dabus Posted July 10, 2007 Posted July 10, 2007 (edited) Don't know where to post it, so I'll put it here:This is a sample to find out which accounts are disabled at the moment. I'm sure it's not the straightest way to do it, I just did a copy and paste and added four lines. You can easily find them, since they look kina ugly... expandcollapse popup#include 'adfunctions.au3' Dim $objConnection, $objRootDSE, $objRecordSet, $arrContainers, $garrContainers $objConnection = ObjCreate("ADODB.Connection") ; Create COM object to AD $objCommand = ObjCreate("ADODB.Command") $objConnection.Provider = "ADsDSOObject" $objConnection.Open ("Active Directory Provider") ; Open connection to AD $objCommand.ActiveConnection = $objConnection $objCommand.Properties ("Page Size") = 1000 $objCommand.Properties ("Searchscope") = 2 $objRootDSE = ObjGet("LDAP://RootDSE") Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext") ; Retrieve the current AD domain name $Domain=StringSplit($strDNSDomain, '=') $Domain=StringTrimRight($Domain[2], 3) _ADGetObjectsInOU ($arrContainers, $strDNSDomain, "objectclass='organizationalPerson'", 2) Const $ADS_NAME_INITTYPE_GC = 3 Const $ADS_NAME_TYPE_NT4 = 3 Const $ADS_NAME_TYPE_1779 = 1 $objTrans = ObjCreate("NameTranslate") $objTrans.Init ($ADS_NAME_INITTYPE_GC, "") $objTrans.Set ($ADS_NAME_TYPE_1779, $Domain) For $c = 1 To UBound($arrContainers) - 1 $objTrans.Set ($ADS_NAME_TYPE_NT4, $Domain & '\' & $arrContainers[$c]) $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779) $UserObj = ObjGet("LDAP://" & $strUserDN) $State=$UserObj.userAccountControl If $State = '514' Or $State = '66050' Then ConsoleWrite($arrContainers[$c]&@CR) Next ;COM Error function Func ComError() If IsObj($oMyError) Then $HexNumber = Hex($oMyError.number, 8) SetError($HexNumber) Else SetError(1) EndIf Return 0 EndFunc ;==>ComErrorBy the way: is there a place to find all the properties that you can get via AD? I found http://www.microsoft.com/technet/prodtechn...4.mspx?mfr=true (Sorry, it's german ) , seems to be pretty close. Can you give me other hints/links?Err, could someone move this to the examples-forum, please? Edited July 10, 2007 by dabus
Johny Clelland Posted August 8, 2007 Author Posted August 8, 2007 By the way: is there a place to find all the properties that you can get via AD? I found http://www.microsoft.com/technet/prodtechn...4.mspx?mfr=true (Sorry, it's german ) , seems to be pretty close. Can you give me other hints/links?Err, could someone move this to the examples-forum, please?Dabus,The links I use for ADSI info are;ADSI Interface Reference -- http://msdn2.microsoft.com/en-us/library/aa772170.aspxScript Center -- http://www.microsoft.com/technet/scriptcen...t.mspx?mfr=trueHope these help.
Johny Clelland Posted August 8, 2007 Author Posted August 8, 2007 Johny: Since I've downloaded the most current version of adfunctions.au3, I've started getting 'Object referenced outside a "With" statement' errors. I'm not sure if my implementation of your "_ADGetGroupMembers" UDF is flawed or if something else is going on. Any help would be appreciated. #include <Array.au3> #include <File.au3> #include <adfunctions.au3> $TextFile = "" $Members = "" While 1 $GroupName = InputBox("Group Name", "Enter the Active Directory Group name") If @error <> 0 Then Exit Else If $GroupName <> "" Then ExitLoop EndIf EndIf WEnd $TextFile = $GroupName & ".txt" If _ADGetGroupMembers($Members, $GroupName, 0) == 1 Then _FileWriteFromArray($TextFile, $members) Else MsgBox(4096,"Error", "The group specified doesn't exist.") EndIf Significent, Apologies for taking so long to get back to you. This error was caused by a change in ADFunctions where some functions changed from requiring SamAccountNames to FQDNs. Simple fix is to change the line that calls _ADGetGroupMembers to this; If _ADGetGroupMembers($Members, _ADSamAccountNametoFQDN($GroupName), 0) == 1 Then That sorts it out :-) Hope this helps, Johny. JoshuaBarnette 1
WSCPorts Posted August 8, 2007 Posted August 8, 2007 Hello Jonny this is very nice scripts u got here but it doesnt meet my needs at the moment what im trying to do is get a list of all computer names and with each Computer object Call get_NetAddresses($bStr) and print out the addresses this is what i got so far expandcollapse popupGlobal $NameSpace = ObjGet("WinNT:") Global $objDomain,$objPDC,$objComputer Dim $Filter[2] Dim $Stack[4096] Dim $StackPtr Dim $NetString,$DomString,$CompString GetComputerNames() Exit ;stack[3~4096] are return areas unless otherwise stated in function ;Stack[2] = NumOfCurrentEntry ;Stack[1] = static Base ;Stack[0] = good or bad return 0 : 1 Func GetDomainNames() InitStack() $Filter[0] = "Domain" $NameSpace.Filter = $Filter For $objDomain in $NameSpace Push($objDomain.Name) Next EndFunc Func GetComputerNames() GetDomainNames() $DomString = Pop() $objPDC = ObjGet("WinNT://" & $DomString) If(IsObj($objPDC)) Then Cscl() $Filter[0] = "Computer" $objPDC.Filter = $Filter For $objComputer In $objPDC $CompString = $objComputer.Name $CompString = $CompString & "." & $DomString $objComputer = ObjGet("WinNT://" & $CompString) With $objComputer .get_NetAddresses($NetString) EndWith Print($NetString) Next Else;shouldnt Execute cleanup more later ... lol $DomString = Pop() Cscl() $objPDC = ObjGet("WinNT://" & $DomString ) If(IsObj($objPDC)) Then $Filter[0] = "Computer" $objPDC.Filter = $Filter For $objComputer In $objPDC Push($objComputer.Name) $objComputer.get_NetAddresses($NetString) Print($String) Next EndIf EndIf EndFunc Func InitStack() $Stack[0] = 1;signify good ret $Stack[1] = 3;init stack current location $Stack[2] = 0;init stack Entries counter $StackPtr = $Stack[1] Do;clear rest $Stack[$StackPtr] = 0 $StackPtr = $StackPtr+1 Until $StackPtr >= 4096 $StackPtr = $Stack[1] EndFunc Func Cscl();clear stack current location $Stack[1] = 3 $Stack[2] = 0 EndFunc Func Push($Var) $Stack[$StackPtr] = $Var $Stack[2] = $Stack[2] + 1 $StackPtr = $Stack[1] + $Stack[2] EndFunc Func Pop() $Stack[2] = $Stack[2] - 1 $StackPtr = $Stack[1] + $Stack[2] Return $Stack[$StackPtr] EndFunc Func Print($str) ConsoleWrite($str) EndFunc http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
Raja Posted August 10, 2007 Posted August 10, 2007 Can anyone please show me where to look for Adfunctions.au3, have looked in the downloads section as well but failed to find it. Being new to the group I am not sure if I am missing something very simple. Thanks!
