateButton("Change description", 8, 72, 121, 33)
Global $BCancel = GUICtrlCreateButton("Cancel", 428, 72, 73, 33, BitOR($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON))
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###
While 1
 Global $nMsg = GUIGetMsg()
 Switch $nMsg
  Case $GUI_EVENT_CLOSE, $BCancel
   Exit
  Case $BOK
   Global $ssComputer = GUICtrlRead($sComputer)
   Global $ssDescription = GUICtrlRead($sDescription)
   ExitLoop
 EndSwitch
WEnd
; Change attribute
Global $iValue = _AD_ModifyAttribute($ssComputer, "description", $ssDescription)
If $iValue = 1 Then
 MsgBox(64, "Active Directory Functions - Example 1", "Description for user '" & $ssComputer & "' successfully changed")
ElseIf @error = 1 Then
 MsgBox(64, "Active Directory Functions - Example 1", "User '" & $ssComputer & "' does not exist")
Else
 MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf
; Close Connection to the Active Directory
_AD_Close()

Edited September 7, 2012 by Iceman682

[water]

_AD_ModifyAttribute works for every object (user, computer, group etc.) in AD.

If you want to change a computer account and pass the account name as SamAccountName (alternative ist the FQDN) make sure to append a dollar sign at the end of the name.

For the comptuer the script runs on this should be: @ComputerName & "$"

Every function of my UDF returns an error code you can check by having a look at the value of @error. The help file which comes with every function explains what went wrong.

[Iceman682]

Water, You are fantastic

I see I have bucket loads to learn.

Thank you, thank you, thank you.

[water]

Glad to be of serivce

[water]

Hi Water,

Firstly thanks for your excellent work on the AD UDF set. I have been using some to great effect to create users within our school system.

Following a change in how we have to connect to printers, I now have another requirement where I need to read an "Room OU" containing PCs which should map to a printer. Would you be kind enough to point me in the right direction on the settings I need to make use of the _AD_GetObjectsInOU to get a list of the PCs in the OU.

Please have a look at the Wiki where you can find a description how _AD_GetObjectsInOU works.

To get a list of all computer accounts in a specific OU you need something like:

$sOU = "..."
$aObjects = _AD_GetObjectsInOU($sOU, "(objectClass=Computer)", 0, "samaccountname")

[water]

Version 1.3.0.0 of the UDF has been released.

This version combines the last production version 1.2.0 and the experimental version 1.2.2.0!

Please test before using in production!

For download please see my signature.

Edited October 12, 2012 by water

[water]

I was wondering if you could modify this to check if a contact object exist.

Thanks.

_AD_ObjectExists doesn't need the object class to check for existance. Pass the SamAccountName or FQDN of your contact to _AD_ObjectExists.

[Woodster]

Hello Water,

I'm trying to get my head around the Modify Attribute component, and have the following lines in my script:

$iValue = _AD_ModifyAttribute(@ComputerName&"$", "Location", $sLoc,2)
$iValue = _AD_ModifyAttribute(@ComputerName&"$", "ManagedBy", $sUser,2)
$iValue = _AD_ModifyAttribute(@ComputerName&"$", "Description", $sFull,2)

The first and third lines work just fine, but it's the middle one that's giving me grief. At the moment it's getting passed a username in the first.last format, but I'm not sure if this is correct.

Could you please let me know which user account name I need to use, or indeed if the syntax is wrong in some way, given that the other two lines work?

Many thanks, Woodster

[water]

You have to pass the FQDN (CN=username,OU=...) to set the managedBy property.

[Woodster]

Marvellous. Thank you for your prompt guidance. Much appreciated.

[water]

Glad to be of service

[kor]

How might I accomplish the following.

I need to return a username based on a look-up of another field for that user.

So lets say I do the following

_AD_ObjectExists($sEmployeeID, "extensionAttribute1")

How do I get the username of the user by looking up their extensionattribute1 ?

Object Exists will return 1 if exactly 1 object is found matching my criteria, but I need the username it was matched with.

Edited November 20, 2012 by kor

[water]

You can't do it this way. _AD_ObjectExists is made to check if an object (user, group, computer ...) exists. You can't check for a single property.

You need something like this:

Global $sOU = "" ; OU to start the search
Global $sExtension = "..." ; Extension to search for
$aObjects = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user)(extensionAttribute1=" & $sExtension & "))", 2, "sAMAccountName,displayname")

Be aware that $aObjects might contain more than one user.

[kor]

Awesome water, thank you.

My code for anyone else

I kept the objectexists check because I want to only perform the lookup if there is exactly 1 match.

If _AD_ObjectExists($sData, "extensionAttribute1") = 1 Then
$aObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(extensionAttribute1=" & $sData & "))")
$sUsername = $aObjects[1]
_LogMessage("User " & $sUsername & " exists")
$bExists = True
EndIf

Edited November 20, 2012 by kor

[water]

The use of function _AD_ObjectExists is wrong. It has to be

If _AD_ObjectExists("extensionAttribute1", $sData) = 1 Then

But this is slow because the WHOLE AD is sequentially read.

Use this to make sure there is only one match:

$aObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(extensionAttribute1=" & $sData & "))")
If $aObjects[0] = 1 Then
    $sUsername = $aObjects[1]
    _LogMessage("User " & $sUsername & " exists")
    $bExists = True
EndIf

Edited November 20, 2012 by water

[kor]

Use this to make sure there is only one match:

$aObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(extensionAttribute1=" & $sData & "))")
If $aObjects[0] = 1 Then
$sUsername = $aObjects[1]
_LogMessage("User " & $sUsername & " exists")
$bExists = True
EndIf

That code makes more sense and is more efficient. Thanks.