Active Directory UDF - Help & Support (III)

[water]

We have got plenty of time.

First step will be to check and extend the function. I'm not sure when I will find some spare time. I will let you know as soon as I have finished a new version

[Neutro]

Alright

[water]

Here is my first try. New features/fixed bugs:

• New parameter $sOU. Allows to specify the OU where the computer will be placed when using $iFlag = 3.
• New parameter $iFlag. Allows to set processing flags for JoinDomainOrWorkGroup. Can be combined by using BitOr. No checks are done, so be careful.
• Fixed bugs: The function uses credentials in this sequence: $sUserParam/$sPasswordParam, credentials used by _AD_Open, credentials of the currently running user (only makes sense when connected to a domain and joining another computer).
• New return value: After a successful join @extended is set to 0 (no reboot needed) or 1 (reboot neded).

expandcollapse popup

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_JoinDomain
; Description ...: Joins a computer to a domain.
; Syntax.........: _AD_JoinDomain([$sComputer = @ComputerName[, $sUserParam = "", $sPasswordParam = ""[, $sOU = ""[, $iFlag = 1]]]])
; Parameters ....: $sComputer      - Optional: Name of the computer to be joined to the domain (Default = @ComputerName)
;                  $sUserParam     - Optional: Domain user with admin rights to join the computer to the domain.
;                  +Supported are NetBIOSName (domain\user), user principal name (user@domain) or Windows login name (user).
;                  +(Default = credentials from _AD_Open or - if not used - of the user running the script)
;                  $sPasswordParam - Optional: Password for $sUserParam (Default = credentials from _AD_Open or - if not used - of the user running the script)
;                  $sOU            - Optiona: FQDN of the OU where the computer will be placed. (Default = Keyword Default = Computers container)
;                  $iFlag          - Optional: A set of bit flags that specify options for joining a domain. Some of the possible flags:
;                  +1  - Joins a computer to a domain. Computer account must already exist in the domain (Default)
;                  +2  - Creates an account on a domain
;                  +32 - Allows a join to a new domain even if the computer is already joined to a domain
; Return values .: Success - 1, sets @extended to the return value of the JoinDomainOrWorkgroup method:
;                  |0 - indicates successful completion. No reboot required.
;                  |1 - indicates successful completion with reboot required.
;                  Failure - 0, @error set
;                  |1 - $sComputer account does not exist in the domain
;                  |2 - $sUserParam does not exist in the domain
;                  |3 - WMI object could not be created. See @extended for error code. See remarks for further information
;                  |4 - The computer is already a member of the domain
;                  |5 - Joining the domain was not successful. @extended holds the Win32 error code (see: http://msdn.microsoft.com/en-us/library/ms681381(v=VS.85).aspx)
; Author ........: water
; Modified.......:
; Remarks .......: This function allows to join the computer the script is running on or any other computer to be joined to a domain.
;                  The domain the computer is joined to is the domain the user logged on to by using AD_Open.
;                  If no credentials are passed to this function but have been used with _AD_Open() then the _AD_Open credentials will be used.
;                  Using default credentials of the user running the script is only sensible when you are logged on to the domain and try to join another computer.
;                  You have to make sure to use a valid $iFlag. The function does not check it. Most used are 1 (join) and 3 (create computer account and join).
;                  You have to reboot the computer after a successful join to the domain.
;                  The JoinDomainOrWorkgroup method is available only on Windows XP computer and Windows Server 2003 or later.
; Related .......: _AD_CreateComputer
; Link ..........: http://technet.microsoft.com/en-us/library/ee692588.aspx, http://msdn.microsoft.com/en-us/library/aa392154(VS.85).aspx
; Example .......: Yes
; ===============================================================================================================================
Func _AD_JoinDomainEX($sComputer = @ComputerName, $sUserParam = "", $sPasswordParam = "", $sOU = Default, $iFlag = 1)

