Jump to content

Active Directory UDF - Help & Support (III)


water
 Share

Recommended Posts

:)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Here's a thought, is there a way to get this script to connect to the remote machine with one account, then join with a different one?

As in perhaps connect to and run with a local administrator account, but then join with a domain account.

Link to comment
Share on other sites

The function uses the credentials of the currently logged on user to call WMI. You could try "#RequireAdmin" to run the script as local admin.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

  • 5 weeks later...

When trying to get "ms-Mcs-AdmPwd" i keep getting "Has the unknown ADsType: 4". how can i fix this?

in the previous version of the UDF I didn't have this problem.

$AD_comp_LAPS = _AD_GetObjectProperties ($CompName & "$", "ms-Mcs-AdmPwd")
If $AD_comp_LAPS[0][0] > 0 Then
    If $AD_comp_LAPS[1][1] = Null Or $AD_comp_LAPS[1][1] = "" Then
        GUICtrlSetData($PC_LAPS_Password, "")
    Else
        GUICtrlSetData($PC_LAPS_Password, $AD_comp_LAPS[1][1]) ; this shows unknown ADsType now
    EndIf
Else
    GUICtrlSetData($PC_LAPS_Password, "")
EndIf

 

Edited by colombeen
Link to comment
Share on other sites

So you are running the latest 1.4.5.0 version of the AD UDF?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Can't test at the moment but you could modify the following lines in function _AD_GetObjectProperties

Case $ADSTYPE_CASE_IGNORE_STRING
    $aObjectProperties[$iPropertyRecord][1] = $vPropertyValue.CaseIgnoreString

to

Case $ADSTYPE_CASE_IGNORE_STRING, $ADSTYPE_PRINTABLE_STRING
    $aObjectProperties[$iPropertyRecord][1] = $vPropertyValue.CaseIgnoreString

or (if the above doesn't work) to

Case $ADSTYPE_CASE_IGNORE_STRING, $ADSTYPE_PRINTABLE_STRING
    $aObjectProperties[$iPropertyRecord][1] = $vPropertyValue

and try if you get the desired values.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Hi water, with this mod it keeps returning an empty value (and i'm sure it's not empty)

 

EDIT:

This however does work :

Switch $oProperty.ADsType
    Case $ADSTYPE_CASE_IGNORE_STRING
        $aObjectProperties[$iPropertyRecord][1] = $vPropertyValue.CaseIgnoreString
    Case $ADSTYPE_PRINTABLE_STRING
        $aObjectProperties[$iPropertyRecord][1] = $vPropertyValue.PrintableString

 

Edited by colombeen
Link to comment
Share on other sites

Thanks for testing the code.
I will modify the function accordingly and hope to release a new version of the UDF quite soon.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Version 1.4.6.0 of the UDF has been released.

Bugfix in function _AD_GetObjectProperties.

Please test before using in production!
For download please see my signature.

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I released a new version of the UDF that should correctly handle all string properties!

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Hello water,

 

first off: Thank you so much for this developing this UDF. It is really amazing!! :) 

I don't know if this question has been answered before, since I wasn't able to find it:

We have a domain example.com and a subdomain office.example.com.

Our useraccounts are stored in example.com while our securitygroups are stored in office.example.com.

When I try to add a user to a group via _AD_AddUserToGroup...

  1. while being on the DC of example.com I get the error -> 1 - $sGroup does not exist
  2. while being on the DC of office.example.com I get -> 2 - $sUser (user or computer) does not exist

Is there a way to reach to the other domain? I use the FQDN, but aparrently this isn't enough.

(My account has the rights to work in both domains and I can add users to groups via MMC. Though while being in office.example.com I have to add the user by typing example\username.)

 

Kind regards

ino

Link to comment
Share on other sites

Unfortunately the UDF does not support cross domain processing.
As I only have a single domain here I can not even test what would be needed to make the UDF cross domain aware :( 

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Maybe setting ADO command object property "Chase referrals" to 1 using function _AD_SetADOProperties would do the trick?
https://technet.microsoft.com/en-us/library/cc978014.aspx

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

On 19.8.2016 at 6:08 PM, water said:

Maybe setting ADO command object property "Chase referrals" to 1 using function _AD_SetADOProperties would do the trick?
https://technet.microsoft.com/en-us/library/cc978014.aspx

This didn't work. Too bad : ( 

But I found a way to realize it anyway by using powershell : )

#include <File.au3>

$script="C:\tmp\temp.ps1"

_FileCreate($script)
$hwd=FileOpen ($script, 66)
FileWriteLine ($script, 'Import-Module ActiveDirectory')
FileWriteLine ($script, '$mycreds = GET-CREDENTIAL –credential "office\admin"')
FileWriteLine ($script, '$user = Get-ADUser "*distinguishedName*" –Server "example.com"')
FileWriteLine ($script, '$group = Get-ADGroup "*distinguishedName*" –Server "office.example.com";')
FileWriteLine ($script, 'Add-ADGroupMember $group -Credential $mycreds –Member $user –Server "office.example.com"')
FileClose($hwd)