dabus Posted August 10, 2007 Posted August 10, 2007 This is the lastest one I own, but it may be an old one. CODE expandcollapse popup; Active Directory Function Library. Include this to allow access to Active Directory Functions ; Author : Jonthan Clelland ; Email : jclelland@statestreet.com ; Version : 3.0 ; _ADDoError : Error event handler for COM errors. This is global so will pick up errors from your program if you include this library ; _ADCreateUser : Creates a user in a particular OU ; _ADCreateGroup : Creates a group in a particular OU ; _ADAddUserToGroup : Adds a user to a group (if the user is not already a member of the group) ; _ADRemoveUserFromGroup : Removes a user from a group ; _ADObjectExists : Returns 1 if the given object (SamAccountName) exists in the local AD Tree ; _ADModifyAttribute : Sets the attribute of the given object to the value specified ; _ADIsMemberOf : Returns 1 if the user is a member of the group ; _ADGetUserGroups : Returns an array (byreference) containing the groups that the user is a member of ; _ADRecursiveGetMemberOf : Returns a recursed list of group membership for a group or user ; _ADGetGroupMembers : Returns an array of the group members ; _ADGetGroupMemberOf : Returns a simple list of group membership for a group ; _ADHasFullRights : Returns 1 if the given user has full rights over the given group ; _ADGroupMailEnable : Mail enables a group ; _ADUserCreateMailbox : Creates a mailbox for a user ; _ADUserDeleteMailbox : Deletes the mailbox for a user ; _ADGetObjectsInOU : Returns a filtered list of objects and attributes in a given OU ; _ADDNToSamAccountName : Returns the SamAccountName of an FQDN ; _ADSamAccountNameToFQDN : Returns a FQDN from a SamAccountName ; _ADDNToDisplayName :Returns the Display Name of an FQDN ; _ADCreateObject : Creates an object of a specified type ; _ADCreateComputer : Creates a computer and assigns permissions for a user/group to add the computer ; _ADDeleteObject : Deletes an object ; _ADGetObjectClass : Returns the class of an object ; _ADGetObjectClassFromFQDN : Returns the class of an object from it's FQDN ; _ADGetObjectAttribute : Returns a (single-value) attribute of an object ; _ADListDomainControllers : Returns a list of Domain Controllers for the current domain ; _ADOUObjectNames : Returns display names of filtered objects within an OU ; NOTES : Please use the following command to store the local user's groups for the function 'HasFullRights'. This is to allow cross-domain ; permission checks. $loggedonusergroups is a global variable declared in the 'Define AD Constants' region. If you are using this command ; in this library, move the command below the declaration of the variable and remove the comment charcater. ; _ADRecursiveGetMemberOf ($loggedonusergroups, _ADSamAccountNameToFQDN (@UserName)) ; include array functions (we use _arraysearch in some functions) #include <Array.au3> #region ; Define AD Constants Global Const $ADS_GROUP_TYPE_GLOBAL_GROUP = 0x2 Global Const $ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 0x4 Global Const $ADS_GROUP_TYPE_UNIVERSAL_GROUP = 0x8 Global Const $ADS_GROUP_TYPE_SECURITY_ENABLED = 0x80000000 Global Const $ADS_GROUP_TYPE_GLOBAL_SECURITY = BitOR($ADS_GROUP_TYPE_GLOBAL_GROUP, $ADS_GROUP_TYPE_SECURITY_ENABLED) Global Const $ADS_GROUP_TYPE_UNIVERSAL_SECURITY = BitOR($ADS_GROUP_TYPE_UNIVERSAL_GROUP, $ADS_GROUP_TYPE_SECURITY_ENABLED) Global Const $ADS_UF_PASSWD_NOTREQD = 0x0020 Global Const $ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000 Global Const $ADS_ACETYPE_ACCESS_ALLOWED = 0x0 Global Const $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = 0x5 Global Const $ADS_FLAG_OBJECT_TYPE_PRESENT = 0x1 Global Const $ADS_RIGHT_GENERIC_READ = 0x80000000 Global Const $ADS_RIGHT_DS_SELF = 0x8 Global Const $ADS_RIGHT_DS_WRITE_PROP = 0x20 Global Const $ADS_RIGHT_DS_CONTROL_ACCESS = 0x100 Global Const $ALLOWED_TO_AUTHENTICATE = "{68B1D179-0D15-4d4f-AB71-46152E79A7BC}" Global Const $RECEIVE_AS = "{AB721A56-1E2f-11D0-9819-00AA0040529B}" Global Const $SEND_AS = "{AB721A54-1E2f-11D0-9819-00AA0040529B}" Global Const $USER_CHANGE_PASSWORD = "{AB721A53-1E2f-11D0-9819-00AA0040529b}" Global Const $USER_FORCE_CHANGE_PASSWORD = "{00299570-246D-11D0-A768-00AA006E0529}" Global Const $USER_ACCOUNT_RESTRICTIONS = "{4C164200-20C0-11D0-A768-00AA006E0529}" Global Const $VALIDATED_DNS_HOST_NAME = "{72E39547-7B18-11D1-ADEF-00C04FD8D5CD}" Global Const $VALIDATED_SPN = "{F3A64788-5306-11D1-A9C5-0000F80367C1}" Global $objConnection = ObjCreate("ADODB.Connection") ; Create COM object to AD $objConnection.ConnectionString = "Provider=ADsDSOObject" $objConnection.Open ("Active Directory Provider") ; Open connection to AD Global $objRootDSE = ObjGet("LDAP://RootDSE") Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext") ; Retrieve the current AD domain name Global $strHostServer = $objRootDSE.Get ("dnsHostName") ; Retrieve the name of the connected DC Global $strConfiguration = $objRootDSE.Get ("ConfigurationNamingContext") ; Retrieve the Configuration naming context Global $loggedonusergroups ; populate this with the logged on user groups in your own app #endregion $oMyError = ObjEvent("AutoIt.Error", "_ADDoError") ; Install a custom error handler ; MyErrFunc Func _ADDoError() $HexNumber = Hex($oMyError.number, 8) If $HexNumber = 80020009 Then SetError(3) Return EndIf MsgBox(0, "", "We intercepted a COM Error !" & @CRLF & _ "Number is: " & $HexNumber & @CRLF & _ "Windescription is: " & $oMyError.windescription) Select Case $oMyError.windescription = "Access is denied." $objConnection.Close ("Active Directory Provider") $objConnection.Open ("Active Directory Provider") SetError(2) Case 1 SetError(1) EndSelect