Active Directory Scripts

[BuckeyeFan]

Newbie Needs Help

I've tried to use _ADModifyAttribute, _ADObjectExists, and _ADSamAccountNametoFQDN and can't get any of them to work. Perhaps I don't know how to feed these functions the samAccountName. I downloaded the lastest adfunctions.au3 file and have it include in my script. Here are some excerpts from my code...

$object = @ComputerName

$result = _ADObjectExists($object)

MsgBox(0,"test", $result)

This will return a 0 and can't find my computer name. I tried putting CN= in front of it and tried using my username with and without the CN= as an object name as well.

$result = _ADSamAccountNametoFQDN($object)

MsgBox(0,"test", $result)

This will return an empty string

Anyone have any ideas as to what I'm doing wrong?? This UDF looks great but I'm not having any luck in using any of the functions. ...and yes, I am a part of the domain and am logged into it.

The global variables $strDNSDomain and $strHostServer do populate correctly.

[ZipleR]

Have not had a chance yet, but I am sure I will be able to use quite a few of these functions. Seems alot cleaner than running a command line tool like DSGet and capturing the output (Yep thats what I do) ...

Is there a way to get the context help added to Scite?

Thanks!

ZipleR

[Johny Clelland]

BuckeyeFan,

The problem here is that Computer's SamAccountName attribute in ADSI have a '$' symbol on the end of them. If you change the first line of your code to this;

$object = @Computername & "$"

Then it should work. The full code would look like this;

$object = @ComputerName & "$"
$result = _ADObjectExists($object)
MsgBox(0,"",$result)

$result = _ADSamAccountNametoFQDN($object)
MsgBox(0,"",$result)

Hope that helps.

Johny.

Newbie Needs Help

I've tried to use _ADModifyAttribute, _ADObjectExists, and _ADSamAccountNametoFQDN and can't get any of them to work. Perhaps I don't know how to feed these functions the samAccountName. I downloaded the lastest adfunctions.au3 file and have it include in my script. Here are some excerpts from my code...

$object = @ComputerName

$result = _ADObjectExists($object)

MsgBox(0,"test", $result)

This will return a 0 and can't find my computer name. I tried putting CN= in front of it and tried using my username with and without the CN= as an object name as well.

$result = _ADSamAccountNametoFQDN($object)

MsgBox(0,"test", $result)

This will return an empty string

Anyone have any ideas as to what I'm doing wrong?? This UDF looks great but I'm not having any luck in using any of the functions. ...and yes, I am a part of the domain and am logged into it.

The global variables $strDNSDomain and $strHostServer do populate correctly.

[new2this]

Is there a help associated with the adfunctions.au3? I am finding it difficult to understand which variables get provided when calling a function. I have been working with AutoIT for about a year and have always relied on the help to find out what information to include with functions. Any help would be greatly appreciated.

Even a simple MsgBox that displays the current domain controllers. What information to I need to provide when using:

MsgBox(0,"MSG box sample", _ADListDomainControllers())

Thanks again.

[new2this]

Turns out, I have never worked with the ByRef and didn't really know what to do with it. I have muddled my way through some of this adfunctions.au3 and will be eagerly awaiting a help file.

[OptimalKiller]

Don't know where to post it, so I'll put it here:

This is a sample to find out which accounts are disabled at the moment. I'm sure it's not the straightest way to do it, I just did a copy and paste and added four lines. You can easily find them, since they look kina ugly...

expandcollapse popup

#include 'adfunctions.au3'

Dim $objConnection, $objRootDSE, $objRecordSet, $arrContainers, $garrContainers

$objConnection = ObjCreate("ADODB.Connection")  ; Create COM object to AD
$objCommand = ObjCreate("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider")  ; Open connection to AD
$objCommand.ActiveConnection = $objConnection
$objCommand.Properties ("Page Size") = 1000
$objCommand.Properties ("Searchscope") = 2
$objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext")  ; Retrieve the current AD domain name
$Domain=StringSplit($strDNSDomain, '=')
$Domain=StringTrimRight($Domain[2], 3)

