Active Directory UDF (II)

[water]

Thanks for this information.
Will check my code. Maybe I introduced a new bug when fixing the latest _AD_GetAllOUs bug.

[water]

The only difference I found between version 1.5.2.1 and 1.4.14.0 regarding function _AD_GetAllOUs is the new sorting function

[water]

I think I found the bug. You get the backslash when the FQDN consists of more than 9 OUs.
Here is the fixed code. Can you please test and if it works I will release a new version of the UDF.
The two lines I had to change are marked with "<== FIXED".

expandcollapse popup

Func _AD_GetAllOUs($sRoot = "", $sSeparator = "\", $iSelect = 0, $iSearchScope = 2)
    If $sRoot = Default Then $sRoot = ""
    If $sSeparator = Default Then $sSeparator = "\"
    If $iSelect = Default Then $iSelect = 0
    If $iSearchScope = Default Then $iSearchScope = 2
    If $sRoot = "" Then
        $sRoot = $sAD_DNSDomain
    Else
        If _AD_ObjectExists($sRoot, "distinguishedName") = 0 Then Return SetError(2, 0, "")
    EndIf
    If Not IsInt($iSelect) Or $iSelect < 0 Or $iSelect > 2 Then Return SetError(3, 0, "")
    If $sSeparator <= " " Or StringLen($sSeparator) > 1 Then $sSeparator = "\"
    $__oAD_Command.Properties("Searchscope") = $iSearchScope
    $__oAD_Command.CommandText = "<LDAP://" & $sAD_HostServer & "/" & $sRoot & ">;"
    Switch $iSelect
        Case 0
            $__oAD_Command.CommandText = $__oAD_Command.CommandText & "(objectCategory=organizationalUnit);distinguishedName"
        Case 1
            $__oAD_Command.CommandText = $__oAD_Command.CommandText & "(objectCategory=container);distinguishedName"
        Case 2
            $__oAD_Command.CommandText = $__oAD_Command.CommandText & "(|(objectCategory=organizationalUnit)(objectCategory=container));distinguishedName"
    EndSwitch
    Local $oRecordSet = $__oAD_Command.Execute
    Local $iCount1 = $oRecordSet.RecordCount
    If $iCount1 = 0 Then Return SetError(1, 0, "")
    Local $aOUs[$iCount1 + 1][2]
    Local $iCount2 = 1, $aTempOU
    $oRecordSet.MoveFirst
    Do
        $aOUs[$iCount2][1] = $oRecordSet.Fields("distinguishedName").Value
        $aOUs[$iCount2][0] = "," & StringTrimRight($aOUs[$iCount2][1], StringLen($sAD_DNSDomain) + 1)
;       $aTempOU = StringSplit($aOUs[$iCount2][0], "," & StringLeft($aOUs[$iCount2][1], 3), 1) ; Split at ",OU=" or ",CN="
        $aTempOU = StringSplit($aOUs[$iCount2][0], "," & StringLeft($aOUs[$iCount2][1], 3), BitOr($STR_ENTIRESPLIT, $STR_NOCOUNT)) ; Split at ",OU=" or ",CN=" without count <== FIXED
        _ArrayReverse($aTempOU)
;       $aOUs[$iCount2][0] = StringTrimRight(_ArrayToString($aTempOU, $sSeparator), 3)
        $aOUs[$iCount2][0] = _ArrayToString($aTempOU, $sSeparator, 0, UBound($aTempOU, 1) - 2) ; Do not use the last element in the array as this is always "" caused by StringSplit when creating $aTempOU <== FIXED
        $iCount2 += 1
        $oRecordSet.MoveNext
    Until $oRecordSet.EOF
    ; _ArraySort($aOUs) ; old sorting method
    __AD_ArraySortExtended($aOUs, 1)
    $aOUs[0][0] = UBound($aOUs, 1) - 1
    $aOUs[0][1] = 2
    Return $aOUs
EndFunc   ;==>_AD_GetAllOUs

 

[fuse59650]

Hello,

It works ! I have no backslash anymore, thank you ! 👍

I have always :

- extra-space in column 1

-_ArraySearch ($array_ou, $stringToSearch, Default, Default, Default, Default, Default, 0))  => fail

If I comment

_ArraySort($aOUs) ; old sorting method
;~  __AD_ArraySortExtended($aOUs, 1)

No more extra-space and _ArraySearch work correctly

Bug in the function  __AD_ArraySortExtended or It's the normal operation ? 🤔

[water]

