Jump to content

Active Directory UDF - Help & Support (II)


water
 Share

Recommended Posts

I see. I had the same problem with Windows 7. The exe you run is not on a "trusted location". Means: Windows doesn't allow you to run the application from there. Copy it to a trusted location and try again.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Ah, this works! Thank you!

Glad you got it working.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

You need something like the following. Make sure the useraccount name is correct. I think "test.account" isn't a valid SamAccountName.

#include <AD.au3>
#include <File.au3>

Global $sJPG = FileRead("D:\testaccount.JPG")
Global $aJPG = StringSplit($sJPG, "", 2)

_AD_Open()
_AD_ModifyAttribute("test","thumbnailPhoto",$aJPG)
_AD_Close()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

You need something like the following. Make sure the useraccount name is correct. I think "test.account" isn't a valid SamAccountName.

#include <AD.au3>
#include <File.au3>

Global $sJPG = FileRead("D:\testaccount.JPG")
Global $aJPG = StringSplit($sJPG, "", 2)

_AD_Open()
_AD_ModifyAttribute("test","thumbnailPhoto",$aJPG)
_AD_Close()

The SamAccountName is called test.account. It is a test account I created for this.

When I run it, I get;

COM Error Encountered in Change Photo.au3

AD UDF version = 1.3.0

@AutoItVersion = 3.3.8.1

@AutoItX64 = 0

@Compiled = 0

@OSArch = X86

@OSVersion = WIN_XP

Scriptline = 2479

NumberHex = 80020009

Number = -2147352567

WinDescription = The attribute syntax specified to the directory service is invalid.

Description =

Source =

HelpFile =

HelpContext = 0

LastDllError = 0

========================================================

+>09:09:18 AutoIt3.exe ended.rc:0

>Exit code: 0 Time: 0.887

Edited by ScriptingNewbie
Link to comment
Share on other sites

Where did you find the property "thumbnailPhoto"? I only get "jpegPhoto".

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I see.

The Schema has to be on level 2008 or later. The JPG is limited to 10K by default with a max value of 100k.

It's a multivalue attribute so more than 1 picture is possible.

Looks like it has to be passed as a string, not a byte array.

Could you try the following code. If it doesn't work could you please set the flag to 16 (binary):

#include <AD.au3>
#include <File.au3>

Global $hJPG = FileOpen("D:\testaccount.JPG", 0) ; ==> If 0 doesn't work set the flag to 16 (binary)
Global $sJPG = FileRead($hJPG)
FileClose($hJPG)

_AD_Open()
_AD_ModifyAttribute("test","thumbnailPhoto",$sJPG)
_AD_Close()

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I see.

The Schema has to be on level 2008 or later. The JPG is limited to 10K by default with a max value of 100k.

It's a multivalue attribute so more than 1 picture is possible.

Looks like it has to be passed as a string, not a byte array.

Could you try the following code. If it doesn't work could you please set the flag to 16 (binary):

#include <AD.au3>
#include <File.au3>

Global $hJPG = FileOpen("D:\testaccount.JPG", 0) ; ==> If 0 doesn't work set the flag to 16 (binary)
Global $sJPG = FileRead($hJPG)
FileClose($hJPG)

_AD_Open()
_AD_ModifyAttribute("test","thumbnailPhoto",$sJPG)
_AD_Close()

Thank you that has worked with the 16.
Link to comment
Share on other sites

Glad to hear that the problem could be solved :)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Is it possible to get the RID from AD in Autoit? Unfortunately, doing

$SIDhex = _AD_GetObjectAttribute($user,"objectSid")

returns hexadecimal rather than the usual display SID.

$SID = _HexToString($SIDhex)

doesn't seem to convert to the usual display format...

I was going to take the SID and do

StringRegExpReplace($SID,"-([0-9]*)\Z","\1")

but if I can't get the info in a format I expect, mmm. I could go out to powershell maybe, but I'm not sure if I can capture the output of a powershell snippet.

Link to comment
Share on other sites

_AD_GetObjectAttribute returns a single attribute UNTRANSLATED. Use _AD_GetObjectProperties to get TRANSLATED attributes.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

FYI

Just dropping a note as it might be useful to others/I might have missed something.

I've modified _AD_RecursiveGetMemberOf as it returned an empty array if a cn contained a forward slash, which in turn is escaped by a backslash, ie "name\/noname". It seems the ADODB query doesn't like backslashes. It's therefor probably true for other 'to be escaped' characters as well (didn't test them).

After this line:

If StringMid($sAD_Object, 3, 1) <> "=" Then $sAD_Object = _AD_SamAccountNameToFQDN($sAD_Object) ; sAMAccountName provided

I added this code:

$sAD_Object = StringReplace($sAD_Object, "\", "")

to remove the escaping backslash.

It looks like this is the only function which uses the query with '(member='

$__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(member=" & $sAD_Object & ");" & $sAD_Field & ";subtree"
Link to comment
Share on other sites

You mean the result of a call to _AD_RecursiveGetMemberOf is an escaped string (e.g. "name/noname") but _AD_RecursiveGetMemberOf itself needs the $sAD_object parameter unescaped?

In this case I would use

$sAD_Object = _AD_FixSpecialChars($sAD_Object, 1)
to unescape all characters.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

As it turns out, comma's should be escaped, but forward slashes should not. After I had put the modification in production the function didn't work anymore for users who had a comma in their cn. ("Hoover\, J.E."). _AD_FixSpecialChars is therefor too 'aggressive'.