    If _AD_ObjectExists($sComputer & "$") = 0 Then Return SetError(1, 0, 0)
    If $sUserParam <> "" And _AD_ObjectExists($sUserParam) = 0 Then Return SetError(2, 0, 0)
    Local $iResult, $sTempUser, $aTempUser
    Local $sDomainName = StringReplace(StringReplace($sAD_DNSDomain, "DC=", ""), ",", ".")
    ; Create WMI object
    Local $oComputer = ObjGet("winmgmts:{impersonationLevel=Impersonate}!\\" & $sComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & $sComputer & "'")
    If @error Or Not IsObj($oComputer) Then Return SetError(3, @error, 0)
    If $oComputer.Domain = $sDomainName Then Return SetError(4, 0, 0)
    ; Join domain. JoinDomainOrWorkGroup requires NetBiosName: domain\user
    If $sUserParam <> "" Then
        $sTempUser = $sUserParam
        If StringInStr($sUserParam, "\") = 0 And StringInStr($sUserParam, "@") = 0 Then
            $sTempUser = $sDomainName & "\" & $sUserParam ; Windows login name has been passed. Create a NetBiosName out of it
        ElseIf StringInStr($sUserParam, "@") <> 0 Then ; User principal name has been passed. Create a NetBiosName out of it
            $aTempUser = StringSplit($sUserParam, "@")
            $sTempUser = $sDomainName & "\" & $aTempUser[2]
        EndIf
        $iResult = $oComputer.JoinDomainOrWorkGroup($sDomainName, $sPasswordParam, $sTempUser, $sOU, $iFlag)
    ElseIf $sAD_UserId <> "" Then
        $sTempUser = $sAD_UserId
        If StringInStr($sAD_UserId, "\") = 0 And StringInStr($sAD_UserId, "@") = 0 Then
            $sTempUser = $sDomainName & "\" & $sAD_UserId ; Windows login name has been passed. Create a NetBiosName out of it
        ElseIf StringInStr($sAD_UserId, "@") <> 0 Then ; User principal name has been passed. Create a NetBiosName out of it
            $aTempUser = StringSplit($sAD_UserId, "@")
            $sTempUser = $sDomainName & "\" & $aTempUser[2]
        EndIf
        $iResult = $oComputer.JoinDomainOrWorkGroup($sDomainName, $sAD_Password, $sTempUser, $sOU, $iFlag)
    Else
        $iResult = $oComputer.JoinDomainOrWorkGroup($sDomainName, Default, Default, $sOU, $iFlag)
    EndIf
    ; $iResult: 0 = Success, no reboot needed, 1 = Success, reboot needed. Everything else: Error
    If $iResult < 0 Or $iResult > 1 Then
        Return SetError(5, $iResult, 0)
    Else
        Return SetError(0, $iResult, 1)
    EndIf

EndFunc   ;==>_AD_JoinDomainEX

 

[Neutro]

Did some tests using a virtual Win7 pro and virtual Win2k8 R2 server:

 

#include <ad.au3>
_AD_Open("administrator", "password", "DC=TESTDOMAIN,DC=LOCAL", "DC1.TESTDOMAIN.LOCAL", "CN=Configuration,DC=TESTDOMAIN,LOCAL")
$test = _AD_JoinDomainEX(@ComputerName, "", "", "CN=Computers,DC=TESTDOMAIN,DC=LOCAL", 3)
sleep(10000)
msgbox("","result",$test)
msgbox("","@error", @error)
_AD_Close()

$test returns 0 (fail) and @error is at 0 too).
-----------------------------------

#include <ad.au3>
_AD_Open("administrator", "password", "DC=TESTDOMAIN,DC=LOCAL", "DC1.TESTDOMAIN.LOCAL", "CN=Configuration,DC=TESTDOMAIN,LOCAL")
$test = _AD_JoinDomainEX(@ComputerName, "administrator", "password", "CN=Computers,DC=TESTDOMAIN,DC=LOCAL", 3)
sleep(10000)
msgbox("","result",$test)
msgbox("","@error", @error)
_AD_Close()

Gives same results.

Manually joining the computer to TESTDOMAIN.LOCAL works.

Tell me if you want me to test something else, will keep my virtual environement up until tests are done

Edited October 6, 2015 by Neutro

[water]

@error will always return 0 because it is being reset by Sleep and the first MsgBox.
Could you please remove the sleep and display $test and @error in a single MsgBox?