EndFunc ;==>DoError ; _ADCreateUser ; $userou = OU to create the group in. Form is "sampleou=ou, sampleparent=ou, sampledomain1=dc, sampledomain2=dc, sampledomain3=dc" ; $user = Username, form is SamAccountName without leading 'CN=' ; $fname = First Name ; $lname = Last Name ; $description = optional - Description Func _ADCreateUser($userou, $user, $fname, $lname, $description = "User") If _ADObjectExists($user) Then Return 0 $ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $userou) $cnname = "CN=" & $lname & "\, " & $fname $ObjUser = $ObjOU.Create ("User", $cnname) $ObjUser.Put ("sAMAccountName", $user) $ObjUser.Put ("description", $description) ;$ObjUser.Put ("givenName", $fname) ;$ObjUser.Put ("sname", $lname) $ObjUser.SetInfo Return 1 EndFunc ;==>_ADCreateUser ; _ADCreateGroup ; $gruopou = OU to create the group in. Form is "sampleou=ou, sampleparent=ou, sampledomain1=dc, sampledomain2=dc, sampledomain3=dc" ; $group = groupname, form is SamAccountName without leading 'CN=' ; $type = Group type. Defaults to Global Security. See the global constands for other types. NOTE Global security must be 'BitOr'ed with a scope. Func _ADCreateGroup($groupou, $group, $type = -2147483646) If _ADObjectExists($group) Then Return 0 If StringLeft($group, 3) <> "CN=" Then $group = "CN=" & StringReplace($group, ",", "\,") EndIf $ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $groupou) $ObjGroup = $ObjOU.Create ("Group", $group) $ObjGroup.Put ("sAMAccountName", StringTrimLeft(StringReplace($group, "\,", " "), 3)) $ObjGroup.Put ("grouptype", $type) $ObjGroup.SetInfo Return 1 EndFunc ;==>_ADCreateGroup ; _ADAddUserToGroup ; Takes the group (SamAccountName without leading 'CN=') and the user (SamAccountName without leading 'CN=') ; Adds the user to the group ; Returns 0 if the user is already a member of the group, ; Returns 1 if the user was added to the group ; Returns -1 if there was an error Func _ADAddUserToGroup($group, $user) If _ADIsMemberOf($group, $user) Then Return 0 $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the user $ldap_entry = $objRecordSet.fields (0).value $oUsr = ObjGet($ldap_entry) ; Retrieve the COM Object for the user $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $group & ");ADsPath;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the group $ldap_entry = $objRecordSet.fields (0).value $oGroup = ObjGet($ldap_entry) ; Retrieve the COM Object for the group $OGroup.Add ($oUsr.AdsPath) $OGroup.SetInfo Return _ADIsMemberOf($group, $user) EndFunc ;==>_ADAddUserToGroup ; _ADRemoveUserFromGroup ; Takes the group (SamAccountName without leading 'CN=') and the user (SamAccountName without leading 'CN=') ; Removes the user from the group (if the user is a member of the group) ; Returns 0 if the user isn't a member of the group, 1 if the user was removed from the group ; Returns -1 if the removal failed. Func _ADRemoveUserFromGroup($group, $user) If _ADIsMemberOf($group, $user) = 0 Then Return 0 $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the user $ldap_entry = $objRecordSet.fields (0).value $oUsr = ObjGet($ldap_entry) ; Retrieve the COM Object for the user $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $group & ");ADsPath;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the group $ldap_entry = $objRecordSet.fields (0).value $oGroup = ObjGet($ldap_entry) ; Retrieve the COM Object for the group $oGroup.Remove ($oUsr.AdsPath) $OGroup.SetInfo If _ADIsMemberOf($group, $user) Then Return -1 Else Return 1 EndIf EndFunc ;==>_ADRemoveUserFromGroup ; _ADObjectExists ; Takes an object name (SamAccountName without leading 'CN=') ; Returns 1 if the object exists in the tree, 0 otherwise Func _ADObjectExists($object) $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree" $objRecordSet = $ObjConnection.Execute ($strQuery) ; Retrieve the FQDN for the group, if it exists If $objRecordSet.RecordCount = 1 Then Return 1 Else Return 0 EndIf EndFunc ;==>_ADObjectExists ; _ADModifyAttribute ; $object = Object to modify (samAccountName) ; $attribute = Attribute to modify ; $value = value to set attribute to Func _ADModifyAttribute($object, $attribute, $value) If _ADObjectExists($object) = 0 Then Return 0 ; Returns 0 if the object doesn't exist $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree" $objRecordSet = $ObjConnection.Execute ($strQuery) ; Retrieve the FQDN for the object $ldap_entry = $objRecordSet.fields (0).value $oObject = ObjGet($ldap_entry) ; Retrieve the COM Object for the object $oObject.GetInfo $oObject.GetInfo If $value = "" Then $oObject.PutEx (1, $attribute, 0) Else $oObject.Put ($attribute, $value) EndIf $oObject.SetInfo $oObject.PurgePropertyList Return 1 EndFunc ;==>_ADModifyAttribute ; _ADIsMemberOf ; Takes samAccountNames for a group and a user ; Returns 1 if the the user is a member of the group, 0 otherwise Func _ADIsMemberOf($group, $user) $ObjGroup = ObjGet("LDAP://" & $strHostServer & "/" & _ADSamAccountNameToFQDN($group)) $ismember = $objgroup.IsMember ("LDAP://" & $strHostServer & "/" & _ADSamAccountNameToFQDN($user)) Return -$ismember EndFunc ;==>_ADIsMemberOf ; _ADGetUserGroups ; the currently logged on user is a member of. Returns an array of Full DNs of the Group names that the user is immediately a member of ; with element 0 containing the number of groups. ; $user - optional -- SamAccountName of a user, defaults to locally logged on user Func _ADGetUserGroups(ByRef $usergroups, $user = @UserName) Local $oUsr $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the logged on user $ldap_entry = $objRecordSet.fields (0).value $oUsr = ObjGet($ldap_entry) ; Retrieve the COM Object for the logged on user $usergroups = $oUsr.GetEx ("memberof") $count = UBound($usergroups) _ArrayInsert($usergroups, 0, $count) EndFunc ;==>_ADGetUserGroups ; _ADRecursiveGetMemberOf ; Takes a Full DN of a group or user and returns a recursively searched list of groups the object is a member of to the array ; This will traverse through groups that the object is immediately a member of and check their group membership as well. ; The return values are full DNs. For groups that are inherited, the return is the DN of the group, and the DN of the first group ; it was inherited from, seperated by '|'. Func _ADRecursiveGetMemberOf(ByRef $memberof, $fqdn) Local $objItem, $tempmemberof, $i = 0 $objItem = ObjGet("LDAP://" & $strHostServer & "/" & $fqdn) ; Retrieve the COM Object for the logged on user $memberof = $objItem.GetEx ("memberof") If $memberof = 0 Then Dim $memberof[1] = [0] Return 0 EndIf Do If StringInStr($memberof[$i],"|") Then $currgroup = StringLeft($memberof[$i],StringInStr($memberof[$i],"|")-1) Else $currgroup = $memberof[$i] EndIf _ADGetGroupMemberOf($tempmemberof, $currgroup) For $j = 1 To $tempmemberof[0] $exists = 0 $k = UBound($memberof) Do $k -= 1 If StringInStr($memberof[$k], $tempmemberof[$j]) Then $exists = 1 Until $exists = 1 Or $k = 0 If $exists = 0 Then _ArrayAdd($memberof, $tempmemberof[$j] & "|" & $currgroup) Next $i += 1 Until $i = UBound($memberof) $count = UBound($memberof) _ArrayInsert($memberof, 0, $count) Return 1 EndFunc ;==>_ADRecursiveGetMemberOf ; _ADGetGroupMembers ; Arguments, ; $members - Array that the result will be stored in ; $group - Group to retrieve members from ; $sort - optional, default 0 : Set to 1 to sort the array ; Returns an array to $members where $members[0] will be the number of users in the group and ; $members[1] to $members[$members[0]] are the distinguished names of the users Func _ADGetGroupMembers(ByRef $members, $groupdn, $sort = 0) If _ADObjectExists($groupdn) = 0 Then Return 0 Else Local $oUsr, $objCommand, $groups $objCommand = ObjCreate("ADODB.Command") $objCommand.ActiveConnection = $objConnection $objCommand.Properties ("Searchscope") = 2 Dim $members[1] $i = 0 While 1 $rangemodifier = $i * 1000 $range = "Range=" & $rangemodifier & "-" & $rangemodifier + 999 $strCmdText = "<LDAP://" & $strHostServer & "/" & $groupdn & ">;;member;" & $range & ";base" $objCommand.CommandText = $strCmdText $objRecordSet = $objCommand.Execute $membersadd = $objRecordSet.fields (0).Value If $membersadd = 0 Then ExitLoop ReDim $members[UBound($members) + 1000] For $j = $rangemodifier + 1 To $rangemodifier + 1000 $members[$j] = $membersadd[$j - $rangemodifier - 1] Next $i += 1 $objRecordSet.Close WEnd $rangemodifier = $i * 1000 $range = "Range=" & $rangemodifier & "-*" $strCmdText = "<LDAP://" & $strHostServer & "/" & $groupdn & ">;;member;" & $range & ";base" $objCommand.CommandText = $strCmdText $objRecordSet = $objCommand.Execute $membersadd = $objRecordSet.fields (0).Value ReDim $members[UBound($members) + UBound($membersadd) ] For $j = $rangemodifier + 1 To $rangemodifier + UBound($membersadd) $members[$j] = $membersadd[$j - $rangemodifier - 1] Next $objRecordSet.Close $members[0] = UBound($members) - 1 If $sort = 1 Then _ArraySort($members, 0, 1) EndIf Return 1 EndIf EndFunc ;==>_ADGetGroupMembers ; _ADGetGroupMemberOf Func _ADGetGroupMemberOf(ByRef $memberof, $groupdn, $sort = 0) ;If _ADObjectExists($group) = 0 Then Return 0 Local $oUsr, $objCommand, $groups $objCommand = ObjCreate("ADODB.Command") $objCommand.ActiveConnection = $objConnection $objCommand.Properties ("Searchscope") = 2 Dim $memberof[1] $i = 0 While 1 $rangemodifier = $i * 1000 $range = "Range=" & $rangemodifier & "-" & $rangemodifier + 999 $strCmdText = "<LDAP://" & $strHostServer & "/" & $groupdn & ">;;memberof;" & $range & ";base" $objCommand.CommandText = $strCmdText $objRecordSet = $objCommand.Execute $membersadd = $objRecordSet.fields (0).Value If $membersadd = 0 Then ExitLoop ReDim $memberof[UBound($memberof) + 1000] For $j = $rangemodifier + 1 To $rangemodifier + 1000 $memberof[$j] = $membersadd[$j - $rangemodifier - 1] Next $i += 1 $objRecordSet.Close WEnd $rangemodifier = $i * 1000 $range = "Range=" & $rangemodifier & "-*" $strCmdText = "<LDAP://" & $strHostServer & "/" & $groupdn & ">;;memberof;" & $range & ";base" $objCommand.CommandText = $strCmdText $objRecordSet = $objCommand.Execute $membersadd = $objRecordSet.fields (0).Value ReDim $memberof[UBound($memberof) + UBound($membersadd) ] For $j = $rangemodifier + 1 To $rangemodifier + UBound($membersadd) $memberof[$j] = $membersadd[$j - $rangemodifier - 1] Next $objRecordSet.Close $memberof[0] = UBound($memberof) - 1 If $sort = 1 Then _ArraySort($memberof, 0, 1) EndIf Return $memberof[0] EndFunc ;==>_ADGetGroupMemberOf ; _ADHasFullRights ; Take an object's SamAccountName, a user's SamAccountName ; Returns 1 if User has full rights on the object ; Returns 0 otherwise Func _ADHasFullRights($object, $user = @UserName) Dim $hfr_groups If $user = @UserName Then $hfr_groups = $loggedonusergroups Else _ADGetUserGroups($hfr_groups, $user) EndIf $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree" $objRecordSet = $ObjConnection.Execute ($strQuery) ; Retrieve the FQDN for the object If $objRecordSet.RecordCount = 1 Then $ldap_entry = $objRecordSet.fields (0).value $oObject = ObjGet($ldap_entry) ; Retrieve the COM Object for the logged on user $security = $oObject.Get ("ntSecurityDescriptor") $dacl = $security.DiscretionaryAcl For $ace In $dacl $trusteearray = StringSplit($ace.Trustee, "\") $trusteegroup = $trusteearray[$trusteearray[0]] For $i = 0 To UBound($hfr_groups) - 1 If StringInStr($hfr_groups[$i], "CN=" & $trusteegroup) And $ace.AccessMask = 983551 Then Return 1 Next Next EndIf