joshiieeii Posted June 29, 2006 Posted June 29, 2006 (edited) DISCLAIMER: As always be careful when messing with scripts that can manipulate AD data This little tool with basically display what you get when you go to "Active Directory Users and Computers" in Adminpack and look at a user's profile.It enables you to unlock the account (UNTESTED) and view information about a user.*Updated 7-19-2006expandcollapse popup#include <GUIConstants.au3> #include <Misc.au3> Const $ADS_NAME_INITTYPE_GC = 3 Const $ADS_NAME_TYPE_NT4 = 3 Const $ADS_NAME_TYPE_1779 = 1 DIM $unlock DIM $mgrvalue DIM $mgrsplit DIM $manager DIM $mgr DIM $title DIM $pwdexpires $oMyError = ObjEvent("AutoIt.Error", "ComError") $objRootDSE = ObjGet("LDAP://RootDSE") $username = InputBox("Username","Please input a username:") If @error Then MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain) Else ; DNS domain name. $objTrans = ObjCreate("NameTranslate") $objTrans.Init ($ADS_NAME_INITTYPE_GC, "") $objTrans.Set ($ADS_NAME_TYPE_1779, @LogonDomain) $objTrans.Set ($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & $username) $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779) $UserObj = ObjGet("LDAP://" & $strUserDN) If @error Then MsgBox(0, 'username', 'Username does not exist or not able to communicate with ' & @LogonDomain) Else ;MsgBox(0, 'test', 'test: ' & $test) Call ("Displayinfo") EndIf EndIf $UserObj = "" $oMyError = ObjEvent("AutoIt.Error", "") ;COM Error function Func ComError() If IsObj($oMyError) Then $HexNumber = Hex($oMyError.number, 8) SetError($HexNumber) Else SetError(1) EndIf Return 0 EndFunc ;==>ComError Func Displayinfo() GUICreate ( "Active Directory Information", 500, 600, 300, 300) GUICtrlCreateLabel ("Username: ", 10, 10, 60, 20) GUICtrlCreateLabel ("First Name: ", 10, 30, 60, 20) GUICtrlCreateLabel ("Last Name: ", 200, 30, 60, 20) GUICtrlCreateLabel ("Display Name: ", 10, 50, 100, 20) GUICtrlCreateLabel ("Title: ", 10, 70, 100, 20) GUICtrlCreateLabel ("Manager: ", 10, 90, 100, 20) GUICtrlCreateLabel ("Description: ", 10, 150, 100, 20) GUICtrlCreateLabel ("Office: ", 10, 190, 60, 20) GUICtrlCreateLabel ("Department: ", 10, 250, 100, 20) GUICtrlCreateLabel ("Telephone Number: ", 10, 290, 90, 40) GUICtrlCreateLabel ("Mobile Number: ", 10, 320, 100, 20) GUICtrlCreateLabel ("Home Number: ", 10, 350, 100, 20) GUICtrlCreateLabel ("Email Address: ", 10, 370, 100, 20) GUICtrlCreateLabel ("Logon Script: ", 10, 410, 100, 20) GUICtrlCreateLabel ("Account:", 10, 430, 100, 20) GUICtrlCreateLabel ("Number of bad logon attempts since last reset: ", 310, 420, 120, 40) GUICtrlCreateLabel ("Password Last Changed: ", 10, 460, 100, 40) GUICtrlCreateLabel ("90 Day Password Expiration: ", 10, 490, 100, 40) GUICtrlCreateLabel ("Last Logon: ", 10, 540, 100, 20) $font="Tahoma" GUISetFont (9, 600, $font) ; will display underlined characters $unlock = GUICtrlCreateButton ( "UNLOCK Account", 180, 425, 120, 25) GUICtrlSetState ( $unlock, $Gui_Disable ) GUICtrlCreateLabel ( ''& $username, 100, 10, 100, 20) GUICtrlSetColor(-1,0x0000CC) ; Blue GUICtrlCreateLabel (''& $UserObj.FirstName, 100, 30, 100, 20) GUICtrlCreateLabel (''& $UserObj.LastName, 300, 30, 100, 20) GUICtrlCreateLabel (''& $UserObj.FullName, 100, 50, 300, 20) GUICtrlCreateLabel (''& $UserObj.Title, 100, 70, 100, 20) $title = GUICtrlRead ( $title ) If $title = 0 Then GUICtrlCreateLabel ('', 100, 70, 100, 20) Endif $mgr = GUICtrlCreateLabel (''& $UserObj.Manager, 100, 90, 400, 70) $mgrvalue = GUICtrlRead ( $mgr ) $mgrsplit = StringSplit ( ""& $mgrvalue, ",") $manager = StringTrimLeft ( ''& $mgrsplit[1], 3 ) GUICtrlCreateLabel (''& $manager, 100, 90, 400, 70) GUICtrlCreateLabel (''& $UserObj.Description, 100, 150, 300, 40) GUICtrlCreateLabel (''& $UserObj.physicalDeliveryOfficeName, 100, 190, 100, 50) GUICtrlCreateLabel (''& $UserObj.Department, 100, 250, 200, 20) GUICtrlCreateLabel (''& $UserObj.TelephoneNumber, 100, 300, 250, 20) GUICtrlCreateLabel (''& $UserObj.TelephoneMobile, 100, 320, 250, 20) GUICtrlCreateLabel (''& $UserObj.TelephoneHome, 120, 350, 250, 20) GUICtrlCreateLabel (''& $UserObj.EmailAddress, 100, 370, 300, 20) GUICtrlCreateLabel (''& $UserObj.LoginScript, 100, 410, 200, 15) $locked = GUICtrlCreateLabel (""& $UserObj.IsAccountLocked, 100, 430, 10, 20) If GuiCtrlread ($locked) = 0 or 39 Then GUICtrlCreateLabel ("NOT Locked", 100, 430, 80, 15) GUICtrlSetBkColor(-1, 0x00ff00);Green Else MsgBox(0, 'INFO', "User Account Lock value is: "& $locked) GUICtrlCreateLabel ("LOCKED", 10, 430, 60, 15) GUICtrlSetBkColor(-1, 0xff0000) ; Red GUICtrlSetState ( $unlock, $Gui_Enable ) EndIf $lastchange = $UserObj.PasswordLastChanged $Date = StringMid($lastchange, 5, 2) & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4) $Time = StringMid($lastchange, 9, 2) & ":" & StringMid($lastchange, 11, 2) & ":" & StringMid($lastchange, 13, 2) GUICtrlCreateLabel ($Date & " "& $Time, 100, 460, 150, 20) $pwdexpires = StringMid($lastchange, 5, 2) + 3 & "/" & StringMid($lastchange, 7, 2) & "/" & StringMid($lastchange, 1, 4) GUICtrlCreateLabel ( $pwdexpires & ' ' & $Time, 100, 490, 150, 20) $lastlogin = $UserObj.LastLogin $Date = StringMid($lastlogin, 5, 2) & "/" & StringMid($lastlogin, 7, 2) & "/" & StringMid($lastlogin, 1, 4) $Time = StringMid($lastlogin, 9, 2) & ":" & StringMid($lastlogin, 11, 2) & ":" & StringMid($lastlogin, 13, 2) GUICtrlCreateLabel ($Date & " "& $Time, 100, 540, 150, 20) $badlogin = GUICtrlCreateLabel (""& $UserObj.BadLoginCount, 430, 430, 20, 15) If GuiCtrlread ($badlogin) = 0 Then GUICtrlSetBkColor(-1, 0x00ff00);Green Else GUICtrlSetBkColor(-1, 0xff0000) ; Red EndIf GUISetState () While 1 $msg = GUIGetMsg() Select Case $msg = $unlock If $UserObj.IsAccountLocked Then $UserObj.IsAccountLocked = False $UserObj.SetInfo MsgBox(0, 'INFO', "User Account was Unlocked. It will take approximately 5 mins to reflect this change.") GUICtrlCreateLabel (""& $UserObj.IsAccountLocked, 100, 430, 10, 20) EndIf Case $msg = $GUI_EVENT_CLOSE Exit EndSelect WEnd EndFunc Edited July 19, 2006 by joshiieeii Projects:Vista Gui ImageX Deployment Tool - CompletedActive Directory Helper - CompletedGlobalized Outlook and OWA Signature Project - Completed
busysignal Posted July 21, 2006 Posted July 21, 2006 @joshiieeii, interesting. Need to run it on a test system. Cheers..