_ADGetObjectsInOU ($arrContainers, $strDNSDomain, "objectclass='organizationalPerson'", 2)

Const $ADS_NAME_INITTYPE_GC = 3
Const $ADS_NAME_TYPE_NT4 = 3
Const $ADS_NAME_TYPE_1779 = 1
$objTrans = ObjCreate("NameTranslate")
$objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
$objTrans.Set ($ADS_NAME_TYPE_1779, $Domain)

For $c = 1 To UBound($arrContainers) - 1
    $objTrans.Set ($ADS_NAME_TYPE_NT4, $Domain & '\' & $arrContainers[$c])
    $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
    $UserObj = ObjGet("LDAP://" & $strUserDN)
    $State=$UserObj.userAccountControl
    If $State = '514' Or $State = '66050' Then ConsoleWrite($arrContainers[$c]&@CR)
Next        

;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError

By the way: is there a place to find all the properties that you can get via AD? I found http://www.microsoft.com/technet/prodtechn...4.mspx?mfr=true (Sorry, it's german ) , seems to be pretty close. Can you give me other hints/links?

Err, could someone move this to the examples-forum, please?

Hi All I'm very new to this, But I have download the latest adfuctions.au3 and I'm useing the above to test to see if this script works, and I get the following error message when I run the program.

We Intercepted a COM Error!

Number is: 000000A9

Windescription is:Varible must be of type 'Object'.

Script Line number is:641

can any one please help me I'm new to this!!!!

TIA

Optimal

Even when I try to run this script just an empty box pops up.!!! btw 'adfunctions.au3' has been saved in the includes folder

#include 'adfunctions.au3'

Const $ADS_NAME_INITTYPE_GC = 3

Const $ADS_NAME_TYPE_NT4 = 3

Const $ADS_NAME_TYPE_1779 = 1

$Domain = 'Carshalton'

$Userid = 'levitong'

$objTrans = ObjCreate("NameTranslate")

$objTrans.Init ($ADS_NAME_INITTYPE_GC, "")

$objTrans.Set ($ADS_NAME_TYPE_1779, $strDNSDomain)

$objTrans.Set ($ADS_NAME_TYPE_NT4, $Domain & "\" & $Userid)

$UserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)

MsgBox(0,"full domain path",$UserDN)

Edited November 21, 2007 by OptimalKiller

[Yorn]

Are you aware that if _ADGetObjectAttribute(@UserName,"mail") is run and the currently logged in user does not have an email set, the script crashes and whatever program/script you have running just exits with a hex error? I'm looking at coding a workaround.

Error:

(339) : ==> Badly formated variable or macro.:

$oMyRet[0] = $HexNumber

$oMyRet^ ERROR

Edited November 26, 2007 by Yorn

[ghetek]

Can someone please post an example of how to retrieve the first and last name of users in a certain group?

[Yorn]

$AD_FName = _ADGetObjectAttribute(@UserName,"givenName")

$AD_LName = _ADGetObjectAttribute(@UserName,"sn")

The above puts the First Name of the currently logged in user into $AD_FName and the Last Name into $AD_LName.

I think one of the functions pulls all the users of a group into an array for you, so then you could cycle through the array using a while and pop out the usernames and such. I'm not certain what it would look like myself.

[ZipleR]

I have a script which is am using to create user accounts. When creating user accounts I need to add users to groups like "DL/All Users". When using _ADAddUserToGroup, _ADIsMemberOf, or _ADSamAccountNameToFQDN they error out with an error. (I am passing the FQDN appropriatly as I can get the same functions to work on other groups)

I am thinking this has something to do with the fact that the Group name has a "/" in it, but I am not sure how else I can pass that.

Is there something that can be done so these functions will work? Do you think it is the way LDAP handles the slash, or the way the parameters are passed between functions?

Here is an example of the error for _ADAddUserToGroup

------------------------------------------------------------

We intercepted a COM Error !