Return 0 EndFunc ;==>_ADHasFullRights ; _ADGroupMailEnable ; Takes a group and enables mail on that group Func _ADGroupMailEnable($group) If _ADObjectExists($group) = 0 Then Return 0 $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $group & ");ADsPath;subtree" $objRecordSet = $ObjConnection.Execute ($strQuery) ; Retrieve the FQDN for the group, if it exists $ldap_entry = $objRecordSet.fields (0).value $oGroup = ObjGet($ldap_entry) ; Retrieve the COM Object for the object $oGroup.MailEnable $OGroup.SetInfo Return 1 EndFunc ;==>_ADGroupMailEnable ; _ADUserCreateMailbox ; $user - User to add mailbox to ; $mdbstore - Mailbox storename ; $store - Information store ; $server - Email server ; $admingroup - Administrative group in Exchange ; $domain - Domain name Func _ADUserCreateMailbox($user, $mdbstore, $store, $server, $admingroup, $domain) If _ADObjectExists($user) = 0 Then Return 0 $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree" $objRecordSet = $ObjConnection.Execute ($strQuery) ; Retrieve the FQDN for the group, if it exists $ldap_entry = $objRecordSet.fields (0).value $oUser = ObjGet($ldap_entry) ; Retrieve the COM Object for the object If $oUser.HomeMDB <> "" Then Return 0 $mailboxpath = "LDAP://CN=" $mailboxpath = $mailboxpath & $mdbstore $mailboxpath = $mailboxpath & ",CN=" $mailboxpath = $mailboxpath & $store $mailboxpath = $mailboxpath & ",CN=InformationStore" $mailboxpath = $mailboxpath & ",CN=" $mailboxpath = $mailboxpath & $server $mailboxpath = $mailboxpath & ",CN=Servers,CN=" $mailboxpath = $mailboxpath & $admingroup $mailboxpath = $mailboxpath & ",CN=Administrative Groups,CN=State Street,CN=Microsoft Exchange,CN=Services,CN=Configuration," $mailboxpath = $mailboxpath & $domain $oUser.CreateMailbox ($mailboxpath) $oUser.SetInfo Return 1 EndFunc ;==>_ADUserCreateMailbox ; _ADUserDeleteMailbox ; Deletes a user's mailbox Func _ADUserDeleteMailbox($user) If _ADObjectExists($user) = 0 Then Return 0 $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree" $objRecordSet = $ObjConnection.Execute ($strQuery) ; Retrieve the FQDN for the group, if it exists $ldap_entry = $objRecordSet.fields (0).value $oUser = ObjGet($ldap_entry) ; Retrieve the COM Object for the object If $oUser.HomeMDB = "" Then Return 0 $oUser.DeleteMailbox $oUser.SetInfo Return 1 EndFunc ;==>_ADUserDeleteMailbox ; _ADGetObjectsInOU ; Returns an array of the objects in an OU ; $ou : The OU to retrieve from ; $filter : optional, default "name'*'". An additional LDAP filter if required. ; $searchscope : optional, default 2. 0 = base, 1 = one-level, 2 = sub-tree ; $datatoretrieve : optional, default "Name". A comma-seperated list of values to retrieve. More than one value will create ; a 2-dimensional array, array[0][0] will contain the number of items returned, which start at array[1][0] Func _ADGetObjectsInOU(ByRef $ObjectArray, $ou, $filter = "name='*'", $searchscope = 2, $datatoretrieve = "sAMAccountName", $sortby = "sAMAccountName") Local $objRecordSet $objCommand = ObjCreate("ADODB.Command") $objCommand.ActiveConnection = $objConnection $objCommand.Properties ("Page Size") = 1000 $objCommand.Properties ("Searchscope") = $searchscope $strCmdText = "Select " & $datatoretrieve & " FROM 'LDAP://" & $strHostServer & "/" & $ou & "' WHERE " & $filter & " ORDER BY " & $sortby $objCommand.CommandText = $strCmdText $objRecordSet = $objCommand.Execute If StringInStr($datatoretrieve, ",") Then $dtrArray = StringSplit($datatoretrieve, ",") Dim $ObjectArray[$objRecordSet.RecordCount + 1][$dtrArray[0]] $ObjectArray[0][0] = $objRecordSet.RecordCount $ObjectArray[0][1] = $dtrArray[0] If $ObjectArray[0][0] = 0 Then Return 0 $count = 1 $objRecordSet.MoveFirst Do For $i = 1 To $dtrArray[0] $ObjectArray[$count][$i - 1] = $objRecordSet.Fields ($dtrArray[$i]).Value Next $objRecordSet.MoveNext $count += 1 Until $objRecordSet.EOF Else Dim $ObjectArray[$objRecordSet.RecordCount + 1] $ObjectArray[0] = UBound($ObjectArray)-1 If $ObjectArray[0] = 0 Then $ObjectArray = 0 Return 0 Else $count = 1 $objRecordSet.MoveFirst Do $ObjectArray[$count] = $objRecordSet.Fields ($datatoretrieve).Value $objRecordSet.MoveNext $count += 1 Until $objRecordSet.EOF EndIf EndIf Return 1 EndFunc ;==>_ADGetObjectsInOU ; _ADDNToSamAccountName ; Takes a FQDN and returns the SamID of the account Func _ADDNToSamAccountName($fqdn) $obj = ObjGet("LDAP://" & $strHostServer & "/" & $fqdn) If $obj = 0 Then MsgBox(0, "", "Failed to retrieve AD object") Return 0 EndIf Return $obj.sAMAccountName EndFunc ;==>_ADDNToSamAccountName ; _ADSamAccountNameToFQDN ; Takes a SamID and returns the FQDN of the account Func _ADSamAccountNameToFQDN($samname) $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $samname & ");distinguishedName;subtree" $objRecordSet = $objConnection.Execute ($strQuery) If $objRecordSet.RecordCount = 1 Then Return $objRecordSet.fields (0).value Else Return "" EndIf EndFunc ;==>_ADSamAccountNameToFQDN ; _ADDNToDisplayName ; Returns the Display Name of an FQDN Func _ADDNToDisplayName($fqdn) $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(distinguishedname=" & $fqdn & ");name;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the logged on user If $objRecordSet.EOF Then MsgBox(0, "", "Error, object not found") Else ;MsgBox(0,"",$objRecordSet.fields (0).value) Return $objRecordSet.fields (0).value EndIf ;$obj = ObjGet("LDAP://" & $fqdn) ;Return $obj.name EndFunc ;==>_ADDNToDisplayName ; _ADCreateObject ; $objectou = OU to create the group in. Form is "sampleou=ou, sampleparent=ou, sampledomain1=dc, sampledomain2=dc, sampledomain3=dc" ; $object = Object name, form is SamAccountName without leading 'CN=' ; $type = Type of object to create Func _ADCreateObject($objectou, $object, $type) If _ADObjectExists($object) Then Return 0 If StringLeft($object, 3) <> "CN=" Then $object = "CN=" & $object EndIf $ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $objectou) $ObjADObj = $ObjOU.Create ($type, $object) $ObjADObj.Put ("sAMAccountName", StringTrimLeft($object, 3)) If $type = "Computer" Then $ObjADObj.Put ("UserAccountControl", BitOR(0x0020, 0x1000)) EndIf $ObjADobj.SetInfo Return 1 EndFunc ;==>_ADCreateObject ; _ADCreateComputer ; $strComputer = Name of the computer object to create ; $computerOU = Full DN of the OU to create the computer in ; $strComputerUser = User or group that will be allowed to add the computer to the domain (SamAccountName) Func _ADCreateComputer($strComputer, $computerOU, $strComputerUser) $objContainer = ObjGet("LDAP://" & $strHostServer & "/" & $computerOU) $objComputer = $objContainer.Create ("Computer", "cn=" & $strComputer) $objComputer.Put ("sAMAccountName", $strComputer & "$") $objComputer.Put ("userAccountControl", BitOR($ADS_UF_PASSWD_NOTREQD, $ADS_UF_WORKSTATION_TRUST_ACCOUNT)) $objComputer.SetInfo $objSecurityDescriptor = $objComputer.Get ("ntSecurityDescriptor") $objDACL = $objSecurityDescriptor.DiscretionaryAcl $objACE1 = ObjCreate("AccessControlEntry") $objACE1.Trustee = $strComputerUser $objACE1.AccessMask = $ADS_RIGHT_GENERIC_READ $objACE1.AceFlags = 0 $objACE1.AceType = $ADS_ACETYPE_ACCESS_ALLOWED $objACE2 = ObjCreate("AccessControlEntry") $objACE2.Trustee = $strComputerUser $objACE2.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS $objACE2.AceFlags = 0 $objACE2.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT $objACE2.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT $objACE2.ObjectType = $ALLOWED_TO_AUTHENTICATE $objACE3 = ObjCreate("AccessControlEntry") $objACE3.Trustee = $strComputerUser $objACE3.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS $objACE3.AceFlags = 0 $objACE3.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT $objACE3.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT $objACE3.ObjectType = $RECEIVE_AS $objACE4 = ObjCreate("AccessControlEntry") $objACE4.Trustee = $strComputerUser $objACE4.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS $objACE4.AceFlags = 0 $objACE4.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT $objACE4.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT $objACE4.ObjectType = $SEND_AS $objACE5 = ObjCreate("AccessControlEntry") $objACE5.Trustee = $strComputerUser $objACE5.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS $objACE5.AceFlags = 0 $objACE5.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT $objACE5.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT $objACE5.ObjectType = $USER_CHANGE_PASSWORD $objACE6 = ObjCreate("AccessControlEntry") $objACE6.Trustee = $strComputerUser $objACE6.AccessMask = $ADS_RIGHT_DS_CONTROL_ACCESS $objACE6.AceFlags = 0 $objACE6.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT $objACE6.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT $objACE6.ObjectType = $USER_FORCE_CHANGE_PASSWORD $objACE7 = ObjCreate("AccessControlEntry") $objACE7.Trustee = $strComputerUser $objACE7.AccessMask = $ADS_RIGHT_DS_WRITE_PROP $objACE7.AceFlags = 0 $objACE7.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT $objACE7.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT $objACE7.ObjectType = $USER_ACCOUNT_RESTRICTIONS $objACE8 = ObjCreate("AccessControlEntry") $objACE8.Trustee = $strComputerUser $objACE8.AccessMask = $ADS_RIGHT_DS_SELF $objACE8.AceFlags = 0 $objACE8.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT $objACE8.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT $objACE8.ObjectType = $VALIDATED_DNS_HOST_NAME $objACE9 = ObjCreate("AccessControlEntry") $objACE9.Trustee = $strComputerUser $objACE9.AccessMask = $ADS_RIGHT_DS_SELF $objACE9.AceFlags = 0 $objACE9.AceType = $ADS_ACETYPE_ACCESS_ALLOWED_OBJECT $objACE9.Flags = $ADS_FLAG_OBJECT_TYPE_PRESENT $objACE9.ObjectType = $VALIDATED_SPN $objDACL.AddAce ($objACE1) $objDACL.AddAce ($objACE2) $objDACL.AddAce ($objACE3) $objDACL.AddAce ($objACE4) $objDACL.AddAce ($objACE5) $objDACL.AddAce ($objACE6) $objDACL.AddAce ($objACE7) $objDACL.AddAce ($objACE8) $objDACL.AddAce ($objACE9) $objSecurityDescriptor.DiscretionaryAcl = $objDACL $objComputer.Put ("ntSecurityDescriptor", $objSecurityDescriptor) $objComputer.SetInfo EndFunc ;==>_ADCreateComputer ; _ADDeleteObject ; $object = SamAccountName of object to delete. $type="user" or "group". ; Returns 0 if object doesn't exist, otherwise Returns 1 Func _ADDeleteObject($ou, $object, $type) $objcn = "CN=" & StringReplace($object, ",", "\,") $ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $ou) $objOU.Delete ($type, $objcn) Return 1 EndFunc ;==>_ADDeleteObject ; _ADGetObjectClass ; Returns the Class of an object. Returns 0 if the object does not exist. Func _ADGetObjectClass($object) If _ADObjectExists($object) = 0 Then Return 0 $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the object $ldap_entry = $objRecordSet.fields (0).value $oObject = ObjGet($ldap_entry) ; Retrieve the COM Object for the object Return $oObject.Class EndFunc ;==>_ADGetObjectClass ; _ADGetObjectClassFromFQDN ; Returns the Class of an objectfrom an objects FQDN. Returns 0 if the object does not exist. Func _ADGetObjectClassFromFQDN($object) $object = StringReplace($object, "/", "\/") $oObject = ObjGet("LDAP://" & $strHostServer & "/" & $object) ; Retrieve the COM Object for the object If IsObj($oObject) = 0 Then Return 0 Return $oObject.Class EndFunc ;==>_ADGetObjectClassFromFQDN ; _ADGetObjectAttribute ; Retrieves the specified (single-value) attribute for the given SamAccountName ; Returns 0 if the object does