Jump to content

Active Directory UDF - Help & Support (III)


water
 Share

Recommended Posts

You have to add a "$" at the end of the computername:

#include <AD.au3>
_AD_Open()
ConsoleWrite(@ComputerName & @CRLF)
ConsoleWrite("  " & @ComputerName & " : " & _AD_ObjectExists(@ComputerName) & @CRLF)
ConsoleWrite("  " & @ComputerName & "$: " & _AD_ObjectExists(@ComputerName & "$") & @CRLF)
_AD_Close()

 

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

  • 1 month later...

We have a few AD user accounts where the userWorkstations attribute has a list of machine names entered.
I can't manage to query this attribute with the AD UDF:

#include <AD.au3>

Main()

Func Main()
    Local $sUserWorkstations = ""

    _AD_Open()
    _AD_ErrorNotify(1)
    $sUserWorkstations = _AD_GetObjectAttribute("ExampleUsername", "userWorkstations")
    _AD_Close()
EndFunc

The console output is as follows:

COM Error Encountered in test.au3
AD UDF version = 1.6.1
@AutoItVersion = 3.3.14.5
@AutoItX64 = 1
@Compiled = 0
@OSArch = X64
@OSVersion = WIN_10
Scriptline = 2184
NumberHex = 0x80020009
Number = -2147352567
WinDescription = Ausnahmefehler aufgetreten.
Description = Die Verzeichniseigenschaft wurden nicht im Cache gefunden.
Source = Active Directory
HelpFile = 
HelpContext = 0
LastDllError = 0
========================================================

 

Edited by DonChunior
Added link to description of userWorkstations attribute.
Link to comment
Share on other sites

Seems the property has not been set for the specified user. 
What do you get when you run the AD_GetObjectProperies example script for this user?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Will have a look

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Are you sure the attribute is being replicated between DCs?  In our environment the isMemberOfPartialAttributeSet is set to null meaning it's not replicated.  To verify used the following:

Computer running script is connected to DC1

  • Added @ComputerName to userWorkstations attribute on DC2
    nb: Noticed that the data wasn't replicated to DC1
  • Running the script I received the same results as above
  • Added @ComputerName to userWorkstations attribute on DC1
  • Ran the script without error and it returned the @ComputerName correctly
Link to comment
Share on other sites

MS tells us that the userWorkstations attribute should not be used any longer: https://docs.microsoft.com/en-za/windows/win32/adschema/a-userworkstations

Recommended setting is described here: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/allow-log-on-locally

Might be the cause of your problem.

Good reading: http://woshub.com/restrict-workstation-logon-ad-users/

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Another idea is to try _AD_GetObjectAttribute.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

14 hours ago, Subz said:

Are you sure the attribute is being replicated between DCs?  In our environment the isMemberOfPartialAttributeSet is set to null meaning it's not replicated.

Thanks for the crucial hint, @Subz!
In fact, I have always queried the global catalog before.
Now that I have changed this to the local DC, I also see the userWorkstations property.
Learned something again. 👨‍🎓

Link to comment
Share on other sites

  • 1 month later...

Hi @water, I'm in the process of creating a tool to make account administration easier for my organisation using your fantastic AD UDF. I'm currently looking at the _AD_SetAccountExpire function and its not behaving as expected (using v1.6.1.0).

If I want to expire an account on 2022-12-12 for some reason it sets the AD account to expire 10th December 2022.

If I use 2022-10-10 it sets the account to expire on  09th October 2022...

Any ideas?

 

Kind Regards

PlayZoneUK

Words of Wisdom and Favourite Quotes:

'Nothing is impossible, despite what other people say and think, prove them wrong and show them what you can do!'

'Understanding is a three edged sword, your side, their side and the truth!'

'The truth that humanity has never been able to grasp, is that death may be the only absolute freedom there is!'

'I've run out of places to put the brush... what do you suggest?'

