KIXKicks
(Starting to like KiXtart)
2002-11-16 10:51 PM
Pulling info from AD

How can one pull the "Office" value from a User in Active Directory using KIX? I have look around here but not finding anything that can help or works.

KIXKicks
(Starting to like KiXtart)
2002-11-16 11:03 PM
Re: Pulling info from AD

More info...

I am trying to determine which server to attach the user to. The user would be attaching via VPN.

All users are part of one domain. All users have the Office field fill-in.

Site1 is the default location in the current script.

For example, Joe Blow (JBlow) belongs to the Site2 location. When he connects via VPN, it doesn't know that he belongs to Site2 and maps his network drives to Site1. Since he is using a non-domain account, I can't use the INGROUP feature.

I would just like some code that could return the Office value for a given user.

Howard Bullock
(KiX Supporter)
2002-11-16 11:04 PM
Re: Pulling info from AD

Use the ADSI LDAP:// provider via COM.

$obj = GetObject(LDAP://domain/DN)
$Office = $obj.Get("Office")

Something close to this should work.

Howard Bullock
(KiX Supporter)
2002-11-16 11:25 PM
Re: Pulling info from AD

Start with this code:
code:
$sysinfo = CreateObject("adsysteminfo")
if vartypename($sysinfo)='object'

   ; Get user's distinguished name (DN) ...
   $username = $sysinfo.username

   ?"ADsPath = $username"

   ; Bind directly to user's active directory object ...
   $user = GetObject("LDAP://" + $username)

   if vartypename($user)='object'

      ; Get the path of the parent container ...
      $parentpath = $user.parent

      ; Get the parent ...
      $parent = GetObject($parentpath)

      if vartypename($parent)='object'
         $ou = $parent.name

         ?"OrganizationalUnit = $ou"
      else
         ? "Error creating parent object: @error @serror"
      endif
   else
      ? "Error creating user object: @error @serror"
   endif
else
   ? "Error creating adsysteminfo object: @error @serror"
endif
exit
You haven't stated what your client OS is. That could be very important if the client is not AD aware.

[ 16. November 2002, 23:26: Message edited by: Howard Bullock ]

Howard Bullock
(KiX Supporter)
2002-11-16 11:37 PM
Re: Pulling info from AD

Now I am really confused. You stated that the user is NOT using a domain account. How do think you will get the "Office" from the account property if the user is not using the account?

KIXKicks
(Starting to like KiXtart)
2002-11-16 11:38 PM
Re: Pulling info from AD

Clients are running Windows 2000 with SP3 and Windows XP Pro with SP1.

I am getting "An invalid Active Directory pathname was passed"

Is there some values I need to fill in? Any functions I need to add or define?

KIXKicks
(Starting to like KiXtart)
2002-11-16 11:46 PM
Re: Pulling info from AD

Howard,

They are not using a domain account because they are connecting via VPN. Their computer is configured as a WORKGROUP.

For example, Joe Blow is NTCMI\JBlow on the domain. At home he logs into his computer as \\HOMEPC\JBlow. He connects to the VPN and run the Login Script I have written. The login script looks at his IP Address and knows that he is using a VPN Login. It checks his username and creates a variable $NTCMIUSER that equals NTCMI\JBlow. Then it passes this to the USE command to map his network drives. In reference to my previous post, Site1 users have always been the VPN users. Joe Blow is the first Site2. The Server value is hardcoded to Site1. I don't want to have to hardcoded Joe Blow into using Site2. I wanted to see if there is a way to pull any information from AD.

Howard Bullock
(KiX Supporter)
2002-11-16 11:50 PM
Re: Pulling info from AD

That being the case you need to to use my TranslateName() UDF.

You can feed it the NT4 style "Domain\Account" and get back the distinguished name of the user account. With that, you can get the account properties using the first code I posted.