[water]

Enhanced version. Should give better results

expandcollapse popup

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_JoinDomain
; Description ...: Joins a computer to a domain.
; Syntax.........: _AD_JoinDomain([$sComputer = @ComputerName[, $sUserParam = "", $sPasswordParam = ""[, $sOU = ""[, $iFlag = 1]]]])
; Parameters ....: $sComputer      - Optional: Name of the computer to be joined to the domain (Default = @ComputerName)
;                  $sUserParam     - Optional: Domain user with admin rights to join the computer to the domain.
;                  +Supported are NetBIOSName (domain\user), user principal name (user@domain) or Windows login name (user).
;                  +(Default = credentials from _AD_Open or - if not used - of the user running the script)
;                  $sPasswordParam - Optional: Password for $sUserParam (Default = credentials from _AD_Open or - if not used - of the user running the script)
;                  $sOU            - Optiona: FQDN of the OU where the computer will be placed. (Default = Keyword Default = Computers container)
;                  $iFlag          - Optional: A set of bit flags that specify options for joining a domain. Some of the possible flags:
;                  +1  - Joins a computer to a domain. Computer account must already exist in the domain (Default)
;                  +2  - Creates an account on a domain
;                  +32 - Allows a join to a new domain even if the computer is already joined to a domain
; Return values .: Success - 1, sets @extended to the return value of the JoinDomainOrWorkgroup method:
;                  |0 - indicates successful completion. No reboot required.
;                  |1 - indicates successful completion with reboot required.
;                  Failure - 0, @error set
;                  |1 - $sComputer account does not exist in the domain
;                  |2 - $sUserParam does not exist in the domain
;                  |3 - WMI object could not be created. See @extended for error code. See remarks for further information
;                  |4 - The computer is already a member of the domain
;                  |5 - Joining the domain was not successful. @extended holds the Win32 error code (see: http://msdn.microsoft.com/en-us/library/ms681381(v=VS.85).aspx)
; Author ........: water
; Modified.......:
; Remarks .......: This function allows to join the computer the script is running on or any other computer to be joined to a domain.
;                  The domain the computer is joined to is the domain the user logged on to by using AD_Open.
;                  If no credentials are passed to this function but have been used with _AD_Open() then the _AD_Open credentials will be used.
;                  Using default credentials of the user running the script is only sensible when you are logged on to the domain and try to join another computer.
;                  You have to make sure to use a valid $iFlag. The function does not check it. Most used are 1 (join) and 3 (create computer account and join).
;                  You have to reboot the computer after a successful join to the domain.
;                  The JoinDomainOrWorkgroup method is available only on Windows XP computer and Windows Server 2003 or later.
; Related .......: _AD_CreateComputer
; Link ..........: http://technet.microsoft.com/en-us/library/ee692588.aspx, http://msdn.microsoft.com/en-us/library/aa392154(VS.85).aspx
; Example .......: Yes
; ===============================================================================================================================
Func _AD_JoinDomainEX($sComputer = @ComputerName, $sUserParam = "", $sPasswordParam = "", $sOU = Default, $iFlag = 1)

