Jump to content

Recommended Posts

Posted

Not beautiful but it should work. Pass the FQDN to function _AD_RemoveFromGroup.

Means:

local $worked = _AD_RemoveUserFromGroup("CN=First Level Review R/W access", $user)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

After some testing, I found a solution... Specifying the FQDN did not seem to help, so I took a peek at the UDF, then i did some research on LDAP queries and came up with a list of LDAP Escape sequence substitutes.. 

http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475(v=vs.85).aspx

I made a small stand alone tool to represent what I was using before:

#include <AD.au3>

$user = "tuser1"
_AD_OPEN()

    msgbox(0,"","Removing " & $user & " from all AD groups" & @CRLF)
    $groupz = _AD_GetUserGroups($user)
    For $c = 1 to UBound($groupz) - 1
        msgbox(0,"","Removing " & $user & " from the following group: " &  $groupz[$c] & @CRLF)
        
           $worked = _AD_RemoveUserFromGroup($groupz[$c], $user)
        
        If $worked = 1 then
            msgbox(0,"",$user & " has been removed from " & $groupz[$c] & @CRLF)
        else
            msgbox(0,"","ERROR removing " & $user & " from " & $groupz[$c] & "      ############## ERROR:" & @Error & @CRLF)
        endif
    next
_AD_CLOSE()

Then I added a line to look for the forward slash and replace it with the Escape sequence substitute:

$groupz[$c] = stringreplace($groupz[$c],"/","\2f")

and ended up with this:

#include <AD.au3>

$user = "tuser1"
_AD_OPEN()

    msgbox(0,"","Removing " & $user & " from all AD groups" & @CRLF)
    $groupz = _AD_GetUserGroups($user)
    For $c = 1 to UBound($groupz) - 1
        msgbox(0,"","Removing " & $user & " from the following group: " &  $groupz[$c] & @CRLF)
        $groupz[$c] = stringreplace($groupz[$c],"/","\2f")
           $worked = _AD_RemoveUserFromGroup($groupz[$c], $user)
        
        If $worked = 1 then
            msgbox(0,"",$user & " has been removed from " & $groupz[$c] & @CRLF)
        else
            msgbox(0,"","ERROR removing " & $user & " from " & $groupz[$c] & "      ############## ERROR:" & @Error & @CRLF)
        endif
    next
_AD_CLOSE()

This is actually working, so it may make a nice addition to the UDF :)

ASCII character Escape sequence substitute
*   \2a
(   \28
)   \29
\   \5c
NUL \00
/   \2f
Edited by Kovacic

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Posted

If I understand you correctly then function _AD_FixSpecialChars has been made for this:

$groupz[$c] = _AD_FixSpecialChars($groupz[$c])




			
		

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

This is the site I've used for reference:

http://www.rlmueller.net/CharactersEscaped.htm

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

After some testing, 

I replaced:

$groupz[$c] = stringreplace($groupz[$c],"/","\2f")

with:

$groupz[$c] = _AD_FixSpecialChars($groupz[$c])

I got an @Error 1, it looks like _AD_RemoveUserFromGroup might require separate escape chars.

C0d3 is P0etry( ͡° ͜ʖ ͡°)

Posted

Looks like I need to do some more investigation ... ;)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

All in all im a huge fan! :]

Thanks :)

Looks like function _AD_ObjectExists causes the error = 1. The passed group name is used in a LDAP search. This means the escape characters you provided are needed.

My _AD_FixSpecialChars function only seems to work for FQDN.

I will have to verify that.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

Got it!

The link I provided confirms what we have seen:

To escape special characters in Distinguished Names function _AD_FixSpecialChars works fine.

To escape special characters in LDAP filters you need to specify the hex code as you did.

I will extend function _AD_FixSpecialChars to handle LDAP  filters.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

Good call! I didnt even realize that was the hex version.. On another note, using that, you can escape any special chrs in that method. I guess you would have to figure out any legal useable chrs in AD, then add the StringReplace method for it.

Nice!

C0d3 is P0etry( ͡° ͜ʖ ͡°)

  • 2 weeks later...
Posted

Hi I use the AD UDF in several scripts on Citrix servers to check for memberships en set some registry when starting an application.

However sometimes my Terminal servers cannot find the domain controller, this I am fixing by a workaround (restart of DNS Client-service),

but there are always some users who are just login in and getting an "autoit" error.

After some debugging I found out that the line within my script: $sFQDN_User = _AD_SamAccountNameToFQDN() is generating an exeption: "The resquested action with this object has failed."

