Jump to content

AD authentication


 Share

Recommended Posts

Hi

myself and a collegue have been having difficulties getting this little script working. All it is supposed to do is authenticate the user to AD then check they are a memeber of a certain and if they are log the user name and open IE. We don't appear to be having much luck with this and hoped somebody could help.

#include <file.au3>
#include <AD.au3>
#include <GuiConstants.au3>
#include <EditConstants.au3>

Global $Susername, $Spassword

$gui = GuiCreate("Authenticate",120,170)

GUICtrlCreateLabel("Username:",10,10,50,20)
$Susername = GUICtrlCreateInput("",10,35,100,20)
GUICtrlCreateLabel("Password:",10,70,50,20)
$Spassword = GUICtrlCreateInput("",10,95,100,20,$ES_PASSWORD)


$go = GuiCtrlCreateButton("OK",10,130,50,25)
$cancel = GuiCtrlCreateButton("Cancel",60,130,50,25)

GUISetState()

Do
$msg = GUIGetMsg()

If $msg = $go Then



_AD_Open(GUICtrlRead($Susername), GUICtrlRead($Spassword))
_AD_Open()
If _AD_IsMemberOf("") <> 1 Then
;MsgBox(0,"AD","Error " & @error " returned by _AD_Open.") ; Invalid userid/password etc.
MsgBox(64, "Authentication Failed", "Try Again!")
Exit
Endif

_AD_Close()
; Output Username to a log file with date and time
_FileWriteLog(@ScriptDir & "Username.log", GUICtrlRead($Susername))

ShellExecute("C:\Program Files\Internet Explorer\iexplore.exe")

EndIf

If $msg = $cancel Then
Exit
EndIf

Until GUIGetMsg() = $GUI_EVENT_CLOSE
GuiDelete($gui)

Thanks

Link to comment
Share on other sites

This should work. Set variable $sGroup to the group you want to check membership:

#include <file.au3>
#include <AD.au3>
#include <GuiConstants.au3>
#include <ButtonConstants.au3>
#include <EditConstants.au3>

_AD_ErrorNotify(2)
Global $hUserName, $hPassword, $sUserName, $sPassword, $sGroup = "Test"
$gui = GUICreate("Authenticate", 120, 170)
GUICtrlCreateLabel("Username:", 10, 10, 50, 20)
$hUserName = GUICtrlCreateInput("", 10, 35, 100, 20)
GUICtrlCreateLabel("Password:", 10, 70, 50, 20)
$hPassword = GUICtrlCreateInput("", 10, 95, 100, 20, $ES_PASSWORD)
$go = GUICtrlCreateButton("OK", 10, 130, 50, 25, $BS_DEFPUSHBUTTON)
$cancel = GUICtrlCreateButton("Cancel", 60, 130, 50, 25)
GUISetState()
While 1
    $msg = GUIGetMsg()
    Switch $msg
        Case $go
            $sUserName = GUICtrlRead($hUserName)
            $sPassword = GUICtrlRead($hPassword)
            _AD_Open($sUserName, $sPassword)
            If @error Then
                MsgBox(64, "Error", "Authentication Failed! Try again!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                Exit
            ElseIf _AD_IsMemberOf($sGroup) <> 1 Then
                MsgBox(64, "Error", "User is not member of group '" & $sGroup & "'!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                _AD_Close()
                Exit
            EndIf
            _AD_Close()
        ; Output Username to a log file with date and time
;        _FileWriteLog(@ScriptDir & "Username.log", GUICtrlRead($hUserName))
;        ShellExecute("C:\Program Files\Internet Explorer\iexplore.exe")
        Case $cancel, $GUI_EVENT_CLOSE
            Exit
    EndSwitch
WEnd
GUIDelete($gui)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

What's the exact @error and @extended values you get?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

You have to pass the username to function _AD_IsMemberOf as parameter 2 (samaccountname or FQDN). And if you want to check the primary group you have to set parameter 3 to True (because in AD primary groups have no members - so the membership check has to be done differently).

Or you could use function _AD_GetUserPrimaryGroup to check for the primary group of the user.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Your current script allows to enter any user name plus this users password. You then connect to the AD with this credentials.

But function _AD_IsMemberOf - as you use it right now - uses the current user name (the user logged on to the computer) to check the membership.

That's why you have to pass the username to the function.

Every user has a primary group he is assigned to. You can query the members of every group but not the primary group for performance reasons (limitation of AD).