    If _AD_ObjectExists($sComputer & "$") = 0 Then Return SetError(1, 0, 0)
    Local $iResult, $sTempUser, $aTempUser
    Local $aDomain = StringSplit($sAD_DNSDomain, ",")
    Local $sDomainName = StringReplace($aDomain[1], "DC=", "")
    ; Create WMI object
    Local $oComputer = ObjGet("winmgmts:{impersonationLevel=Impersonate}!\\" & $sComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & $sComputer & "'")
    If @error Or Not IsObj($oComputer) Then Return SetError(3, @error, 0)
    If $oComputer.Domain = $sDomainName Then Return SetError(4, 0, 0)
    ; Join domain. JoinDomainOrWorkGroup requires NetBiosName: domain\user
    If $sUserParam <> "" Then
        $sTempUser = $sUserParam
        If StringInStr($sUserParam, "\") = 0 And StringInStr($sUserParam, "@") = 0 Then ; Windows login name has been passed. Create a NetBiosName out of it
            If _AD_ObjectExists($sUserParam) = 0 Then Return SetError(2, 0, 0)
            $sTempUser = $sDomainName & "\" & $sUserParam
        ElseIf StringInStr($sUserParam, "@") <> 0 Then ; User principal name has been passed. Create a NetBiosName out of it
            $aTempUser = StringSplit($sUserParam, "@")
            If _AD_ObjectExists($aTempUser[1]) = 0 Then Return SetError(2, 0, 0)
            $sTempUser = $sDomainName & "\" & $aTempUser[1]
        Else ; NetBios name has been passed
            $aTempUser = StringSplit($sUserParam, "\")
            If _AD_ObjectExists($aTempUser[2]) = 0 Then Return SetError(2, 0, 0)
        EndIf
        $iResult = $oComputer.JoinDomainOrWorkGroup($sDomainName, $sPasswordParam, $sTempUser, $sOU, $iFlag)
    ElseIf $sAD_UserId <> "" Then
        $sTempUser = $sAD_UserId
        If StringInStr($sAD_UserId, "\") = 0 And StringInStr($sAD_UserId, "@") = 0 Then
            $sTempUser = $sDomainName & "\" & $sAD_UserId ; Windows login name has been passed. Create a NetBiosName out of it
        ElseIf StringInStr($sAD_UserId, "@") <> 0 Then ; User principal name has been passed. Create a NetBiosName out of it
            $aTempUser = StringSplit($sAD_UserId, "@")
            $sTempUser = $sDomainName & "\" & $aTempUser[1]
        EndIf
        $iResult = $oComputer.JoinDomainOrWorkGroup($sDomainName, $sAD_Password, $sTempUser, $sOU, $iFlag)
    Else
        $iResult = $oComputer.JoinDomainOrWorkGroup($sDomainName, Default, Default, $sOU, $iFlag)
    EndIf
    ; $iResult: 0 = Success, no reboot needed, 1 = Success, reboot needed. Everything else: Error
    If $iResult < 0 Or $iResult > 1 Then
        Return SetError(5, $iResult, 0)
    Else
        Return SetError(0, $iResult, 1)
    EndIf

EndFunc   ;==>_AD_JoinDomainEX

 

[Neutro]

K ran the tests again

I had multiples problems:

1°) I rolled back to a snapshot on my Win7 VM where the DNS Settings were incorrect, so I couldn't contact the testdomain... Doh

2°) this line in your function:

If _AD_ObjectExists($sComputer & "$") = 0 Then Return SetError(1, 0, 0)

 does not take into account that your new function can create the account if needed, so it would always set error to 1.

I changed it to:

If BitAND($iFLAG, 2) <> 2 AND _AD_ObjectExists($sComputer & "$") = 0 Then Return SetError(1, 0, 0)

3°) strangely when using default Distinguished OU name "CN=Computers,DC=TESTDOMAIN,DC=LOCAL", the joindomainorworkgroup" function would return code 2 (file not found), whereas using "default" parameter was working.

After fixing these problems:

$test = _AD_Open("administrator", "password", "DC=TESTDOMAIN,DC=LOCAL", "DC1.TESTDOMAIN.LOCAL", "CN=Configuration,DC=TESTDOMAIN,LOCAL")
$test = _AD_JoinDomainEX(@ComputerName, "administrator", "password", default, 3)

worked properly and

$test = _AD_Open("administrator", "password", "DC=TESTDOMAIN,DC=LOCAL", "DC1.TESTDOMAIN.LOCAL", "CN=Configuration,DC=TESTDOMAIN,LOCAL")
$test = _AD_JoinDomainEX(@ComputerName, "", "" , default, 3)

worked properly as well

I have 2 suggestions for your function:

1°) I think the function would be better if you move $iFlag to second parameter and set it to 3 by default as most people will use it to join a computer to a domain after it has been cloned using clonezilla or such

2°) adding an optional parameter to rename the computer as well would be handy to have and will only require to add a $ocomputer.rename line after the $ocomputer.joindomainorworkgroup one. Well i'm saying that because I didn't manage to rename the computer after that using functions in AD.au3 but maybe you can explain me how to do it if it is possible

 

[water]

2) Fixed. I included your code and modified the docu.

3) Did you try to join the computer to another OU than the default OU? Did it work?

Your suggestions:

1) Changing the order of parameters would be a script breaking change. So if possible I would like to keep the order (at least of the first 3 parameters).

2) I've added the rename parameter.