not exist, the attribute does not exist for that ; object or if the value is multi-string. ; Otherwise returns the result Func _ADGetObjectAttribute($object, $attribute) If _ADObjectExists($object) = 0 Then Return 0 $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $object & ");ADsPath;subtree" $objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the object $ldap_entry = $objRecordSet.fields (0).value $oObject = ObjGet($ldap_entry) ; Retrieve the COM Object for the object $result = $oObject.Get ($attribute) $oObject.PurgePropertyList If $result = "" Then Return "" Else Return $result EndIf EndFunc ;==>_ADGetObjectAttribute ; _ADListDomainControllers ; Retrieves the names of all domain controllers in the current Domain Func _ADListDomainControllers(ByRef $DCList) $objCommand = ObjCreate("ADODB.Command") $objCommand.ActiveConnection = $objConnection $objCommand.Properties ("Page Size") = 1000 $objCommand.Properties ("Searchscope") = 2 $objCommand.CommandText = "Select distinguishedName FROM 'LDAP://" & $strHostServer & "/ou=Domain Controllers," & $strDNSDomain & "' WHERE objectclass='computer'" $objRecordSet = $objCommand.Execute Dim $DCList[$objRecordSet.RecordCount + 1] $objRecordSet.MoveFirst Do $DCList[0] += 1 $objCommand.CommandText = "<LDAP://" & $strHostServer & "/" & $objRecordSet.Fields ("distinguishedName").Value & ">;;serverReferenceBL;Range=0-*;base" $objRecSet2 = $objCommand.Execute $objRecSet2.MoveFirst Do $temparray = $objRecSet2.Fields (0).Value $DCList[$DCList[0]] = $temparray[0] $objRecSet2.MoveNext Until $objRecSet2.EOF $objRecordSet.MoveNext Until $objRecordSet.EOF EndFunc ;==>_ADListDomainControllers ; _ADOUObjectNames ; A faster call for returning the Display Name of objects in a given OU Func _ADOUObjectNames(ByRef $objects, $ou, $filter = 0) Local $i $objOU = ObjGet("LDAP://" & $strHostServer & "/" & $ou) If $filter <> 0 Then $objOU.Filter = $filter Dim $tempobjects[100000] $i = 0 For $object In $objOU $tempobjects[$i] = $object.name $i+=1 Next If $i = 0 Then $objects = 0 Return EndIf Dim $objects[$i+1] $objects[0] = $i For $j = 1 To $i $tempstr = $tempobjects[$j-1] $tempstr = StringTrimLeft($tempstr,3) $objects[$j] = StringReplace($tempstr,"\,",",") Next EndFunc ;==>_ADOUObjectNames
PsaltyDS Posted August 10, 2007 Posted August 10, 2007 Several other topics link specifically to the post below as the source of Adfunctions.au3. But there is no attachment or download link that I can see now. It must have been there before... Can we get somebody with the latest version to post it back?There was an issue with the AutoIt Forum's FileMan function, and I wonder if it ate the Adfunctions.au3 UDF... I have attached the latest version of the ADFunction.au3 file. There are a couple of things that have changed (most notably the return array from GetUserGroups) and a few new functions.You are correct that the .delete function requires a 'type' and a 'name'. The function in the current version looks like this;; _ADDeleteObject; $object = SamAccountName of object to delete. Returns 0 if object doesn't exist, otherwise Returns 1Func _ADDeleteObject($ou, $object, $type) $objcn = "CN=" & StringReplace($object, ",", "\,") $ObjOU = ObjGet("LDAP://" & $strHostServer & "/" & $ou) $objOU.Delete ($type, $objcn) Return 1EndFunc ;==>_ADDeleteObjectThis allows the deletion of groups, using a $type="group". It should also work for users, contacts and other categories of object, but I haven't tested this.Hope this helps. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Johny Clelland Posted August 10, 2007 Author Posted August 10, 2007 This reply should have the latest version of ADFunctions attached.adfunctions.zip
Raja Posted August 10, 2007 Posted August 10, 2007 Thanks Guys! Much appreciate your quick response and help. Hoping that Johny can do the needful. :-)
WSCPorts Posted August 14, 2007 Posted August 14, 2007 how to call IADsComputer.get_NetAddress(BSTR *String)?? and can autotit call com methods? and why do i error out to olly when i do? http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
PsaltyDS Posted August 14, 2007 Posted August 14, 2007 how to call IADsComputer.get_NetAddress(BSTR *String)?? and can autotit call com methods? and why do i error out to olly when i do? Hmmm... The property is get_NetAdresses (plural) and does not need a parameter. According to IADsComputer Property Methods on MSDN, it should return an array but I don't get that far... #include <array.au3> ; for _ArrayDisplay() $sComputerName = @ComputerName $oWinNT = ObjGet("WinNT://" & $sComputerName & ",computer") If IsObj($oWinNT) Then $avNetAdxs = $oWinNT.get_NetAddresses If IsArray($avNetAdxs) Then _ArrayDisplay($avNetAdxs, "Debug: $avNetAdxs") Else ConsoleWrite("Debug: Error! $avNetAdxs is not an array." & @LF) EndIf Else ConsoleWrite("Debug: Error! Failed to connect to WinNT provider" & @LF) EndIf Fails with: C:\AutoIT\Scripts\Test1.au3 (6) : ==> The requested action with this object has failed.: $avNetAdxs = $oWinNT.get_NetAddress $avNetAdxs = $oWinNT.get_NetAddress^ ERROR ->19:08:27 AutoIT3.exe ended.rc:1 +>19:08:29 AutoIt3Wrapper Finished Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
ptrex Posted August 15, 2007 Posted August 15, 2007 @allSorry guys but this is not supported : ADSI interfacesRegards,ptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New
PsaltyDS Posted August 15, 2007 Posted August 15, 2007 @allSorry guys but this is not supported : ADSI interfacesRegards,ptrexWell, that's just... just... RUDE! Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