That's why you need parameter 3 if you want to check the primary group.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Something like this:

#include <file.au3>
#include <AD.au3>
#include <GuiConstants.au3>
#include <ButtonConstants.au3>
#include <EditConstants.au3>

_AD_ErrorNotify(2)
Global $hUserName, $hPassword, $sUserName, $sPassword, $sGroup = "Domain Users"
$gui = GUICreate("Authenticate", 120, 170)
GUICtrlCreateLabel("Username:", 10, 10, 50, 20)
$hUserName = GUICtrlCreateInput("", 10, 35, 100, 20)
GUICtrlCreateLabel("Password:", 10, 70, 50, 20)
$hPassword = GUICtrlCreateInput("", 10, 95, 100, 20, $ES_PASSWORD)
$go = GUICtrlCreateButton("OK", 10, 130, 50, 25, $BS_DEFPUSHBUTTON)
$cancel = GUICtrlCreateButton("Cancel", 60, 130, 50, 25)
GUISetState()
While 1
    $msg = GUIGetMsg()
    Switch $msg
        Case $go
            $sUserName = GUICtrlRead($hUserName)
            $sPassword = GUICtrlRead($hPassword)
            _AD_Open($sUserName, $sPassword)
            If @error Then
                MsgBox(64, "Error", "Authentication Failed! Try again!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                Exit
            ElseIf _AD_IsMemberOf($sGroup, $sUserName, True) <> 1 Then
                MsgBox(64, "Error", "User is not member of group '" & $sGroup & "'!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                _AD_Close()
                Exit
            EndIf
            _AD_Close()
        ; Output Username to a log file with date and time
        _FileWriteLog(@ScriptDir & "Username.log", $sUserName)
        ShellExecute("C:\Program Files\Internet Explorer\iexplore.exe")
        Case $cancel, $GUI_EVENT_CLOSE
            Exit
    EndSwitch
WEnd
GUIDelete($gui)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

  • 6 years later...
On 25.10.2012 at 10:07 AM, shaunexe said:

_AD_Open(GUICtrlRead($Susername), GUICtrlRead($Spassword)) _AD_Open()

The script calls _AD_Opn twice, which does not make sense.
Could you please try the _AD_Open.au3 example script which comes with the AD UDF?
 

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

  • 2 years later...

goes great.

it is also possible to query two or more AD Groups GROUPS
i tried it, but i didn´t get it works.

 

 

 

Quote

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=..\Program Files (x86)\AutoIt3\_ICOS\924.ico
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <file.au3>
#include <AD.au3>
#include <GuiConstants.au3>
#include <ButtonConstants.au3>
#include <EditConstants.au3>

_AD_ErrorNotify(2)
Global $hUserName, $hPassword, $sUserName, $sPassword, $sGroup1 = "Group1", $sGroup2 = "Group2"
$gui = GUICreate("Authenticate", 120, 170)
GUICtrlCreateLabel("Username:", 10, 10, 50, 20)
$hUserName = GUICtrlCreateInput("", 10, 35, 100, 20)
GUICtrlCreateLabel("Password:", 10, 70, 50, 20)
$hPassword = GUICtrlCreateInput("", 10, 95, 100, 20, $ES_PASSWORD)
$go = GUICtrlCreateButton("OK", 10, 130, 50, 25, $BS_DEFPUSHBUTTON)
$cancel = GUICtrlCreateButton("Cancel", 60, 130, 50, 25)
GUISetState()
While 1
    $msg = GUIGetMsg()
    Switch $msg
        Case $go
            $sUserName = GUICtrlRead($hUserName)
            $sPassword = GUICtrlRead($hPassword)
            _AD_Open($sUserName, $sPassword)
            If @error Then
                MsgBox(64, "Error", "Authentication Failed! Try again!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                    Exit
            ElseIf _AD_IsMemberOf($sGroup1, $sUserName, True) or _AD_IsMemberOf($sGroup2, $sUserName, True) <> 1 Then
                    MsgBox(64, "Error", "User is not member of groups '" & $sGroup1 & "__" & "or" & "__"& $sGroup2 & "'!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                    ; MsgBox(64, "Error", "User is not member of groups '" & $sGroup2 & "'!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                    _AD_Close()
                    Exit
            EndIf
            _AD_Close()
        ; Output Username to a log file with date and time
        _FileWriteLog(@Scriptdir & "\Username.log", GUICtrlRead($hUserName))

        ShellExecute("explorer.exe")
        Exit
        case $cancel, $GUI_EVENT_CLOSE
            Exit
    EndSwitch
WEnd
GUIDelete($gui)

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Quote

i tried it, but i didn´t get it works.

Please be more specific. Do you get an error or wrong results or omething else you don't expect?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I do not know whether my above solution is thought so correctly and whether I may have made a mistake in

the query of the two groups. It only works when the user is in group1.

the message box "user not in group" appears in group2

 

here the line:

    ElseIf _AD_IsMemberOf($sGroup1, $sUserName, True) or _AD_IsMemberOf($sGroup2, $sUserName, True) <> 1 Then

Link to comment
Share on other sites

Use:

ElseIf _AD_IsMemberOf($sGroup1, $sUserName, True) <> 1 And _AD_IsMemberOf($sGroup2, $sUserName, True) <> 1 Then

This line returns True when $sUsername ist not Member of group1 and not Member of group2.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...