List all users in AD

Subz · June 24, 2022

If the following doesn't return accountExpiry info, then maybe you don't have the permissions to read that attribute?

#include <AD.au3>
_AD_Open()
    If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

    Local $aProperties = _AD_GetObjectProperties(@UserName)
    _ArrayDisplay($aProperties, "Active Directory Functions - Example 1 - Properties for user '" & @UserName & "'")

_AD_Close()

antmar904 · June 24, 2022

Yes it does return the "accountExpire" attribute when I run that code.

Subz · June 24, 2022

Can you try one of the contractor accounts samAccountNames in place of @Username? Also just noticed that your third parameter was blank, try using:

_AD_GetObjectProperties(@UserName, "accountExpires", True, True)

Although the first code I posted returns the information alot faster.

antmar904 · June 24, 2022

If I use a contractors samAccountName it works fine and only returns the accountExpire data

_AD_GetObjectProperties("ausername", "accountExpires", True, True)

If I run this, It does return the first array of users but fails with error code 1 when running the loop to return the accountExpires date.

#include <AD.au3>
#include <File.au3>

Global $Users = @ScriptDir & "\ADUsers.txt"

_GetUsers()

Func _GetUsers()

    ; Open Connection to the Active Directory.
    _AD_Open()
    If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

    ; Search all of AD for contractors and exclude _DT accounts.
    $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName")
    ;$hADUsers = FileOpen ($Users, $FO_APPEND)
    ;_FileWriteFromArray ($hADUsers, $aUserObjects)
    _ArrayDisplay($aUserObjects) ;Test array and display

    For $i = 0 To UBound($aUserObjects) - 1
        ;MsgBox(0, "", $aUserObjects[$i])
        $aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True)
         If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_GetObjectProperties encountered a problem. @error = " & @error & ", @extended = " & @extended)
    Next

    _ArrayDisplay ($aExpires)

    _AD_Close()

EndFunc   ;==>_GetUsers

Edited June 24, 2022 by antmar904

Subz · June 24, 2022

You would need to use _ArrayDisplay($aExpires) within the loop to show each contractor, however what happens when you use my original code? The _GetADDateTime() function is a lot faster than using _AD_GetObjectProperties as you're querying each user. However you don't mind waiting for the results just use something like:

$aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName")
    _ArrayColInsert($aUserObjects, 1)
    For $i = 0 To UBound($aUserObjects) - 1
        $aExpires = _AD_GetObjectProperties($aUserObjects[$i][0], "accountExpires", True, True)
        If Not @error Then $aUserObjects[$i][1] = $aExpires[1][1]
    Next

    _ArrayDisplay($aUserObjects)

water · June 25, 2022

_AD_GetObjectsInOU returns a one-based array. So element 0 holds the number of entries.
Start processing the array with element 1 and the problem should be gone

Edited June 25, 2022 by water

antmar904 · June 27, 2022

Hi @waterI tried that also and that did not work. Here is the current code and the error code I'm getting in the SciTE console output:

"C:\Temp\Dev\non-FTE out of compliance.au3" (31) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$aExpires = _AD_GetObjectProperties($aUserObjects[$i][1], "accountExpires", True, True)
$aExpires = _AD_GetObjectProperties(^ ERROR

#include <AD.au3>
#include <File.au3>

Global $Users = @ScriptDir & "\ADUsers.txt"

_GetUsers()

Func _GetUsers()

    ; Open Connection to the Active Directory.
    _AD_Open()
    If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

    ; Search all of AD for contractors and exclude _DT accounts.
    $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName")
    ;$hADUsers = FileOpen ($Users, $FO_APPEND)
    ;_FileWriteFromArray ($hADUsers, $aUserObjects)
    _ArrayDisplay($aUserObjects) ;Test array and display

    For $i = 0 To UBound($aUserObjects) - 1
        ;MsgBox(0, "", $aUserObjects[$i])
        $aExpires = _AD_GetObjectProperties($aUserObjects[$i][1], "accountExpires", True, True)
         If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_GetObjectProperties encountered a problem. @error = " & @error & ", @extended = " & @extended)
    Next

    _ArrayDisplay ($aExpires)

    _AD_Close()

EndFunc   ;==>_GetUsers

water · June 27, 2022

Please see my previous post!
You need

For $i = 1 To UBound($aUserObjects)

not

For $i = 0 To UBound($aUserObjects) - 1

antmar904 · June 27, 2022

ah I misunderstood you. Sry. I thought you meant start the array here [1]

$aExpires = _AD_GetObjectProperties($aUserObjects[$i][1], "accountExpires", True, True)

water · June 27, 2022

No, as _AD_GetObjectsInOU only returns a single property you have to use

$aExpires = _AD_GetObjectProperties($aUserObjects[$i][0], "accountExpires", True, True)

and $i has to start with 1.

antmar904 · June 27, 2022

I made those changes and I'm getting the same error.