This modified code should fix this problems:

expandcollapse popup

; #INTERNAL_USE_ONLY#============================================================================================================
; Name...........: __AD_ArraySortExtended
; Description ...: Extends the cells of a 1D or 2D array to the same length so sorting works on e.g. OUs and sub-OUs.
; Syntax.........: __AD_ArraySortExtended(ByRef $aArray[, $iStartRow = 0[, $iColumn = 0[, $sUserSeparator = "\"[, $sSortSeparator = "|"[, $sPaddingCharacter = " "[, $iPaddingLength = 50]]]]]])
; Parameters ....: $aArray            - 1D or 2D array to be extended and sorted on the column specified by $iColumn
;                  $iStartRow         - [optional] - Starting row to be sorted. Has to be 0 or 1 (default = 0)
;                  $iColumn           - [optional] - Column to be sorted (default = 0)
;                  $sUserSeparator    - [optional] - Separator set by the user in the column to be sorted (default = "\")
;                  $sSortSeparator    - [optional] - Separator to be used internally to replace $sUsedSeprator for the sort process (default = "|")
;                  $sPaddingCharacter - [optional] - Padding character to be used to extend all elements of a cell to the length specified by $iPaddingLength (default = 50)
;                  $iPaddingLength    - [optional] - Number of characters all elements of a cell will be extended to (default = 50)
; Return values .:
; Author ........: water
; Modified.......:
; Remarks .......: If you want to sort an array on a column then all values and subvalues need to be extended to the same length to get a correctly sorted result.
;                  Example:
;                  +
;                  Unsorted array:                                                             Extended Unsorted Array
;                  Element 1\Sub-Element 1-1\I think this Sub-Element 1.2 is a bit longer  =>  Element 1                            \Sub-Element 1-1                      \This Sub-Element 1.2 is longer
;                  Longer Element 2\Sub-Element 2.1 with different length                  =>  Longer Element 2                     \Sub-Element 2.1 with different length
;                  +
;                  The function works like this:
;                  * Replace $sUserSeparator with $sSortSeparator
;                  * Split each cell on $sSortSeparator
;                  * Extend each subvalue to the length specified by $iPaddingLength and using $sPaddingCharacter to padd each subvalue
;                  * Concatenate all subvalues using $sSortSeparator
;                  * Sort the extended array
;                  * Replace $sSortSeparator with $sUserSeparator
;                  * Strip off $sPaddingCharacter from the sorted values
; Related .......:
; Link ..........:
; Example .......:
; ===============================================================================================================================
Func __AD_ArraySortExtendedEX(ByRef $aArray, $iStartRow = Default, $iColumn = Default, $sUserSeparator = Default, $sSortSeparator = Default, $sPaddingCharacter = Default, $iPaddingLength = Default)
    If $iStartRow = Default Then $iStartRow = 0
    If $iColumn = Default Then $iColumn = 0
    If $sUserSeparator = Default Then $sUserSeparator = "\"
    If $sSortSeparator = Default Then $sSortSeparator = "|"
    If $sPaddingCharacter = Default Then $sPaddingCharacter = " "
    If $iPaddingLength = Default Then $iPaddingLength = 50
    Local $aTemp, $sTemp, $sPadString = StringFormat("%" & $iPaddingLength & "s", $sPaddingCharacter)
    ; Pad the substrings of the cells of the specified column to the specified length
    If UBound($aArray, 0) = 1 Then ; 1D array
        ; Insert code for a 1D array here
    Else
        For $i = $iStartRow To UBound($aArray, 1) - 1
            $aArray[$i][$iColumn] = StringReplace($aArray[$i][$iColumn], $sUserSeparator, $sSortSeparator)
            $aTemp = StringSplit($aArray[$i][$iColumn], $sSortSeparator, $STR_NOCOUNT)
            If @error = 0 Then
                For $j = 0 To UBound($aTemp, 1) - 1
                    $sTemp = StringLeft($aTemp[$j] & $sPadString, $iPaddingLength - 1)
                    $aArray[$i][$iColumn] = ($j = 0) ? ($sTemp & $sSortSeparator) : ($aArray[$i][$iColumn] & $sTemp & $sSortSeparator)
                Next
            EndIf
        Next
    EndIf
    ; Sort the array on the padded column
    _ArraySort($aArray, 0, $iStartRow, 0, $iColumn)
    ; Remove the padding characters
    If UBound($aArray, 0) = 1 Then ; 1D array
        ; Insert code for a 1D array here
    Else
        For $i = $iStartRow To UBound($aArray, 1) - 1
            $aArray[$i][$iColumn] = StringReplace($aArray[$i][$iColumn], $sPaddingCharacter & $sSortSeparator, $sUserSeparator)
            While 1
                $aArray[$i][$iColumn] = StringReplace($aArray[$i][$iColumn], $sPaddingCharacter & $sUserSeparator, $sUserSeparator)
                If @extended = 0 Then ExitLoop
            WEnd
            If StringRight($aArray[$i][$iColumn], 1) = $sUserSeparator Then $aArray[$i][$iColumn] = StringTrimRight($aArray[$i][$iColumn], 1) ; Remove rightmost separator character
        Next
    EndIf
EndFunc   ;==>__AD_ArraySortExtended

 

[fuse59650]

Indeed it's work for me ! Great work ! 👍

Thanks a lot !

