How To Query Distinguished Name In AD - AutoIt

Maybe your like

Jump to content

Browse
- Forums
- Downloads
- Events
- Forum Rules
- More
Wiki
AutoIt Resources
- Release
  - Installer
  - Help file
  - Editor
- Beta
  - Installer
  - Help file
  - Editor
- Git
FAQ
More
- More

Everywhere
This Forum
This Topic
Topics
Files
Pages
Articles
Events
Members

AutoIt General Help and Support

All Activity

Home
AutoIt v3
AutoIt Help and Support
AutoIt General Help and Support
How to Query Distinguished Name in AD

How to Query Distinguished Name in AD Bodman

By Bodman January 11, 2011 in AutoIt General Help and Support

Share https://www.autoitscript.com/forum/topic/124116-how-to-query-distinguished-name-in-ad/ More sharing options... Followers 0

Prev
1
2
3
Next
Page 1 of 3

Recommended Posts

Bodman

Posted January 11, 2011

Bodman

Active Members
- 53

Posted January 11, 2011 (edited)

Hi, I am trying to output 2 figures from AD

The First is to count how many users in AD have the String OU=C3084* in the Distinguished name attribute and

the second is of the first output how many have them have the mail attribute set.

I have read what feels like the entire internet about adfunctions but im not sure how to start Can anyone point me in the right direction please

I was trying to run a query like this

$objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)(ou=*c3408*)); distinguishedname,mail;subtree"

to no avail

Any pointers in the right direction appreciated

//Bodman

Edited January 11, 2011 by Bodman

Replies 41
Created 15 yr
Last Reply 15 yr

Posted Images

enaiman

Posted January 12, 2011

enaiman

Active Members
- 1.9k

Posted January 12, 2011

Did you have a look at Active Directory UDF?

There isn't anything in there to help you?

SNMP_UDF ... for SNMPv1 and v2c so far, GetBulk and a new example script

wannabe "Unbeatable" Tic-Tac-Toe

Paper-Scissor-Rock ... try to beat it anyway :)

water

Posted January 13, 2011

water

MVPs
- 26.8k
- 199

Posted January 13, 2011 (edited)

To get all users with mail attribute set you could use

#include <ad.au3> _AD_Open() $aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName") _ArrayDisplay($aResult) _AD_Close()

I'm investigating how to query the OU.

Edit: Unfortunately you can't use a wildcard with a distinguishedName (according to the X.500 standards). So you have to do it yourself:

#include <ad.au3> Global $aResult[1] $sOU = "OU=C3084" _AD_Open() $aOUs = _AD_GetAllOUs() For $iIndex = 1 To $aOUs[0][0] $aTemp = StringSplit($aOUs[$iIndex][1], ",") If StringInStr($aTemp[1], $sOU) > 0 Then $aMail = _AD_GetObjectsInOU($aOUs[$iIndex][1],"(&(objectCategory=person)(objectClass=user)(mail=*))",1,"samAccountName") _ArrayConcatenate($aResult, $aMail, 1) EndIf Next $aResult[0] = UBound($aResult, 1) - 1 _ArrayDisplay($aResult) _AD_Close()

This example gets a list of all OUs in your AD, searches for OUs starting with C3084 and queries each of this OUs for all users with attribute mail <> "" and returns the samaccountname. The result is concatenated to a result table.

If you want to get more then the samaccountname then you have to do the concatenation yourself as _ArrayConcatenate only works for 1-dimensional arrays.

Howto use LDAP-Filters: SelfADSI

Edited January 13, 2011 by water

My UDFs and Tutorials:

Spoiler

UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki

Tutorials: ADO - Wiki WebDriver - Wiki

enaiman

Posted January 13, 2011

enaiman

Active Members
- 1.9k

Posted January 13, 2011

Well - you're lucky - you got the help from the person who wrote the UDF

SNMP_UDF ... for SNMPv1 and v2c so far, GetBulk and a new example script

wannabe "Unbeatable" Tic-Tac-Toe

Paper-Scissor-Rock ... try to beat it anyway :)

Bodman

Posted January 20, 2011

Bodman

Active Members
- 53

Author

Posted January 20, 2011

Brilliant thank you (you should see the weird and wonderfull scripts ive been writing to try and get this to work). Ill start trying again now

Bodman

Posted January 20, 2011

Bodman

Active Members
- 53

Author

Posted January 20, 2011 (edited)

ok im missing something here if I run

#include <ad.au3> _AD_Open() $aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user))",2,"samAccountName") _ArrayDisplay($aResult) _AD_Close()

I removed the (mail=*) to try and get a list of all users first but I dont get anything at all returned

I ran

#include <AD.au3> _AD_Open() ConsoleWrite($sAD_DNSDomain & @CRLF) ConsoleWrite($sAD_HostServer & @CRLF) ConsoleWrite($sAD_Configuration & @CRLF) _AD_Close()

and got

DC=mydomain,DC=net

s0000664.mydomain.net

CN=Configuration,DC=mydomain,DC=net

and tried to add that to _AD_Open()but as far as I can see its opening the connection as I get a error code of 1

My domain is 5 levels could that have something to do with it ?

