water Posted November 26, 2013 Author Posted November 26, 2013 Not beautiful but it should work. Pass the FQDN to function _AD_RemoveFromGroup. Means: local $worked = _AD_RemoveUserFromGroup("CN=First Level Review R/W access", $user) My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Kovacic Posted November 27, 2013 Posted November 27, 2013 Thanks! The account I was working on was completed, but I will test it at some point today. C0d3 is P0etry( ͡° ͜ʖ ͡°)
Kovacic Posted December 4, 2013 Posted December 4, 2013 (edited) After some testing, I found a solution... Specifying the FQDN did not seem to help, so I took a peek at the UDF, then i did some research on LDAP queries and came up with a list of LDAP Escape sequence substitutes.. http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475(v=vs.85).aspx I made a small stand alone tool to represent what I was using before: #include <AD.au3> $user = "tuser1" _AD_OPEN() msgbox(0,"","Removing " & $user & " from all AD groups" & @CRLF) $groupz = _AD_GetUserGroups($user) For $c = 1 to UBound($groupz) - 1 msgbox(0,"","Removing " & $user & " from the following group: " & $groupz[$c] & @CRLF) $worked = _AD_RemoveUserFromGroup($groupz[$c], $user) If $worked = 1 then msgbox(0,"",$user & " has been removed from " & $groupz[$c] & @CRLF) else msgbox(0,"","ERROR removing " & $user & " from " & $groupz[$c] & " ############## ERROR:" & @Error & @CRLF) endif next _AD_CLOSE() Then I added a line to look for the forward slash and replace it with the Escape sequence substitute: $groupz[$c] = stringreplace($groupz[$c],"/","\2f") and ended up with this: #include <AD.au3> $user = "tuser1" _AD_OPEN() msgbox(0,"","Removing " & $user & " from all AD groups" & @CRLF) $groupz = _AD_GetUserGroups($user) For $c = 1 to UBound($groupz) - 1 msgbox(0,"","Removing " & $user & " from the following group: " & $groupz[$c] & @CRLF) $groupz[$c] = stringreplace($groupz[$c],"/","\2f") $worked = _AD_RemoveUserFromGroup($groupz[$c], $user) If $worked = 1 then msgbox(0,"",$user & " has been removed from " & $groupz[$c] & @CRLF) else msgbox(0,"","ERROR removing " & $user & " from " & $groupz[$c] & " ############## ERROR:" & @Error & @CRLF) endif next _AD_CLOSE() This is actually working, so it may make a nice addition to the UDF ASCII character Escape sequence substitute * \2a ( \28 ) \29 \ \5c NUL \00 / \2f Edited December 4, 2013 by Kovacic C0d3 is P0etry( ͡° ͜ʖ ͡°)
water Posted December 4, 2013 Author Posted December 4, 2013 If I understand you correctly then function _AD_FixSpecialChars has been made for this: $groupz[$c] = _AD_FixSpecialChars($groupz[$c]) My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
water Posted December 4, 2013 Author Posted December 4, 2013 This is the site I've used for reference: http://www.rlmueller.net/CharactersEscaped.htm My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Kovacic Posted December 4, 2013 Posted December 4, 2013 After some testing, I replaced: $groupz[$c] = stringreplace($groupz[$c],"/","\2f") with: $groupz[$c] = _AD_FixSpecialChars($groupz[$c]) I got an @Error 1, it looks like _AD_RemoveUserFromGroup might require separate escape chars. C0d3 is P0etry( ͡° ͜ʖ ͡°)
water Posted December 4, 2013 Author Posted December 4, 2013 Looks like I need to do some more investigation ... Kovacic 1 My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Kovacic Posted December 4, 2013 Posted December 4, 2013 All in all im a huge fan! :] C0d3 is P0etry( ͡° ͜ʖ ͡°)
water Posted December 4, 2013 Author Posted December 4, 2013 All in all im a huge fan! :] Thanks Looks like function _AD_ObjectExists causes the error = 1. The passed group name is used in a LDAP search. This means the escape characters you provided are needed. My _AD_FixSpecialChars function only seems to work for FQDN. I will have to verify that. Kovacic 1 My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
water Posted December 4, 2013 Author Posted December 4, 2013 Got it! The link I provided confirms what we have seen: To escape special characters in Distinguished Names function _AD_FixSpecialChars works fine. To escape special characters in LDAP filters you need to specify the hex code as you did. I will extend function _AD_FixSpecialChars to handle LDAP filters. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Kovacic Posted December 4, 2013 Posted December 4, 2013 Good call! I didnt even realize that was the hex version.. On another note, using that, you can escape any special chrs in that method. I guess you would have to figure out any legal useable chrs in AD, then add the StringReplace method for it. Nice! C0d3 is P0etry( ͡° ͜ʖ ͡°)
Jemboy Posted December 14, 2013 Posted December 14, 2013 Hi I use the AD UDF in several scripts on Citrix servers to check for memberships en set some registry when starting an application. However sometimes my Terminal servers cannot find the domain controller, this I am fixing by a workaround (restart of DNS Client-service), but there are always some users who are just login in and getting an "autoit" error. After some debugging I found out that the line within my script: $sFQDN_User = _AD_SamAccountNameToFQDN() is generating an exeption: "The resquested action with this object has failed." I wrote some error handling and to catch and show the error: errnumer: -2147016646 windescription: The server is not operational. Local $oAD_RecordSet = $__oAD_Command.Execute If @error Or Not IsObj($oAD_RecordSet) Or $oAD_RecordSet.RecordCount = 0 Then Return SetError(1, @error, "") In the above line from UDF function _AD_SamAccountNameToFQDN, it seems that the UDF errorhandling is not kicking in. At the moment I am using a custom errorhandler to react on the error, but I rather want to check on @error within my script. Is this possible?