KIXKicks
(Starting to like KiXtart)
2002-11-17 06:02 AM
Re: Pulling info from AD

Howard,

I have use the TranslateName UDF and it is returning the correct values. However, the two line code you gave me is not returning anything. I think the first line is fine.

It is this line that I am wondering about...

$Office = $obj.Get("Office")

Any ideas?

Howard Bullock
(KiX Supporter)
2002-11-17 06:05 AM
Re: Pulling info from AD

Add:
? "@error @serror"

after each of the two lines. What is the error messages are returned?

[ 17. November 2002, 06:06: Message edited by: Howard Bullock ]

KIXKicks
(Starting to like KiXtart)
2002-11-17 06:12 AM
Re: Pulling info from AD

First line - no error - successful

Second line
-2147352567 COM exception error "GET" (Active Directory - The Active Directory property cannot be found in the cache.
) [-2147352567/80020009]

Howard Bullock
(KiX Supporter)
2002-11-17 06:15 AM
Re: Pulling info from AD

Checking the ADSI help file yield a property name "OfficeLocations" not "Office".

KIXKicks
(Starting to like KiXtart)
2002-11-17 06:23 AM
Re: Pulling info from AD

Still no luck...

Here is my code

code:
$DOMAINUSER="NTCMI\"+$USER
	$DN=TranslateName (2, NTCOMM.CONMET.DOM, 3, "$DOMAINUSER", 1)
        ? $DN[0]
   
	$LDAPVALUE="LDAP://NTCOMM.CONMET.DOM/"+$DN[0]
	
	$USERDETAILS=GETOBJECT("$LDAPVALUE")
	? "@error @serror"

	$USEROFFICE=$USERDETAILS.GET("OfficeLocations")
	? "@error @serror"

	? "Office" $USEROFFICE
The line: $USEROFFICE=$USERDETAILS.GET("OfficeLocations") is still returning the error:

CN=MGorretta,CN=Users,DC=conmet,DC=dom
0 The operation completed successfully.
-2147352567 COM exception error "GET" (Active Directory - The Active Directory property cannot be found in the cache.
) [-2147352567/80020009]

Howard Bullock
(KiX Supporter)
2002-11-17 06:34 AM
Re: Pulling info from AD

Try:
using GetEx

$USEROFFICE=$USERDETAILS.GetEx("OfficeLocations")
? "@error @serror"
? VarTypeName ($USEROFFICE)

KIXKicks
(Starting to like KiXtart)
2002-11-17 06:37 AM
Re: Pulling info from AD

Same error...but now Empty is returned...

CN=MGorretta,CN=Users,DC=conmet,DC=dom
0 The operation completed successfully.
-2147352567 COM exception error "GetEx" (Active Directory - The Active Directory property cannot be found in the cache.
) [-2147352567/80020009]
Empty
Office

Howard Bullock
(KiX Supporter)
2002-11-17 06:43 AM
Re: Pulling info from AD

At this point I do not know why you are having this problem. Are you sure that the data you want is located in the OfficeLocations property?

As a secondary thought, have you considered creating an OU for each site and moving the account into a "Site" OU? Since you can now get the DN, you can parse it to obtain the Site.

I am ckecking my AD now to see why this is being such a pain.

KIXKicks
(Starting to like KiXtart)
2002-11-17 06:50 AM
Re: Pulling info from AD

Not sure what is happen...

If I use:

$USEROFFICE=$USERDETAILS.GetInfo

I get no error, but no data either!

I do know that other fields are filled out like First Name and Last Name, E-Mail Address, etc...maybe we should try one of them?