Domain

Continent

Country

Site

SiteID

Users

Although if I run the LDAP query

$objCommand.CommandText = "<LDAP://" & $strDNSDomain & ">;(&(objectCategory=person)(objectClass=user)); name,sAMAccountName,distinguishedname;subtree"

it dumps everything :shifty:

Any help appreciated :nuke:

Bod

Edited January 20, 2011 by Bodman

water

Posted January 20, 2011

water

MVPs
- 26.8k
- 199

Posted January 20, 2011

If you run the _AD_GetobjectsInOU example script - what do you get?

My UDFs and Tutorials:

Spoiler

Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki

Tutorials: ADO - Wiki WebDriver - Wiki

Bodman

Posted January 21, 2011

Bodman

Active Members
- 53

Author

Posted January 21, 2011

If you run the _AD_GetobjectsInOU example script - what do you get?

If I run your ADAudit.au3 script and try any queries I get the error (Is this what u want me to try)

Error 1 in _AD_GetObjectsInOU processing your query:.........

water

Posted January 21, 2011

water

MVPs
- 26.8k
- 199

Posted January 21, 2011 (edited)

If I run your ADAudit.au3 script and try any queries I get the error (Is this what u want me to try)
Error 1 in _AD_GetObjectsInOU processing your query:.........

No, in the AD.ZIP file there is an example script for every function of the Active Directory UDF.

So you can find a _AD_GetObjectsInOU.au3 in the ZIP file.

What do you get if you run this example script?

BTW: Which version of the UDF do you run (can be found in the header - line 11 - of AD.au3)

Edited January 21, 2011 by water

My UDFs and Tutorials:

Spoiler

Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki

Tutorials: ADO - Wiki WebDriver - Wiki

Bodman

Posted January 21, 2011

Bodman

Active Members
- 53

Author

Posted January 21, 2011 (edited)

No, in the AD.ZIP file there is an example script for every function of the Active Directory UDF.
So you can find a _AD_GetObjectsInOU.au3 in the ZIP file.
What do you get if you run this example script?
BTW: Which version of the UDF do you run (can be found in the header - line 11 - of AD.au3)

UDF Version ...: 0.42

Sry I missed the examples in there (DOH) if I run the example script I get a list of everyone in the Same OU that I am in (Example 1 - so it appears to work fine )

post-52553-0-37936700-1295607911_thumb.g

Edited January 21, 2011 by Bodman Bodman

Bodman

Posted January 21, 2011

Bodman

Active Members
- 53

Author

Posted January 21, 2011 (edited)

it looks like if I add

#include <AD.au3> ; Get FQDN for the currently logged on user Global $sFQDN = _AD_SamAccountNameToFQDN() ; Strip off the CN Global $iPos = StringInStr($sFQDN, ",") Global $sOU = StringMid($sFQDN, $iPos + 1) Global $aObjects[1][1]

from the example file then the script may work

//Bod

Edited January 21, 2011 by Bodman

water

Posted January 21, 2011

water

MVPs
- 26.8k
- 199

Posted January 21, 2011 (edited)

As the example script works there just seems to be a problem with the other script.

... then the script may work

What script are you talking about? My script posted in or do you have your own version? Edited January 21, 2011 by water

My UDFs and Tutorials:

Spoiler

Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki

Tutorials: ADO - Wiki WebDriver - Wiki

Bodman

Posted January 21, 2011

Bodman

Active Members
- 53

Author

Posted January 21, 2011 (edited)

Sorry im confusing things, OK

If I run the original script from #3

#include <ad.au3> _AD_Open() $aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName") _ArrayDisplay($aResult) _AD_Close()

I cant get that to work (The script runs, then exits)

However if I take the first part from your example and add it to that script it appears to work.

#include <ad.au3> _AD_Open() ; Get FQDN for the currently logged on user Global $sFQDN = _AD_SamAccountNameToFQDN() ; Strip off the CN Global $iPos = StringInStr($sFQDN, ",") Global $sOU = StringMid($sFQDN, $iPos + 1) Global $aObjects[1][1] $aResult = _AD_GetObjectsInOU($sOU,"(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName") _ArrayDisplay($aResult) _AD_Close()

It looks like for me that the line

$aResult = _AD_GetObjectsInOU($sOU,"(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName")

must have the OU set $sOU instead of "" although as far as I can see "" should be enough to make it work.

//Bod

Edited January 21, 2011 by Bodman

water

Posted January 21, 2011

water

MVPs
- 26.8k
- 199

Posted January 21, 2011 (edited)

I'm confused

In function _AD_GetObjectsInOU the first parameter (starting OU) is replaced with $sAD_DNSDomain if empty.

In your example you start to search in the OU where the currently logged on userid is located.

So:

"" is replaced with "DC=mydomain,DC=net" => should search the entire tree

"OU=User_Accounts,DC=mydomain,DC=net" => only searches the OU (and children) where your userid is located. So you only get a subset of the possible results.