I wrote some error handling and to catch and show the error:   errnumer: -2147016646       windescription: The server is not operational.

Local $oAD_RecordSet = $__oAD_Command.Execute
If @error Or Not IsObj($oAD_RecordSet) Or $oAD_RecordSet.RecordCount = 0 Then Return SetError(1, @error, "") 

In the above line from UDF function _AD_SamAccountNameToFQDN, it seems that the UDF errorhandling is not kicking in.

At the moment I am using a custom errorhandler to react on the error, but I rather want to check on @error within my script.

Is this possible?

Posted

Which version of the AD UDF and which version of AutoIt do you run?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

To check on @error you could run the latest beta version of AutoIt. When there is no custom COM error handler then AutoIt simply sets @error and continues processing.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

Which version of the AD UDF and which version of AutoIt do you run?

To check on @error you could run the latest beta version of AutoIt. When there is no custom COM error handler then AutoIt simply sets @error and continues processing.

The version of de UDF I am running is: v1.2.10  :sweating:  I probably should update ;-)

and my AutoIt version is: v3.3.8.1.

Should I use Autoit autoit-v3.3.9.24-beta-setup.exe instead?

Posted

The UDF version 1.2.1.0 isn't too old.

You can use a production version and a beta in parallel. Just press Alt+F5 (please check - I'm not sure and can't test at the moment) instead of F5 to run a script from SciTE.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted (edited)

The UDF version 1.2.1.0 isn't too old.

You can use a production version and a beta in parallel. Just press Alt+F5 (please check - I'm not sure and can't test at the moment) instead of F5 to run a script from SciTE.

Just installed the AD udf v1.3.00 and the autoit beta.

However I tried compiling my script  (Alt-F7) and got a few errors for using Autoit beta.

I added the constant: Global Const $__WINAPICONSTANT_FORMAT_MESSAGE_FROM_SYSTEM = 0x1000    to the AD udf.
This constanst was removed from WinApi.au3 in AutoIt beta, but is used in the AD.au3.
 
Also _arraycreate() is no more available with the AutoitBeta Array.au3.
So in the AD.au3 function:  Func _AD_SetUserPrimaryGroup($sAD_User, $sAD_Group) I replaced:
$oAD_Group.GetInfoEx(_ArrayCreate("primaryGroupToken"), 0)

by:

Dim $TokenArray[0]

$TokenArray[0]= "primaryGroupToken"
$oAD_Group.GetInfoEx($TokenArray, 0)
My script is compiling again.
To reproduce the error, I have to change the DNS of the Citrix server to 8.8.8.8. so it won't find the domaincontroller.
However I cannot do this righnow because there are some people working on it.
So I'll test after working hours....
Edited by Jemboy
Posted

Ah, I see. A version of the UDF ready for the beta versions of AutoIt is already in the making.

As I'm leaving for vacation I won't be able to respond until next year.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Posted

Ah, I see. A version of the UDF ready for the beta versions of AutoIt is already in the making.

As I'm leaving for vacation I won't be able to respond until next year.

Have I nice vacation, see you next year.

I just tested the AD udf v1.3.0.0 with the Autoit Beta and the errors do not trigger an exception anymore.

However _AD_Open() will not set @Error or return a 0 to indicate a failure.

The function _AD_SamAccountNameToFQDN() though return an emppty string and sets @error to 1.

Posted

I'm using this, to change the password for a user, and it works, but I want it to enable the option

"user must change password at next logon"

I heart it would do the trick, by adding: ,1

but it still doesen't force the user to create a new password at next logon.

Global $iValue = _AD_SetPassword($sUser, $sPassword,1)

anyone know what might be the problem?

this is the script I use:

    Case $change_pass
    $readit = GUICtrlRead($machinename)

    _AD_Open()

    $get_user = InputBox("skift password","Ændre brugerens password til: Abcd1234","Initialer")

    Global $sUser = _AD_SamAccountNameToFQDN($get_user)
    Global $sPassword = "Abcd1234"

    ; Set the password
    Global $iValue = _AD_SetPassword($sUser, $sPassword,1)
    If $iValue = 1 Then
    MsgBox(64, "password ændret", "passwordet er ændret til: Abcd1234")
    ElseIf @error = 1 Then
    MsgBox(64, "Fejl", "den indtastede bruger eksisterer ikke.")
    Continueloop
    Else
    MsgBox(64, "Fejl", "Du har ikke rettigheder til at ændre passwordet.")
    EndIf

; Close Connection to the Active Directory
_AD_Close()
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...