WSCPorts Posted August 16, 2007 Posted August 16, 2007 expandcollapse popup#include <GuiConstants.au3> Global $NameSpace = ObjGet("WinNT:") Global $objDomain,$objPDC,$objComputer Dim $Filter[2] Dim $Stack[4096] Dim $StackPtr Dim $NetString,$DomString,$CompString,$oComputer GUICreate("Active Directory Computer Information Tool",300,250,100,300) GUISetState (@SW_SHOW) $DomList = GUICtrlCreateList("",10,10,250,100) $IPList = GUICtrlCreateList("",10,105,250,100) GetComputerNames() $msg = 0 While $msg <> $GUI_EVENT_CLOSE $msg = GUIGetMsg() Select case $msg = $DomList EndSelect Wend Exit ;stack[3~4096] are return areas unless otherwise stated in function ;Stack[2] = NumOfCurrentEntry ;Stack[1] = static Base ;Stack[0] = good or bad return 0 : 1 Func GetDomainNames() InitStack() $Filter[0] = "Domain" $NameSpace.Filter = $Filter For $objDomain in $NameSpace Push($objDomain.Name) Next DumpStack($DomList) EndFunc Func GetComputerNames() GetDomainNames() $DomString = Pop() $objPDC = ObjGet("WinNT://" & $DomString) If(IsObj($objPDC)) Then Cscl() $Filter[0] = "Computer" $objPDC.Filter = $Filter For $objComputer In $objPDC If(IsObj($objComputer)) Then Push("Computer Name: " & $objComputer.Name) Push("Computer OS: " & $objComputer.OperatingSystem) Push("Computer OS Version: " & $objComputer.OperatingSystemVersion) Push("Computer CPU: " & $objComputer.Processor) Push("Computer # CPU; " & $objComputer.ProcessorCount) EndIf DumpStack($IPList) Next Else;shouldnt Execute cleanup more later ... lol $DomString = Pop() Cscl() $objPDC = ObjGet("WinNT://" & $DomString) If(IsObj($objPDC)) Then $Filter[0] = "Computer" $objPDC.Filter = $Filter For $objComputer In $objPDC Push($objComputer.Name) Push($objComputer.OperatingSystem) Next DumpStack($IPList) EndIf EndIf EndFunc Func DumpStack($HWND);recvs WindowHandle to Dump Entries into If($Stack[2] > 0) Then $Stack[0] = 1 Local $NumStackEntry = $Stack[2] Do ;ConsoleWrite($StackPtr) GUICtrlSetData($HWND,$Stack[$Stack[1] + $Stack[2]]) If(@error <> 0) Then $Stack[0] = 0 Return $Stack[0] EndIf $Stack[2] = $Stack[2] - 1 Until $Stack[2] = 0 $Stack[2] = $NumStackEntry Return $Stack[0] Else $Stack[0] = 0 Return $Stack[0] EndIf EndFunc Func InitStack() $Stack[0] = 1;signify good ret $Stack[1] = 3;init stack current location $Stack[2] = 0;init stack Entries counter $StackPtr = $Stack[1] Do;clear rest $Stack[$StackPtr] = 0 $StackPtr = $StackPtr+1 Until $StackPtr >= 4096 $StackPtr = $Stack[1] EndFunc Func Cscl();clear stack current location $Stack[1] = 3 $Stack[2] = 0 EndFunc Func Push($Var) $Stack[2] = $Stack[2] + 1 $StackPtr = $Stack[1] + $Stack[2] $Stack[$StackPtr] = $Var EndFunc Func Pop() $StackPtr = $Stack[1] + $Stack[2] $Stack[2] = $Stack[2] - 1 Return $Stack[$StackPtr] EndFunc Func UserValidate($domain, $UserName, $Password) $Stack[0] = 1 Local $DomObj = $NameSpace.OpenDSObject("WinNT://" & $domain , $UserName, $Password, "&H0001") If @error <> 0 Then $Stack[0] = 0 EndIf Return $Stack[0] EndFunc well i got this far and i thought i saw something that had NSLookup and got the address from the output.. hard to find it... http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
PsaltyDS Posted August 16, 2007 Posted August 16, 2007 well i got this far and i thought i saw something that had NSLookup and got the address from the output.. hard to find it...I'm confused (no news there). Are you still trying to retrieve net addresses? And if so, addresses of what? Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
WSCPorts Posted August 17, 2007 Posted August 17, 2007 i simple used the beta function TcpNameToIp($computer.name) it works great... ty so much for ur help ;} http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]
ale1981 Posted August 31, 2007 Posted August 31, 2007 Anybody know why I am getting this error? C:\Program Files\AutoIt3\Include\adfunctions.au3 (277) : ==> Error in expression.: $ismember = $objGroup.IsMember ("LDAP://" & $strHostServer & "/" & $user) $ismember = ^ ERROR All I am calling is; #include <adfunctions.au3> If _ADIsMemberOf("Administrators", "Admin") Then MsgBox(64, "", "True") EndIf
PsaltyDS Posted August 31, 2007 Posted August 31, 2007 Anybody know why I am getting this error? C:\Program Files\AutoIt3\Include\adfunctions.au3 (277) : ==> Error in expression.: $ismember = $objGroup.IsMember ("LDAP://" & $strHostServer & "/" & $user) $ismember = ^ ERROR All I am calling is; #include <adfunctions.au3> If _ADIsMemberOf("Administrators", "Admin") Then MsgBox(64, "", "True") EndIf The context is domain not local so $strHostServer is the DNS host, which is likely a DC also (AD integrated DNS being most likely). If it's a DC, then the group "Administrators" is not valid, being replaced by "Domain Admins" on a DC. Do you get the same if you use _ADIsMemberOf("Domain Admins", "Admin"), or a definite invalid group like _ADIsMemberOf("Dingleberries", "Admin")? Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
ale1981 Posted August 31, 2007 Posted August 31, 2007 (edited) Yes still same error using Domain Admins. I actually get an error message box to, sorry forgot to add this in the first post; We intercepted a COM Error ! Number is: 80072032 Windescription is: An invalid dn syntax has been specified. Script Line number is: 276 Do i actually have to configure anything inside adfunctions.au3 or my program first? Edited August 31, 2007 by ale1981
jkovarik Posted September 13, 2007 Posted September 13, 2007 Hi All, Just found out about AutoIT and found this ADFunctions.au3 script which i think can help me greatly in automating mailbox creations and permissioning - but I do not for the life of me know how to run it specifiying the parts and variables that I want to use. Any help at all would be great as I can't seem to find any! Cheers in advance
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now