Number is: 90072032

Windescriptiopn is: An invalid dn syntax has been specified.

Script line number is: 283

------------------------------------------------------------

Here is line 283

$ObjGroup = ObjGet("LDAP://" & $strHostServer & "/" & $group)

Any help would be appreciated.

Thanks!

Edited January 17, 2008 by ZipleR

[ZipleR]

I found a work around for now by using the command dsmod. This only works if I manually supply the group name compleatly enclosed in quotes. (See Below)

$UserFQDN = _ADSamAccountNameToFQDN($UserName)
Runwait('dsmod group "CN=DL/Long list of Users,CN=Recipients,CN=Users,DC=test,DC=com" -addmbr "' & $UserFQDN & '"',"",@SW_HIDE)

I still can not use ADTools to do anything with groups that contain a forward slash (/)

Thanks!

[AlVanzoy]

This is great! Hoping to have a functions like this on the next autoIT version release as a UDF with help file.

[dmorand]

Do I have to be on a domain controller in order to use these scripts? I'm trying to create a script which will take users from a csv file and add them to a new active directory group.

[PsaltyDS]

Do I have to be on a domain controller in order to use these scripts? I'm trying to create a script which will take users from a csv file and add them to a new active directory group.

You don't have to be on the DC, but you do need network access to one and appropriate permissions for your intended actions in the AD.

[surveyor]

Hi,

I'm testing adfunctions.au3 and get an error:

>Running:(3.2.10.0):C:\Programme\AutoIt3\autoit3.exe "D:\CreateGroups.au3"  
C:\Programme\AutoIt3\Include\adfunctions.au3 (174) : ==> Missing right bracket ')' in expression.: 
$ObjGroup = $ObjOU.Create ("Group", $groupcn) 
$ObjGroup = ^ ERROR
->10:18:43 AutoIT3.exe ended.rc:1

Can someone help me with that?

[linkit]

Hello,

I am a newbie. So I think, i wrote my script wrong. Could anyone help me ?

I downloaded and installed (in the include dir) the ad-scripts.

I want to know, if someone is in the ad group.

The group name is allrights and the name of the user is george (for example).

What do I wrong ?

Look at my script now:

;#include "c:\programme\autoit3\include\adfunctions.au3"

#include "adfunctions.au3"

$x = _ADIsMemberOf("allrights","george")

If I start this script - I get only an error.

Thank you for your help.

linkit

P.S.:

The Error Message:

C:\Program Files\AutoIt3\Include\adfunctions.au3 (277) : ==> Error in expression.:

$ismember = $objGroup.IsMember ("LDAP://" & $strHostServer & "/" & $user)

$ismember = ^ ERROR

>Exit code: 1 Time: 5.712

Edited February 17, 2008 by linkit

[BrettF]

What happens if you move line 93 of adfunctions.au3 to the top? What is the error then?

@surveyor- Line 174 (the line that fails for you), is blank for me. Do you have a script I can test with please?

Edited February 17, 2008 by Bert

[surveyor]

What happens if you move line 93 of adfunctions.au3 to the top? What is the error then?

@surveyor- Line 174 (the line that fails for you), is blank for me. Do you have a script I can test with please?

I have set

Global $objRootDSE = ObjGet("LDAP://RootDSE")

to the top but it's the same error.

[surveyor]

I have set

Global $objRootDSE = ObjGet("LDAP://RootDSE")

to the top but it's the same error.

#include <adfunctions.au3>

_ADCreateGroup("LDAP://OU=Gruppen,OU=GV,DC=fhhnet,DC=stadt,DC=hamburg,DC=de", "G-GV-_Testgruppe", $ADS_GROUP_TYPE_GLOBAL_SECURITY)

Exit

[BrettF]

I have set

Global $objRootDSE = ObjGet("LDAP://RootDSE")

to the top but it's the same error.

Sorry... Thats line... 84 for me. I thought we were using the same script? Move $oMyError = ObjEvent("AutoIt.Error", "_ADDoError") ; Install a custom error handler to the top...