jftuga Posted July 21, 2006 Posted July 21, 2006 This looks really nice. -John Admin_Popup, show computer info or launch shellRemote Manager, facilitates connecting to RDP / VNCProc_Watch, reprioritize cpu intensive processesUDF: _ini_to_dict, transforms ini file entries into variablesUDF: monitor_resolutions, returns resolutions of multiple monitorsReport Computer Problem, for your IT help deskProfile Fixer, fixes a 'missing' AD user profile
joshiieeii Posted July 21, 2006 Author Posted July 21, 2006 Thanks, I use it when I get a user that has locked their account. Projects:Vista Gui ImageX Deployment Tool - CompletedActive Directory Helper - CompletedGlobalized Outlook and OWA Signature Project - Completed
Radsam Posted July 22, 2006 Posted July 22, 2006 This is a nice quick way of looking up specific AD info. Where did you go to find a list of LDAP Attributes? I need to know what the attribute is for the Home Drive connect to path. Also, would you know how to list all of the groups a user is a member of? Thanks
Developers Jos Posted July 22, 2006 Developers Posted July 22, 2006 This is a nice quick way of looking up specific AD info. Where did you go to find a list of LDAP Attributes? I need to know what the attribute is for the Home Drive connect to path. Also, would you know how to list all of the groups a user is a member of?ThanksHere's one SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Johny Clelland Posted November 23, 2006 Posted November 23, 2006 (edited) This is a nice quick way of looking up specific AD info. Where did you go to find a list of LDAP Attributes? I need to know what the attribute is for the Home Drive connect to path. Also, would you know how to list all of the groups a user is a member of? ThanksCode for returning an array that has the groupnames that the logged in user is a member of; Takes an array by reference and outputs it with the zeroth element as the count of groups and elements 1 to Ubound-1 as the group names. Doesn't sort them, just gets them in the order AD provides them. Let me know if you find it helpful... Func GetUserGroups(ByRef $usergroups) Dim $objConnection, $oUsr Dim $usergroups[1], $i = 1 $objConnection = ObjCreate("ADODB.Connection") ; Create COM object to AD $objConnection.Provider = "ADsDSOObject" $objConnection.Open ("Active Directory Provider") ; Open connection to AD $objRootDSE = ObjGet("LDAP://RootDSE") Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext") ; Retrieve the current AD domain name $strQuery = "<LDAP://" & $strDNSDomain & ">;(sAMAccountName=" & @UserName & ");ADsPath;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the logged on user $ldap_entry = $objRecordSet.fields (0).value $oUsr = ObjGet($ldap_entry) ; Retrieve the COM Object for the logged on user $groups = $oUsr.groups ; Get the list of group objects from the user For $groupname In $groups ReDim $usergroups[uBound($usergroups) + 1] $usergroups[0] += 1 ; Increment the count of groups $usergroups[$i] = StringTrimLeft($groupname.name, 3) $i += 1 Next EndFunc ;==>GetUserGroups Edited November 23, 2006 by Johny Clelland
Stealth111 Posted November 24, 2006 Posted November 24, 2006 (edited) Got some nice info from the script, thanks!! Edited November 30, 2006 by Stealth111
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now