Be sure that parameter 3 ($iAD_SearchScope) is set to 2 so the starting OU plus sub-tree is scanned!

Be sure that the first parameter is two double quotes without a space between them: "" yiels correct results, " " yields nothing!

Let's do some error checking to trap this down:

#include <ad.au3> $iResult = _AD_Open() MsgBox(16, "_AD_Open", "Result: " & $iResult & @CRLF & "Error: " & @error & @CRLF & "Extended: " & @extended) $aResult = _AD_GetObjectsInOU("","(&(objectCategory=person)(objectClass=user)(mail=*))",2,"samAccountName") $iError = @error $iExtended = @extended If IsArray($aResult) Then _ArrayDisplay($aResult) Else MsgBox(16, "_AD_GetObjectsInOU", "Result: " & $aResult & @CRLF & "Error: " & $iError & @CRLF & "Extended: " & $iExtended) EndIf _AD_Close()

Could you please run this script and post the results?

Edited January 21, 2011 by water

My UDFs and Tutorials:

Spoiler

Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki

Tutorials: ADO - Wiki WebDriver - Wiki

Bodman

Posted January 21, 2011

Bodman

Active Members
- 53

Author

Posted January 21, 2011

OK ive attached the results (Screenshots)

post-52553-0-74935900-1295612522_thumb.g

post-52553-0-83943400-1295612530_thumb.g

water

Posted January 21, 2011

water

MVPs
- 26.8k
- 199

Posted January 21, 2011 (edited)

Sorry, I had to edit the script (didn't return the correct @error information).

Could you please rerun the script as it is now and just post the result of the second msgbox?

Thanks

Edited January 21, 2011 by water

My UDFs and Tutorials:

Spoiler

Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki

Tutorials: ADO - Wiki WebDriver - Wiki

Bodman

Posted January 21, 2011

Bodman

Active Members
- 53

Author

Posted January 21, 2011

second box

post-52553-0-59500500-1295613386_thumb.g

water

Posted January 21, 2011

water

MVPs
- 26.8k
- 199

Posted January 21, 2011 (edited)

Sh......t! Once again I introduced a bug in this simple script!

I once more edited the script. Could you please rerun it?

_AD_GetObjectsInOU(" ", ..)had to be changed to_AD_GetObjectsInOU("", ..)

Edit: Have to leave now for the weekend. I'm sure we will trap down this problem in the next few days

Edited January 21, 2011 by water

My UDFs and Tutorials:

Spoiler

Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki

Tutorials: ADO - Wiki WebDriver - Wiki

Bodman

Posted January 21, 2011

Bodman

Active Members
- 53

Author

Posted January 21, 2011

here you go

Can I just say thanks for all your time your putting into this. its been driving me insane trying to get it working

post-52553-0-26701800-1295615650_thumb.g

water

Posted January 21, 2011

water

MVPs
- 26.8k
- 199

Posted January 21, 2011 (edited)

Can I just say thanks for all your time your putting into this.

Can't help - it's my baby

@error = 3 means: No records returned from Active Directory. $sAD_Filter didn't return a record

So let's reduce the filter! Could you please try this little test script:

#include <ad.au3> $iResult = _AD_Open() $aResult = _AD_GetObjectsInOU("","(mail=*)",2,"samAccountName") $iError = @error $iExtended = @extended If IsArray($aResult) Then _ArrayDisplay($aResult) Else MsgBox(16, "_AD_GetObjectsInOU", "Result: " & $aResult & @CRLF & "Error: " & $iError & @CRLF & "Extended: " & $iExtended) EndIf _AD_Close() Edited January 21, 2011 by water

My UDFs and Tutorials:

Spoiler

Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki

Tutorials: ADO - Wiki WebDriver - Wiki

Prev
1
2
3
Next
Page 1 of 3

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign in

Already have an account? Sign in here.

Sign In Now Share https://www.autoitscript.com/forum/topic/124116-how-to-query-distinguished-name-in-ad/ More sharing options... Followers 0 Go to topic listing

All Activity

Home
AutoIt v3
AutoIt Help and Support
AutoIt General Help and Support
How to Query Distinguished Name in AD

Existing user? Sign In
Sign Up

Browse
- Back
- Forums
- Downloads
- Events
- Forum Rules
Wiki
AutoIt Resources
- Back
- Release
  - Back
  - Installer
  - Help file
  - Editor
- Beta
  - Back
  - Installer
  - Help file
  - Editor
- Git
FAQ

Create New...

Tag » Active Directory Search By Distinguished Name

Recommended Posts

Bodman

Bodman

Top Posters In This Topic

Top Posters In This Topic

Posted Images

enaiman

enaiman

water

water

enaiman

enaiman

Bodman

Bodman

Bodman

Bodman

water

water

Bodman

Bodman

water

water

Bodman

Bodman

Bodman

Bodman

water

water

Bodman

Bodman

water

water

Bodman

Bodman

water

water

Bodman

Bodman

water

water

Bodman

Bodman

water

water

Create an account or sign in to comment

Create an account

Sign in

Browse

AutoIt Resources

Release

Beta

Contact