Here is the latest version:

expandcollapse popup

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_JoinDomain
; Description ...: Joins a computer to a domain.
; Syntax.........: _AD_JoinDomain([$sComputer = @ComputerName[, $sUserParam = "", $sPasswordParam = ""[, $sOU = ""[, $iFlag = 1]]]])
; Parameters ....: $sComputer      - Optional: Name of the computer to be joined to the domain (Default = @ComputerName)
;                  $sUserParam     - Optional: Domain user with admin rights to join the computer to the domain.
;                  +Supported are NetBIOSName (domain\user), user principal name (user@domain) or Windows login name (user).
;                  +(Default = credentials from _AD_Open or - if not used - of the user running the script)
;                  $sPasswordParam - Optional: Password for $sUserParam (Default = credentials from _AD_Open or - if not used - of the user running the script)
;                  $sOU            - Optiona: FQDN of the OU where the computer will be placed. (Default = Keyword Default = Computers container)
;                  $iFlag          - Optional: A set of bit flags that specify options for joining a domain. Some of the possible flags:
;                  +1  - Joins a computer to a domain. Computer account must already exist in the domain (Default)
;                  +2  - Creates an account on a domain
;                  +32 - Allows a join to a new domain even if the computer is already joined to a domain
;                  $sNewname       - Optional: Name to change the computer to after joining to the domain.
; Return values .: Success - 1, sets @extended to the return value of the JoinDomainOrWorkgroup method:
;                  |0 - indicates successful completion. No reboot required.
;                  |1 - indicates successful completion with reboot required.
;                  Failure - 0, @error set
;                  |1 - $sComputer account does not exist in the domain and $iFlag <> 2
;                  |2 - $sUserParam does not exist in the domain
;                  |3 - WMI object could not be created. See @extended for error code. See remarks for further information
;                  |4 - The computer is already a member of the domain
;                  |5 - Joining the domain was not successful. @extended holds the Win32 error code (see: http://msdn.microsoft.com/en-us/library/ms681381(v=VS.85).aspx)
;                  |6 - $sNewName account already exists. You can't rename $sComputer to $sNewName
;                  |7 - Computer could not be renamed. See @extended for the COM error code.
; Author ........: water
; Modified.......:
; Remarks .......: This function allows to join the computer the script is running on or any other computer to be joined to a domain.
;                  The domain the computer is joined to is the domain the user logged on to by using AD_Open.
;                  If no credentials are passed to this function but have been used with _AD_Open() then the _AD_Open credentials will be used.
;                  Using default credentials of the user running the script is only sensible when you are logged on to the domain and try to join another computer.
;                  You have to make sure to use a valid $iFlag. The function does not check it. Most used are 1 (join) and 3 (create computer account and join).
;                  You have to reboot the computer after a successful join to the domain.
;                  The JoinDomainOrWorkgroup method is available only on Windows XP computer and Windows Server 2003 or later.
; Related .......: _AD_CreateComputer
; Link ..........: http://technet.microsoft.com/en-us/library/ee692588.aspx, http://msdn.microsoft.com/en-us/library/aa392154(VS.85).aspx
; Example .......: Yes
; ===============================================================================================================================
Func _AD_JoinDomainEX($sComputer = @ComputerName, $sUserParam = "", $sPasswordParam = "", $sOU = Default, $iFlag = 1, $sNewName = "")