water Posted December 14, 2013 Author Posted December 14, 2013 Which version of the AD UDF and which version of AutoIt do you run? My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
water Posted December 14, 2013 Author Posted December 14, 2013 To check on @error you could run the latest beta version of AutoIt. When there is no custom COM error handler then AutoIt simply sets @error and continues processing. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Jemboy Posted December 14, 2013 Posted December 14, 2013 Which version of the AD UDF and which version of AutoIt do you run? To check on @error you could run the latest beta version of AutoIt. When there is no custom COM error handler then AutoIt simply sets @error and continues processing. The version of de UDF I am running is: v1.2.10 I probably should update ;-) and my AutoIt version is: v3.3.8.1. Should I use Autoit autoit-v3.3.9.24-beta-setup.exe instead?
water Posted December 14, 2013 Author Posted December 14, 2013 The UDF version 1.2.1.0 isn't too old. You can use a production version and a beta in parallel. Just press Alt+F5 (please check - I'm not sure and can't test at the moment) instead of F5 to run a script from SciTE. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Jemboy Posted December 14, 2013 Posted December 14, 2013 (edited) The UDF version 1.2.1.0 isn't too old. You can use a production version and a beta in parallel. Just press Alt+F5 (please check - I'm not sure and can't test at the moment) instead of F5 to run a script from SciTE. Just installed the AD udf v1.3.00 and the autoit beta. However I tried compiling my script (Alt-F7) and got a few errors for using Autoit beta. I added the constant: Global Const $__WINAPICONSTANT_FORMAT_MESSAGE_FROM_SYSTEM = 0x1000 to the AD udf. This constanst was removed from WinApi.au3 in AutoIt beta, but is used in the AD.au3. Also _arraycreate() is no more available with the AutoitBeta Array.au3. So in the AD.au3 function: Func _AD_SetUserPrimaryGroup($sAD_User, $sAD_Group) I replaced: $oAD_Group.GetInfoEx(_ArrayCreate("primaryGroupToken"), 0) by: Dim $TokenArray[0] $TokenArray[0]= "primaryGroupToken" $oAD_Group.GetInfoEx($TokenArray, 0) My script is compiling again. To reproduce the error, I have to change the DNS of the Citrix server to 8.8.8.8. so it won't find the domaincontroller. However I cannot do this righnow because there are some people working on it. So I'll test after working hours.... Edited December 14, 2013 by Jemboy
water Posted December 14, 2013 Author Posted December 14, 2013 Ah, I see. A version of the UDF ready for the beta versions of AutoIt is already in the making. As I'm leaving for vacation I won't be able to respond until next year. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Jemboy Posted December 15, 2013 Posted December 15, 2013 Ah, I see. A version of the UDF ready for the beta versions of AutoIt is already in the making. As I'm leaving for vacation I won't be able to respond until next year. Have I nice vacation, see you next year. I just tested the AD udf v1.3.0.0 with the Autoit Beta and the errors do not trigger an exception anymore. However _AD_Open() will not set @Error or return a 0 to indicate a failure. The function _AD_SamAccountNameToFQDN() though return an emppty string and sets @error to 1.
legend Posted December 16, 2013 Posted December 16, 2013 I'm using this, to change the password for a user, and it works, but I want it to enable the option "user must change password at next logon" I heart it would do the trick, by adding: ,1 but it still doesen't force the user to create a new password at next logon. Global $iValue = _AD_SetPassword($sUser, $sPassword,1) anyone know what might be the problem? this is the script I use: Case $change_pass $readit = GUICtrlRead($machinename) _AD_Open() $get_user = InputBox("skift password","Ændre brugerens password til: Abcd1234","Initialer") Global $sUser = _AD_SamAccountNameToFQDN($get_user) Global $sPassword = "Abcd1234" ; Set the password Global $iValue = _AD_SetPassword($sUser, $sPassword,1) If $iValue = 1 Then MsgBox(64, "password ændret", "passwordet er ændret til: Abcd1234") ElseIf @error = 1 Then MsgBox(64, "Fejl", "den indtastede bruger eksisterer ikke.") Continueloop Else MsgBox(64, "Fejl", "Du har ikke rettigheder til at ændre passwordet.") EndIf ; Close Connection to the Active Directory _AD_Close()
Recommended Posts