[water]

Thanks for your fast reply.
Will release a new version of the UDF quite soon.

[legend]

How can I get the location of a user? Where the user object is stored in active directory

Edited March 8, 2021 by legend

[water]

Can you please provide an example of what you expect to be the location (please replace sensitive information with xxx).
Do you mean the OU where the user object is stored or the users (office) location (Town, state ...)?

[legend]

4 minutes ago, water said:

Can you please provide an example of what you expect to be the location (please replace sensitive information with xxx).
Do you mean the OU where the user object is stored or the users (office) location (Town, state ...)?

Is it possible to get the text from adopted name of object?

 

[water]

I'm sorry, but i still don't get what you are after.
Can you please mark the information you would like to retrieve?

[legend]

7 minutes ago, water said:

I'm sorry, but i still don't get what you are after.
Can you please mark the information you would like to retrieve?

I'm trying to get the full path of where the user is stored in active directory, like: domain.local/HR/Workers.

The information is found in the field on the picture, when you click on the object tab, where i made a long black line to hide the text

Edited March 8, 2021 by legend

[water]

Run the _AD_GetObjectProperties.au3 example script. The first output displays the names and values for all properties of the current user.
There you should find what you are looking for.
I'm an ordinary user on our IT systems and hence can't use the tools you run

[Deathgod_Anubis]

Hi water,

thank you very much for your work with the UDF(s), I'm using the AD-UDF on a nearly daily basis and it helps so much!

I have a feature request, which I would like to give in 😅

Since domain function level 2016 it is possible to temporarily add users to groups using powershell and a time to live parameter (Add-ADGroupMember -MemberTimeToLive).
Is it possible to implement this feature to the _AD_AddUserToGroup.au3 ?

That would be great!
Thanks in advance for your answer!

Best regards,
Anubis

[water]

Hi Anubis,

will have a look how to implement this with AutoIt.
What I have found so far:

• You have to create a group as dynamic object
• You have to set TTL (time to live) for this group
• you then add users to this group

All members of this dynamic group will be deleted when TTL expires.

Do you have a test AD environment where we can play with this update?

[blumi]

I want to use _AD_IsMemberOf to check if a group exists in an OU in the active directory. 

For example, the OU is "Admins" and in this OU are many groups with different names. 

 

I tried 

$gruppe             = "Admins"
$systemname         = "Lapgruppex1"


; Verbindung mit Domänencontroller herstellen
$connect = _AD_Open("", "", "", "ldap.abcde.xxx.yy:3268", "")

If ($connect = 1) Then
    MsgBox(64, $ScriptName, "Verbindung hergestellt: " & $connect & " error: " & @error)
Else
    MsgBox(64, $ScriptName, "Verbindung NICHT hergestllt: " & $connect & " error: " & @error)
EndIf



If (_AD_IsMemberOf($gruppe, $systemname)) Then
    MsgBox(64, $ScriptName, "Computer " & $systemname & " ist in der Gruppe " & $gruppe & " error: " & @error )
Else
    MsgBox(16, $ScriptName, "Computer " & $systemname & " ist NICHT in der Gruppe " & $gruppe & " error: " & @error)
EndIf


_AD_Close()

Exit

But it does not work. 

Who can help me please, thanks. 

Edited March 18, 2021 by blumi

[water]

@Deathgod_Anubis

Seems this should be possible with a small modification of the current AD UDF:

To set the TTL (time to live) for a user you need to

• add the "dynamicObject" class to the user object
• set property "entryTTL" to the number of seconds the user should exist