    If BitAND($iFlag, 2) <> 2 And _AD_ObjectExists($sComputer & "$") = 0 Then Return SetError(1, 0, 0)
    If $sNewName <> "" And _AD_ObjectExists($sNewName & "$") = 1 Then Return SetError(6, 0, 0)
    Local $iResult, $iResult2, $sJoinUser, $sJoinPassword, $aTempUser
    Local $aDomain = StringSplit($sAD_DNSDomain, ",")
    Local $sDomainName = StringReplace($aDomain[1], "DC=", "")
    ; Create WMI object
    Local $oComputer = ObjGet("winmgmts:{impersonationLevel=Impersonate}!\\" & $sComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & $sComputer & "'")
    If @error Or Not IsObj($oComputer) Then Return SetError(3, @error, 0)
    If $oComputer.Domain = $sDomainName Then Return SetError(4, 0, 0)
    ; Join domain. JoinDomainOrWorkGroup requires NetBiosName: domain\user
    If $sUserParam <> "" Then
        $sJoinPassword = $sPasswordParam
        $sJoinUser = $sUserParam
        If StringInStr($sUserParam, "\") = 0 And StringInStr($sUserParam, "@") = 0 Then ; Windows login name has been passed. Create a NetBiosName out of it
            If _AD_ObjectExists($sUserParam) = 0 Then Return SetError(2, 0, 0)
            $sJoinUser = $sDomainName & "\" & $sUserParam
        ElseIf StringInStr($sUserParam, "@") <> 0 Then ; User principal name has been passed. Create a NetBiosName out of it
            $aTempUser = StringSplit($sUserParam, "@")
            If _AD_ObjectExists($aTempUser[1]) = 0 Then Return SetError(2, 0, 0)
            $sJoinUser = $sDomainName & "\" & $aTempUser[1]
        Else ; NetBios name has been passed
            $aTempUser = StringSplit($sUserParam, "\")
            If _AD_ObjectExists($aTempUser[2]) = 0 Then Return SetError(2, 0, 0)
        EndIf
    ElseIf $sAD_UserId <> "" Then
        $sJoinPassword = $sAD_Password
        $sJoinUser = $sAD_UserId
        If StringInStr($sAD_UserId, "\") = 0 And StringInStr($sAD_UserId, "@") = 0 Then
            $sJoinUser = $sDomainName & "\" & $sAD_UserId ; Windows login name has been passed. Create a NetBiosName out of it
        ElseIf StringInStr($sAD_UserId, "@") <> 0 Then ; User principal name has been passed. Create a NetBiosName out of it
            $aTempUser = StringSplit($sAD_UserId, "@")
            $sJoinUser = $sDomainName & "\" & $aTempUser[1]
        EndIf
    Else
        $sJoinPassword = Default
        $sJoinUser = Default
    EndIf
    ; Join the computer to the domain
    $iResult = $oComputer.JoinDomainOrWorkGroup($sDomainName, $sJoinPassword, $sJoinUser, $sOU, $iFlag)
    ; $iResult: 0 = Success, no reboot needed, 1 = Success, reboot needed. Everything else: Error
    If $iResult < 0 Or $iResult > 1 Then
        Return SetError(5, $iResult, 0)
    Else
        ; Rename computer if parameter $sNewName has been set
        If $sNewName <> "" Then
            $iResult2 = $oComputer.Rename($sNewName, $sJoinPassword, $sJoinUser)
            If $iResult2 <> 0 Then Return SetError(7, $iResult2, 0)
        EndIf
        Return SetError(0, $iResult, 1)
    EndIf

EndFunc   ;==>_AD_JoinDomainEX

 

Edited October 9, 2015 by water

[Neutro]

3) Did you try to join the computer to another OU than the default OU? Did it work?

Yes it does work. Only trying to join the computer in the default OU without using "default" as parameter fails.

So I tried your new version of the function:

 

#include <AD.au3>
$test = _AD_Open("administrator", "password", "DC=TESTDOMAIN,DC=LOCAL", "DC1.TESTDOMAIN.LOCAL", "CN=Configuration,DC=TESTDOMAIN,LOCAL")
sleep(3000)
$test = _AD_JoinDomainEX(@ComputerName, "", "", default, 3, "THISISATEST")

Works properly
and

#include <AD.au3>
$test = _AD_Open("administrator", "password", "DC=TESTDOMAIN,DC=LOCAL", "DC1.TESTDOMAIN.LOCAL", "CN=Configuration,DC=TESTDOMAIN,LOCAL")
sleep(3000)
$test = _AD_JoinDomainEX(@ComputerName, "administrator", "password", "OU=toto,DC=TESTDOMAIN,DC=LOCAL", 3, "THISISATEST")

Works properly as well

I think the function is good to go now Well done

Maybe you could just add something in the syntax informations about the rename parameter like this:

Syntax.........: _AD_JoinDomain([$sComputer = @ComputerName[, $sUserParam = "", $sPasswordParam = ""[, $sOU = ""[, $iFlag = 1[, $sNewName = "" ]]]]])

Well i think I can remove the VMs now?

Edited October 10, 2015 by Neutro

[water]

Great

I will modify the function as suggested. 

As the join function was so buggy, maybe we should test the unjoin function as well? I will check the function and if I think it's okay could you please do some testing?