"C:\Temp\Dev\non-FTE out of compliance.au3" (31) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$aExpires = _AD_GetObjectProperties($aUserObjects[$i][0], "accountExpires", True, True)
$aExpires = _AD_GetObjectProperties(^ ERROR

water · June 27, 2022

My bad. When you only retrieve a single property then you get a 1D array.
Hence you need:

$aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True)

Edited June 27, 2022 by water

antmar904 · June 27, 2022

I run the script, the array returns with the samaccount names, I X out of the first array then it runs for about 4 min and fails with this error:

"C:\Temp\Dev\non-FTE out of compliance.au3" (31) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True)
$aExpires = _AD_GetObjectProperties(^ ERROR

Subz · June 27, 2022

Believe Water meant you to use:

For $i = 1 To UBound($aUserObjects) - 1

Still not sure why you don't just use as per my first post and then convert it into a readable date.

$aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName,accountExpires")

water · June 27, 2022

Sure

antmar904 · June 27, 2022

3 hours ago, Subz said:
Believe Water meant you to use:
For $i = 1 To UBound($aUserObjects) - 1
Still not sure why you don't just use as per my first post and then convert it into a readable date.
$aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName,accountExpires")

Doesn't _AD_GetObjectProperties $bTranslate = True convert the data into readable data?

water · June 27, 2022

1 hour ago, antmar904 said:

Doesn't _AD_GetObjectProperties $bTranslate = True convert the data into readable data?

Correct

antmar904 · June 27, 2022

This is not working for me.

It's just returning ONE accountExpire date in the array after 4 min of running...

#include <AD.au3>
#include <File.au3>

Global $Users = @ScriptDir & "\ADUsers.txt"

_GetUsers()

Func _GetUsers()

    ; Open Connection to the Active Directory.
    _AD_Open()
    If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

    ; Search all of AD for contractors and exclude _DT accounts.
    $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user) (!(sAMAccountName=*_dt)(|(title=*contractor*) (title=*consultant*)(description=*contractor*) (description=*consultant*))))", 2, "sAMAccountName")
    ;$hADUsers = FileOpen ($Users, $FO_APPEND)
    ;_FileWriteFromArray ($hADUsers, $aUserObjects)
    _ArrayDisplay($aUserObjects) ;Test array and display

    For $i = 1 To UBound($aUserObjects) - 1
        ;MsgBox(0, "", $aUserObjects[$i])
        $aExpires = _AD_GetObjectProperties($aUserObjects[$i], "accountExpires", True, True)
         If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_GetObjectProperties encountered a problem. @error = " & @error & ", @extended = " & @extended)
    Next

    _ArrayDisplay ($aExpires)

    _AD_Close()

EndFunc   ;==>_GetUsers

Subz · June 27, 2022

As I mentioned in a previous post your only displaying the last entry because _ArrayDisplay($aExpires) is outside of the loop.

Quote

Doesn't _AD_GetObjectProperties $bTranslate = True convert the data into readable data?

While this is true, if your first query returns 200 contractors samAccount names, you're then making 200 additional queries to get the account expiry date within the loop, meaning it's going to take several minutes to complete. By only using the single query and then converting it to a date as per my original post, it only takes several seconds to complete.

antmar904 · June 27, 2022

1 hour ago, Subz said:

As I mentioned in a previous post your only displaying the last entry because _ArrayDisplay($aExpires) is outside of the loop.

While this is true, if your first query returns 200 contractors samAccount names, you're then making 200 additional queries to get the account expiry date within the loop, meaning it's going to take several minutes to complete. By only using the single query and then converting it to a date as per my original post, it only takes several seconds to complete.

Hey @Subz

I was originally just trying to use the AD UDFs. I did just test out your script and it worked well (~4 seconds)!. Thank you for your assistance. A couple of things I'm going to try and add is 1) exclude any "Disabled" AD accounts so we don't have to process them 2) my end goal is to only alert/report on any account that does not have a expire date of 90 days from the AD account creation date. Any help is greatly appreciated!

List all users in AD

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Subz

Posted Images

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members