To only remove the escaping backslash for forward slashes I changed the code to:

$sAD_Object = StringReplace($sAD_Object, "\/", "/")

Which seems to work better for our environment (2003 AD BTW with mostly XP clients).

I haven't found any documentation which describe what characters are allowed in the ADO LDAP query CommandText... (yet). Especially when cn is used.

Link to comment
Share on other sites

As it turns out, comma's should be escaped, but forward slashes should not. After I had put the modification in production the function didn't work anymore for users who had a comma in their cn. ("Hoover\, J.E."). _AD_FixSpecialChars is therefor too 'aggressive'.

Modify the call and it will be less "aggressive":
$sAD_Object = _AD_FixSpecialChars($sAD_Object, 1, ",")

I haven't found any documentation which describe what characters are allowed in the ADO LDAP query CommandText... (yet). Especially when cn is used.

Good reading can be found here.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Better still:

$sAD_Object = _AD_FixSpecialChars($sAD_Object, 1, "/")

which makes _AD_RecursiveGetMemberOf look like this:

Func _AD_RecursiveGetMemberOf($sAD_Object, $iAD_Depth = 10, $bAD_ListInherited = True, $bAD_FQDN = True)

    If _AD_ObjectExists($sAD_Object) = 0 Then Return SetError(1, 0, "")
    If StringMid($sAD_Object, 3, 1) <> "=" Then $sAD_Object = _AD_SamAccountNameToFQDN($sAD_Object) ; sAMAccountName provided
    $sAD_Object = _AD_FixSpecialChars($sAD_Object, 1, "/")   ; <<---- Code added to fix query when cn has a forward slash in it

    Local $iCount1, $iCount2
    Local $sAD_Field = "distinguishedName"
    If Not $bAD_FQDN Then $sAD_Field = "samaccountname"
    $__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sAD_DNSDomain & ">;(member=" & $sAD_Object & ");" & $sAD_Field & ";subtree"
    ; ConsoleWrite("Debug: " & "$__oAD_Command.CommandText=" & $__oAD_Command.CommandText & @CRLF)
    Local $oAD_RecordSet = $__oAD_Command.Execute
    Local $aAD_Groups[$oAD_RecordSet.RecordCount + 1] = [0]
<snip>

I use this line of code to call the function:

Global $GroupMemberOf = _AD_RecursiveGetMemberOf(@UserName, 10, True, False)

_AD_SamAccountNameToFQDN($sAD_Object) returns something like "CN=La\/Dida,OU=TheOther,OU=Or,OU=One,DC=domain,DC=nl" which can't be used as input to the query as it returns 0 records.

Using "CN=La/Dida,OU=TheOther,OU=Or,OU=One,DC=domain,DC=nl" however does return data. Hence the StringReplace.

Link to comment
Share on other sites

Hi,

I'm looking for similar functionality to _AD_DeleteObject but then a _AD_CreateObject.
I want to be able to create custom objects based on a schema class.

Any idea where to start? the basic insert/create functions don't let me do this.

Thanks in advance.

Link to comment
Share on other sites

Welcome to AutoIt and the forum!

Looks like you need to write your own function. _AD_CreateOU is a good starting point. Replace "organizationalUnit" with your class and set the RDN properly.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Hi,

I'm looking for similar functionality to _AD_DeleteObject but then a _AD_CreateObject.

I want to be able to create custom objects based on a schema class.

Any idea where to start? the basic insert/create functions don't let me do this.

Thanks in advance.

 

Welcome to AutoIt and the forum!

Looks like you need to write your own function. _AD_CreateOU is a good starting point. Replace "organizationalUnit" with your class and set the RDN properly.

 

Thanks for helping out water!

Here's the bit of code i used to get it working.

 

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_CreateOBject
; Description ...: Creates an Object in the specified OU.
; Syntax.........: _AD_CreateObject($sAD_ParentOU, $sAD_Object, $sAD_Class)
; Parameters ....: $sAD_ParentOU - Parent OU where the new OU will be created (FQDN)
;                  $sAD_Ojbect - Object name
;                  $sAD_Class - Class for the new object
; Return values .: Success - 1
;                  Failure - 0, sets @error to:
;                  |1 - $sAD_ParentOU does not exist
;                  |2 - $sAD_Object in $sAD_ParentOU already exists
;                  |3 - $sAD_Object is missing
;                  |x - Error returned by SetInfo function (Missing permission etc.)
; Author ........: Jonathan Clelland 
; Modified.......: mkdd
; Remarks .......: This does not create any attributes for the Object. Use function _AD_ModifyAttribute.
; Related .......: _AD_CreateUser, _AD_CreateGroup, _AD_AddUserToGroup, _AD_RemoveUserFromGroup
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _AD_CreateObject($sAD_ParentOU, $sAD_Object, $sAD_Class)
    If Not _AD_ObjectExists($sAD_ParentOU, "distinguishedName") Then Return SetError(1, 0, 0)
    If _AD_ObjectExists("CN=" & $sAD_Object & "," & $sAD_ParentOU, $sAD_Class) Then Return SetError(2, 0, 0)
    If $sAD_Object = "" Then Return SetError(3, 0, 0)
    Local $oAD_ParentOU = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sAD_ParentOU)
    Local $oAD_Object = $oAD_ParentOU.Create($sAD_Class, "CN=" & $sAD_Object)
    $oAD_Object.SetInfo
    If @error <> 0 Then Return SetError(@error, 0, 0)
    Return 1

EndFunc   ;==>_AD_CreateObject
Edited by mkdd
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...