Link to comment
Share on other sites

Which tool do you use to get the date you have set by _AD_SetAccountExpire?
ADUC or the AD UDF?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Hi water, I tested using the _AD_SetAccountExpire.au3 included in the Examples directory of the UDF.

I was reviewing the Examples to see how they behave before integration in to the tool   

Words of Wisdom and Favourite Quotes:

'Nothing is impossible, despite what other people say and think, prove them wrong and show them what you can do!'

'Understanding is a three edged sword, your side, their side and the truth!'

'The truth that humanity has never been able to grasp, is that death may be the only absolute freedom there is!'

'I've run out of places to put the brush... what do you suggest?'

Link to comment
Share on other sites

In the last 3 paragraphs of this page you get an explanation why the expiration date seems to be wrong by two days:

Account Expiration (rlmueller.net)

I refer to this page in the help file for _AD_SetAccountExpire as well.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Doh!... thanks for the assist water, I'll just code the utility to add on an additional two days to the date... not great but at least it won't expire an account before the allotted time.

Thanks again

Edited by PlayZoneUK

Words of Wisdom and Favourite Quotes:

'Nothing is impossible, despite what other people say and think, prove them wrong and show them what you can do!'

'Understanding is a three edged sword, your side, their side and the truth!'

'The truth that humanity has never been able to grasp, is that death may be the only absolute freedom there is!'

'I've run out of places to put the brush... what do you suggest?'

Link to comment
Share on other sites

  • 3 months later...

how can i get JUST displayname or JUST sAMAccountName?

this works but i get both values - Value1 (Value2)

$aObjects = _AD_GetObjectsInOU("", "(proxyAddresses=smtp:" & $email & ")", 2, "displayname,sAMAccountName") 

this doesn't work

$aObjects = _AD_GetObjectsInOU("", "(proxyAddresses=smtp:" & $email & ")", 2, "displayname")

get the following error

Quote

Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$var = $aObjects[1][0]
$var = ^ ERROR

thanks in advance!

Edited by gcue
Link to comment
Share on other sites

nevermind just figured it out!  the error was being produced because of another line i had below - error wasnt triggering but the line below was triggering error itself.. 

If @error Then
   Return SetError(1)
EndIf

$arr = $aObjects[1][0]

having difficulty getting differentiating between users and shared mailboxes.  i am trying to get sAMAccountName if its a user and displayname if its a sharedmailbox.  going through long list of both users and shared mailboxes.  in ad they both show as user type objects

Edited by gcue
Link to comment
Share on other sites

was able to resolve... was no need to differentiate

$sam_account = Get_SamAccountName($email)
$common_name = Get_CommonName($sam_account)

Func Get_SamAccountName($email)

    $aObjects = _AD_GetObjectsInOU("", "(proxyAddresses=smtp:" & $email & ")", 2, "sAMAccountName")

    If @error Then
        Return SetError(1)
    EndIf

    $sam_account = $aObjects[1]

    Return $sam_account

EndFunc

Func Get_CommonName($sam_acct)

    $details_array = _AD_GetObjectProperties($sam_acct, "cn")

    If @error Then
        Return SetError(1)
    EndIf

    $cn = $details_array[1][1]

    Return $cn

EndFunc

 

Link to comment
Share on other sites

  • 4 weeks later...

Moved to new computer, installed AutoIT3 + AD.au3. Checker found below error: 

"C:\Program Files (x86)\AutoIt3\Include\AD.au3"(5,10) : error: can't open include file <WinAPIConv.au3>.

My "include" files: 

#include <File.au3>
#include <FileConstants.au3>
#include <GuiConstants.au3>
#include <MsgBoxConstants.au3>
#include <ProgressConstants.au3>
#include <Inet2.au3>
#include <Array.au3>
#include <String.au3>
#include <AD.au3>

This is AD.au3 that looks for WinAPIConv.au3. Where can I get WinAPIConv.au3? 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...