Will mention you as a contributor then  

[water]

I had a quick look at _AD_UnJoinDomain and noticed that it has the same problems with credentials as the join function had

[Neutro]

Ok no problem i'll keep the VMs until then

[water]

First try.
If it works could you please check that the computer account is disabled in AD?
Is the computer really added to the default or named workgroup?

expandcollapse popup

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_UnJoinDomain
; Description ...: Unjoins the computer from its current domain and disables the computer account.
; Syntax.........: _AD_UnJoinDomain([$sComputer = @ComputerName[, $sWorkgroup = ""[,$sUserParam, = "", $sPasswordParam = ""]]])
; Parameters ....: $sComputer  - Optional: Computername to unjoin from the domain (Default = @ComputerName)
;                  $sWorkgroup - Optional: Workgroup the unjoined computer is assigned to (Default = Workgroup named like the domain the computer was unjoined from)
;                  $sUserParam - Optional: Domain user with admin rights to unjoin the computer from the domain.
;                  +Supported are NetBIOSName (domain\user), user principal name (user@domain) or Windows login name (user).
;                  +(Default = credentials from _AD_Open or - if not used - of the user running the script)
;                  $sPasswordParam - Optional: Password for $sUserParam (Default = credentials from _AD_Open or - if not used - of the user running the script)
; Return values .: Success - 1
;                  Failure - 0, @error set
;                  |1 - $sComputer account does not exist in the domain
;                  |2 - $sUserParam does not exist in the domain
;                  |3 - WMI object could not be created. See @extended for the COM error code. See remarks for further information
;                  |4 - The computer is a member of another or no domain
;                  |5 - Unjoining the domain was not successful. See @extended for the COM error code. See remarks for further information
;                  |6 - Joining the Computer to the specified workgroup was not successful. See @extended for the COM error code
; Author ........: water
; Modified.......:
; Remarks .......: This function allows to unjoin the computer the script is running on or any other computer from a domain.
;                  The domain the computer is unjoined from is the domain the user logged on to by using AD_Open.
;                  If no credentials are passed to this function but have been used with _AD_Open() then the _AD_Open credentials will be used.
;                  If no workgroup is specified then the computer is assigned to a workgroup named like the domain the computer was unjoined from.
;                  You have to reboot the computer after a successful unjoin from the domain.
;                  The JoinDomainOrWorkgroup method is available only on Windows XP computer and Windows Server 2003 or later.
; Related .......:
; Link ..........: http://gallery.technet.microsoft.com/ScriptCenter/en-us/c2025ace-cb51-4136-9de9-db8871f79f62, http://technet.microsoft.com/en-us/library/ee692588.aspx, http://msdn.microsoft.com/en-us/library/aa393942(VS.85).aspx
; Example .......: Yes
; ===============================================================================================================================
Func _AD_UnJoinDomainEX($sComputer = @ComputerName, $sWorkgroup = "", $sUserParam = "", $sPasswordParam = "")