Run(@ComSpec & " /c PowerShell.exe " & "-NoProfile -ExecutionPolicy Bypass -File "&$script)

 

Edited by inopia
fixed a mistake
Link to comment
Share on other sites

On 8/19/2016 at 10:59 AM, water said:

Unfortunately the UDF does not support cross domain processing.
As I only have a single domain here I can not even test what would be needed to make the UDF cross domain aware :( 

I modified some of your functions to add a user from another trusted domain:

Func _AD_ExObjectExists($sObject = @UserName, $sProperty = "", $sHostServer = $sAD_HostServer, $sDNS = $sAD_DNSDomain)

    If $sProperty = "" Then
        $sProperty = "samAccountName"
        If StringMid($sObject, 3, 1) = "=" Then $sProperty = "distinguishedName"
    EndIf
    $__oAD_Command.CommandText = "<LDAP://" & $sHostServer & "/" & $sDNS & ">;(" & $sProperty & "=" & $sObject & ");ADsPath;subtree"
    Local $oRecordSet = $__oAD_Command.Execute ; Retrieve the ADsPath for the object, if it exists
    If IsObj($oRecordSet) Then
        If $oRecordSet.RecordCount = 1 Then
            Return 1
        ElseIf $oRecordSet.RecordCount > 1 Then
            Return SetError($oRecordSet.RecordCount, 0, 0)
        Else
            Return SetError(1, 0, 0)
        EndIf
    Else
        Return SetError(1, 0, 0)
    EndIf

EndFunc   ;==>_AD_ExObjectExists

The code above is needed to check if Object Exists in the other domain

The code below allows me to work with SIDs. If the Object does exist it would show up in the ForeignSecurityPrincipals OU

Func _AD_AddExUserToGroup($sGroup, $sUser, $sProperty = "", $sHostServer = $sAD_HostServer, $sDNS = $sAD_DNSDomain)

    If Not _AD_ObjectExists($sGroup) Then Return SetError(1, 0, 0)
    If Not _AD_ExObjectExists($sUser, $sProperty, $sHostServer, $sDNS) Then Return SetError(2, 0, 0)
    If _AD_IsMemberOf($sGroup, "CN=" & $sUser & ",CN=ForeignSecurityPrincipals," & $sAD_DNSDomain) Then Return SetError(3, 0, 0)
    If StringMid($sGroup, 3, 1) <> "=" Then $sGroup = _AD_SamAccountNameToFQDN($sGroup) ; sAMACccountName provided
    If (StringMid($sUser, 3, 1) <> "=" And StringMid($sUser, 3, 1) <> "1") Then $sUser = _AD_SamAccountNameToFQDN($sUser) ; sAMACccountName provided
    If StringMid($sUser, 3, 1) = "1" Then $sUser = "<SID=" & $sUser & ">" ; SID provided
    Local $oUser = __AD_ObjGet("LDAP://" & $sHostServer & "/" & $sUser) ; Retrieve the COM Object for the user
    Local $oGroup = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sGroup) ; Retrieve the COM Object for the group
    $oGroup.Add($oUser.AdsPath)
    If @error Then Return SetError(@error, 0, 0)
    $oGroup.SetInfo
    If @error Then Return SetError(@error, 0, 0)
    Return 1

EndFunc   ;==>_AD_AddExUserToGroup

What's needed is the SID from the AD User in the other domain (Assuming your domains are trusted between each other & the group is Domain Local).

($sProperty = "objectSid" if using a SID)

I still need to modify the Removing of users from groups.

Edited by Surf243
Modified Functions
Link to comment
Share on other sites

Would it be helpful to make the following changes to the AD UDF?

  • With a flag function _AD_Open opens a connection to the specified domain controller AND the global catalogue
  • Some/all functions that just query AD would use the global catalog
  • All write functions would use the specified DC

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

I'm having issues getting calltips to work?  I've imported AD.au3 to the Include directory.  Run the SciteConfig tool and added all the calltips.  Yet it still won't give call tips and in fact acts like it doesn't see the addition of AD.au3 when I'm typing my #include.  

 

Thoughts?

 

Link to comment
Share on other sites

On 30.8.2016 at 3:34 PM, Surf243 said:

Yes, that would be very helpful. I think others would appreciate that as well.

Thanks for all the work you do!

I think I will implement this feature in a new function: _AD_OpenGC (Open connection to global catalog).
You would call _AD_Open as before. If you want to run (all) query functions against the global catalog then call _AD_OpenGC in addition.
What do you think?

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

On 9/5/2016 at 2:25 AM, water said:

I think I will implement this feature in a new function: _AD_OpenGC (Open connection to global catalog).
You would call _AD_Open as before. If you want to run (all) query functions against the global catalog then call _AD_OpenGC in addition.
What do you think?

Seems like a good idea. 

So here's my understanding of the process:

_AD_Open < -- First

_AD_OpenGC <-- Second

~~ Some AD Query ~~

_AD_CloseGC

_AD_Close

Is this correct?

Edited by Surf243
Typo
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...