As a static object can not be changed to a dynamic object the dynamicObject class has to be set at creation time.
So we need a modified version of _AD_CreateUser:

expandcollapse popup

; #FUNCTION# ====================================================================================================================
; Name...........: _AD_CreateUser
; Description ...: Creates and activates a user in the specified OU.
; Syntax.........: _AD_CreateUser($sOU, $sUser, $sCN[, $bDynamic = False])
; Parameters ....: $sOU - OU to create the user in. Form is "OU=sampleou,OU=sampleparent,DC=sampledomain1,DC=sampledomain2"
;                  $sUser - Username, form is SamAccountName without leading 'CN='
;                  $sCN - Common Name (without CN=) or RDN (Relative Distinguished Name) like "Lastname Firstname"
;                  $bDynamic - Sets the dynamicObject class.
;                    You can then set dynamic properties like entryTTL to delete the user after expiration (default = False)
; Return values .: Success - 1
;                  Failure - 0, sets @error to:
;                  |1 - $sUser already exists
;                  |2 - $sOU does not exist
;                  |3 - $sCN is missing
;                  |4 - $sUser is missing
;                  |5 - $sUser could not be created. @extended is set to the error returned by LDAP
;                  |6 - Could not add the dynamicObject class to the user. @extended is set to the error returned by LDAP
;                  |x - Error returned by SetInfo method (Missing permission etc.)
; Author ........: Jonathan Clelland
; Modified.......: water
; Remarks .......: This function sets the following properties:
;                    * objectClass to "dynamicObject" if $bDynamic = True
;                    * sAMAccountName (= $sUser)
;                    * userPrincipalName (e.g. $sUser@microsoft.com)
;                    * pwdLastSet to not expire
;                    * AccountDisabled to False (= activate the user)
;                  All other attributes have to be set using function _AD_ModifyAttribute
; Related .......: _AD_CreateOU, _AD_CreateGroup, _AD_AddUserToGroup, _AD_RemoveUserFromGroup
; Link ..........:
; Example .......: Yes
; ===============================================================================================================================
Func _AD_CreateUserEX($sOU, $sUser, $sCN, $bDynamic = False)
    If _AD_ObjectExists($sUser) Then Return SetError(1, 0, 0)
    If Not _AD_ObjectExists($sOU, "distinguishedName") Then Return SetError(2, 0, 0)
    If $sCN = "" Then Return SetError(3, 0, 0)
    $sCN = _AD_FixSpecialChars($sCN)
    If $sUser = "" Then Return SetError(4, 0, 0)
    Local $oOU = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sOU)
    Local $oUser = $oOU.Create("User", "CN=" & $sCN)
    If @error Or Not IsObj($oUser) Then Return SetError(5, @error, 0)
    If $bDynamic = True then
        $oUser.PutEx($ADS_PROPERTY_APPEND, "objectClass", "dynamicObject")
        if @error Then Return SetError(6, @error, 0)
    Endif
    $oUser.sAMAccountName = $sUser
    $oUser.userPrincipalName = $sUser & "@" & StringTrimLeft(StringReplace($sAD_DNSDomain, ",DC=", "."), 3)
    $oUser.pwdLastSet = -1 ; Set password to not expired
    $oUser.SetInfo
    If @error Then Return SetError(@error, 0, 0)
    $oUser.AccountDisabled = False ; Activate User
    $oUser.SetInfo
    If @error Then Return SetError(@error, 0, 0)
    Return 1
EndFunc   ;==>_AD_CreateUser

Can you please

• Add the above function _AD_CreateUserEX to your script (so it does not interfere with ther AD UDF)
• Run _AD_CreateUserEX and create a new user with $bDynamic = True
• If successful please check if the "dynamicObject" class has been set by running _AD_GetObjectClass($sUser, True). You should get an array with "top, person, organizationalPerson, user" and "dynamicObject"
• If True please set attribute "entryTTL" to 15 Minutes (or whatever value you like) by using _AD_ModifyAttribute($sUser, "entryTTL", 900)
• If successful please check the value by running _ADGetObjectProperties for this user

[water]

@blumi

As group names have to be unique you could just use _AD_ObjectExists.

Edited March 18, 2021 by water

[blumi]

3 minutes ago, water said:

@blumi

As group names have to be unique you could just use _AD_ObjectExists.

With or without the modification above?

[water]

Just:

$sScriptName = "Test"
$sSystemname = "Lapgruppex1"
; Verbindung mit Domänencontroller herstellen
_AD_Open("", "", "", "ldap.abcde.xxx.yy:3268", "")
If @error Then
    MsgBox(64, $sScriptName, "Verbindung NICHT hergestellt! error=" & @error)
    Exit
Else
    MsgBox(64, $sScriptName, "Verbindung hergestellt!")
EndIf

If _AD_ObjectExists($sSystemname) Then
    MsgBox(64, $sScriptName, $sSystemname & " existiert")
Else
    MsgBox(16, $sScriptName, $sSystemname & " existiert NICHT! error=" & @error)
EndIf
_AD_Close()
Exit