Active Directory UDF - Help & Support (II)

[lewisg]

I had the same problem until Water set me straight. Go back a page or two and see if posts 442 - 446 apply to your conditions.

Edited December 16, 2013 by lewisg

[legend]

Hi lewisg, I read the comments, but don't see what I did wrong, this is the whole script I use

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Queries the sAMACccountName and the password and tries to change the password.
; *****************************************************************************
#include <AD.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>


_AD_Open()

            Global $sUser = _AD_SamAccountNameToFQDN("username")
            Global $sPassword = "Abcd1234"


; Set the password
Global $iValue = _AD_SetPassword($sUser, $sPassword,1)
If $iValue = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "Password for user '" & $sUser & "' successfully changed")
ElseIf @error = 1 Then
    MsgBox(64, "Active Directory Functions - Example 1", "User '" & $sUser & "' does not exist")
Else
    MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory")
EndIf

; Close Connection to the Active Directory
_AD_Close()

[lewisg]

In our AD the default setting (GPO) is  'Password never expires' therefore my script to set "User must change password at next logon" like yours, didn't work. As Water (and Microsoft) explain, you can't have both. I worked around the policy by adding  "_AD_EnablePasswordExpire($sOU)" command just before the change password command.

Your script commands are just what I use.

I suggest you check the 'Password never expires' setting of the user(s) or trial test the  "_AD_EnablePasswordExpire($sOU)" command before using the set password command.

Edited December 18, 2013 by lewisg

[water]

Version 1.4.0.0 of the UDF has been released.
Supports AutoIt 3.3.10.x plus adds a few new functions.

Please test before using in production!

For download please see my signature.

[kor]

how?

*Also, why is a COM error being generated if your function queries a user for groups that isn't in any groups. You have an amazing AD.au3 however it seems kinda strange that a COM error is generated for a VERY common scenario.

Getting this same problem again.

$aGroups = _AD_GetUserGroups($sUsername) ; get array of current group memberships

crashes AutoIt with exit code -1073741819

because the user I'm trying to get a group membership of isn't in any groups.

[water]

Which version of AutoIt?

Which version of the UDF?

[kor]

Which version of AutoIt?

Which version of the UDF?

 

AutoIt Version 3.3.8.1

AD UDF Version 1.3.0.0

[water]

The script shouldn't crash.

Could you test with the latest AutoIt version 3.3.10.2? Maybe on a test machine?

[kor]

The script shouldn't crash.

Could you test with the latest AutoIt version 3.3.10.2? Maybe on a test machine?

FYI, per your previous suggestion on my issue I am disabling the COM handler prior to that line of code. 

_AD_ErrorNotify(0) ; disable COM error reporting
    $aGroups = _AD_GetUserGroups($sUsername) ; get array of current group memberships
    ;_ArrayDisplay($aGroups)
    _AD_ErrorNotify(1) ; enable COM error reporting

I can't test with newer version. I'd have to upgrade my existing box.

[water]

With the latest version of the AD UDF (1.4.0.0) you could try

_AD_ErrorNotify(4)

This handles COM errors but doesn't create any output.

[kor]

With the latest version of the AD UDF (1.4.0.0) you could try

_AD_ErrorNotify(4)

This handles COM errors but doesn't create any output.

can i update the UDF without updating AutoIt and take advantage of your suggestion?

[water]

Yes, you can

[HighlanderSword]

Hello,

Im trying out the AD UDF and am having issues connecting to the LDAP, when using the ad_open() , how would i translate the ldapsearch prompt details below to insert so it would connect to the LDAP

I have tried several differnt ways and have had no success.

 

ldapsearch -x -LLL -h rrrr-rrr.xxxxx.com -p 389 -D "UniqueID=xxxxxx,ou=service,ou=users,dc=xxxxxx,dc=com" -W -b "ou=xxxxxxxxxxxx,ou=rrrrrrrrr,ou=rrrrrrrrrrrrr,ou=rrrrrrrrrrrr,dc=rrrrrrrrrrrrr,dc=com" -w xxxxxxxxx -s sub "(uniquemember=*)" dxentrycount

Edited January 21, 2014 by HighlanderSword

[water]

Can you post the code you have tried so far?

[HighlanderSword]

Listed below are a few of the variatioons I've tried

_AD_Open("UniqueID=xxxxxx,ou=service,ou=users,dc=xxxxxx,dc=com","xxxxxxxxx","rrrr-rrr.xxxxx.com","ou=xxxxxxxxxxxx,ou=rrrrrrrrr,ou=rrrrrrrrrrrrr,ou=rrrrrrrrrrrr,dc=rrrrrrrrrrrrr,dc=com","organizationalUnit")
_AD_Open("UniqueID=xxxxxx,ou=service,ou=users,dc=xxxxxx,dc=com","xxxxxxxxx","rrrr-rrr.xxxxx.com","ou=xxxxxxxxxxxx,ou=rrrrrrrrr,ou=rrrrrrrrrrrrr,ou=rrrrrrrrrrrr,dc=rrrrrrrrrrrrr,dc=com","ou=xxxxxxxxxxxx,ou=rrrrrrrrr,ou=rrrrrrrrrrrrr,ou=rrrrrrrrrrrr,dc=rrrrrrrrrrrrr,dc=com")
_AD_Open("UniqueID=xxxxxx,ou=service,ou=users,dc=xxxxxx,dc=com","xxxxxxxxx","rrrr-rrr.xxxxx.com","ou=xxxxxxxxxxxx,ou=rrrrrrrrr","organizationalUnit")

[water]

Did you check the help file for function _AD_Open?

[HighlanderSword]

Yes I did but am not able to figure out what I'm doing wrong.

[water]

You have to do it in two steps:

First open a connection to AD. Please check the wiki or the help file for _AD_Open.

Select the data using function _AD_GetObjectsInOU. Please check the wiki or the help file for this function.

Another good source are the example scripts I provide for every function.

[HighlanderSword]

Hello,

After another pass at the WIKI, Ive come up with the below connection string but this fails as well , I'm using the same details that I used in the LDAPSEARCH.exe tool.

Can  you plase help me understand what I missing here on the connection ?

I got the error code of 4 and and extended error of 2147016663

_AD_Open("UniqueID=loginid,ou=service,ou=users,dc=xxxxxxxxxxxxx,dc=com","logonpswd","dc=xxxxxxxxxxxxx,dc=com","servername.com:389","CN=Configuration,DC=xxxxxxxxxxxxx,DC=com")

I turned on error trapping ( _AD_ErrorNotify(2)) and this indicates Inappropiate authentication, Im using the exact same credentials I use in the LDAPSearch tool

 

Thanks

Paul

Edited January 22, 2014 by HighlanderSword

[water]

Please run the _AD_Open.au3 example script. If you are already connected to AD you will see all 5 parameters needed for _AD_Open (except the password).

You need to select the form of the userid (Windows login name, NetBIOS name or UPN). Adding port 389 isn't necessary.