    Local $NETSETUP_ACCT_DELETE = 4 ; According to MS it should be 2 but only 4 works
    If _AD_ObjectExists($sComputer & "$") = 0 Then Return SetError(1, 0, 0)
    Local $iResult, $iResult2, $sUnJoinUser, $sUnJoinPassword, $aTempUser
    Local $sDomainName = StringReplace(StringReplace($sAD_DNSDomain, "DC=", ""), ",", ".")
    ; Create WMI object
    Local $oComputer = ObjGet("winmgmts:{impersonationLevel=Impersonate}!\\" & $sComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & $sComputer & "'")
    If @error Or Not IsObj($oComputer) Then Return SetError(3, @error, 0)
    If $oComputer.Domain <> $sDomainName Then Return SetError(4, 0, 0)
    ; Unjoin domain. We use NetBiosName: domain\user
    If $sUserParam <> "" Then
        $sUnJoinPassword = $sPasswordParam
        $sUnJoinUser = $sUserParam
        If StringInStr($sUserParam, "\") = 0 And StringInStr($sUserParam, "@") = 0 Then ; Windows login name has been passed. Create a NetBiosName out of it
            If _AD_ObjectExists($sUserParam) = 0 Then Return SetError(2, 0, 0)
            $sUnJoinUser = $sDomainName & "\" & $sUserParam
        ElseIf StringInStr($sUserParam, "@") <> 0 Then ; User principal name has been passed. Create a NetBiosName out of it
            $aTempUser = StringSplit($sUserParam, "@")
            If _AD_ObjectExists($aTempUser[1]) = 0 Then Return SetError(2, 0, 0)
            $sUnJoinUser = $sDomainName & "\" & $aTempUser[1]
        Else ; NetBios name has been passed
            $aTempUser = StringSplit($sUserParam, "\")
            If _AD_ObjectExists($aTempUser[2]) = 0 Then Return SetError(2, 0, 0)
        EndIf
    ElseIf $sAD_UserId <> "" Then
        $sUnJoinPassword = $sAD_Password
        $sUnJoinUser = $sAD_UserId
        If StringInStr($sAD_UserId, "\") = 0 And StringInStr($sAD_UserId, "@") = 0 Then
            $sUnJoinUser = $sDomainName & "\" & $sAD_UserId ; Windows login name has been passed. Create a NetBiosName out of it
        ElseIf StringInStr($sAD_UserId, "@") <> 0 Then ; User principal name has been passed. Create a NetBiosName out of it
            $aTempUser = StringSplit($sAD_UserId, "@")
            $sUnJoinUser = $sDomainName & "\" & $aTempUser[1]
        EndIf
    Else
        $sUnJoinPassword = Default
        $sUnJoinUser = Default
    EndIf
    ; UnJoin domain
    $iResult = $oComputer.UnjoinDomainOrWorkGroup($sUnJoinPassword, $sUnJoinUser, $NETSETUP_ACCT_DELETE)
    If $iResult <> 0 Then Return SetError(5, $iResult, 0)
    ; Move unjoined computer to another workgroup
    If $sWorkgroup <> "" Then
        $iResult = $oComputer.JoinDomainOrWorkGroup($sWorkgroup, Default, Default, Default, Default)
        If $iResult <> 0 Then Return SetError(6, $iResult, 0)
    EndIf
    Return 1

EndFunc   ;==>_AD_UnJoinDomain

 

[Neutro]

Well everything works at the first try, well done

 

#include <AD.au3>
$test = _AD_Open("administrator", "password", "DC=TESTDOMAIN,DC=LOCAL", "DC1.TESTDOMAIN.LOCAL", "CN=Configuration,DC=TESTDOMAIN,LOCAL")
sleep(3000)
_AD_UnJoinDomainEX()
_AD_Close()

=> works properly, sets the workgroup of the computer to TESTDOMAIN and disables the related computer account in the AD as well.

#include <AD.au3>
$test = _AD_Open("administrator", "password", "DC=TESTDOMAIN,DC=LOCAL", "DC1.TESTDOMAIN.LOCAL", "CN=Configuration,DC=TESTDOMAIN,LOCAL")
sleep(3000)
_AD_UnJoinDomainEX(@ComputerName, "HELLOWATER", "administrator", "password")
_AD_Close()

=> works properly as well, sets the workgroup of the computer to HELLOWATER and disabled the related computer account in the AD as well

PS: just be careful to also edit the function name in the description to

Name...........: _AD_UnJoinDomainEX

 

Edited October 11, 2015 by Neutro

[water]

Version 1.4.3.0 of the UDF has been released.

Fixed problems with _AD_JoinDomain and _AD_UnJoinDomain! Thanks to user Neutro!

Please test before using in production!

For download please see my signature.

[davzell13]

Is it possible to find an exchange server in active directory with this udf ?

 

thx

[water]

Don't know at the moment. Will test tomorrow.
What do you want to do then?

Edited November 6, 2015 by water

[davzell13]

I want to do a tool to help user has set up a pop3 account on her computer. 

But not if an exchange server is find on the lan. 

 

[water]

This should return a list of your Exchange servers:

#include <AD.au3>

; Open Connection to the Active Directory
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)
Global $aObjects = _AD_GetGroupMembers("CN=Exchange Install Domain Servers,CN=Microsoft Exchange System Objects,DC=company,DC=com")
If @error > 0 Then
    MsgBox(64, "Active Directory Functions - Example 1", "No objects found")
Else
    _ArrayDisplay($aObjects, "Exchange Servers")
EndIf

 

Edited November 7, 2015 by water

[davzell13]

Thanks for your reply. 

I don't find exchange with the script but i think it's because i try on an activ directory in french language. 

Or the credential. 

I retry monday when i could acces to a server in administrator.