Howard Bullock
(KiX Supporter)
2002-11-17 07:00 AM
Re: Pulling info from AD

My EnumObjProps.kix script shows the following properties:

Class: user
GUID: {228D9A87-C302-11CF-9AA4-00AA004A5691}
Implemented by: {228D9A84-C302-11CF-9AA4-00AA004A5691}

Container Object
Class Contains:
nTFRSSubscriptions
classStore
Mandatory Properties in this Class:
cn
instanceType
nTSecurityDescriptor
objectCategory
objectClass
objectSid
sAMAccountName

Optional Properties in this Class:
accountExpires
accountNameHistory
aCSPolicyName
adminCount
adminDescription
adminDisplayName
allowedAttributes
allowedAttributesEffective
allowedChildClasses
allowedChildClassesEffective
altSecurityIdentities
assistant
badPasswordTime
badPwdCount
bridgeheadServerListBL
c
canonicalName
co
codePage
comment
company
controlAccessRights
countryCode
createTimeStamp
dBCSPwd
defaultClassStore
department
description
desktopProfile
destinationIndicator
directReports
displayName
displayNamePrintable
distinguishedName
division
dSASignature
dSCorePropagationData
dynamicLDAPServer
employeeID
extensionName
facsimileTelephoneNumber
flags
fromEntry
frsComputerReferenceBL
fRSMemberReferenceBL
fSMORoleOwner
garbageCollPeriod
generationQualifier
givenName
groupMembershipSAM
groupPriority
groupsToIgnore
homeDirectory
homeDrive
homePhone
homePostalAddress
info
initials
internationalISDNNumber
ipPhone
isCriticalSystemObject
isDeleted
isPrivilegeHolder
l
lastKnownParent
lastLogoff
lastLogon
legacyExchangeDN
lmPwdHistory
localeID
lockoutTime
logonCount
logonHours
logonWorkstation
mail
managedObjects
manager
masteredBy
maxStorage
memberOf
mhsORAddress
middleName
mobile
modifyTimeStamp
mS-DS-ConsistencyChildCount
mS-DS-ConsistencyGuid
mS-DS-CreatorSID
mSMQDigests
mSMQDigestsMig
mSMQSignCertificates
mSMQSignCertificatesMig
msNPAllowDialin
msNPCallingStationID
msNPSavedCallingStationID
msRADIUSCallbackNumber
msRADIUSFramedIPAddress
msRADIUSFramedRoute
msRADIUSServiceType
msRASSavedCallbackNumber
msRASSavedFramedIPAddress
msRASSavedFramedRoute
name
netbootSCPBL
networkAddress
nonSecurityMemberBL
ntPwdHistory
o
objectGUID
objectVersion
operatorCount
otherFacsimileTelephoneNumber
otherHomePhone
otherIpPhone
otherLoginWorkstations
otherMailbox
otherMobile
otherPager
otherTelephone
otherWellKnownObjects
ou
pager
partialAttributeDeletionList
partialAttributeSet
personalTitle
physicalDeliveryOfficeName
possibleInferiors
postalAddress
postalCode
postOfficeBox
preferredDeliveryMethod
preferredOU
primaryGroupID
primaryInternationalISDNNumber
primaryTelexNumber
profilePath
proxiedObjectName
proxyAddresses
pwdLastSet
queryPolicyBL
registeredAddress
replPropertyMetaData
replUpToDateVector
repsFrom
repsTo
revision
rid
sAMAccountType
scriptPath
sDRightsEffective
securityIdentifier
seeAlso
serverReferenceBL
servicePrincipalName
showInAddressBook
showInAdvancedViewOnly
sIDHistory
siteObjectBL
sn
st
street
streetAddress
subRefs
subSchemaSubEntry
supplementalCredentials
systemFlags
telephoneNumber
teletexTerminalIdentifier
telexNumber
terminalServer
textEncodedORAddress
thumbnailLogo
thumbnailPhoto
title
tokenGroups
tokenGroupsGlobalAndUniversal
tokenGroupsNoGCAcceptable
unicodePwd
url
userAccountControl
userCert
userCertificate
userParameters
userPassword
userPrincipalName
userSharedFolder
userSharedFolderOther
userSMIMECertificate
userWorkstations
uSNChanged
uSNCreated
uSNDSALastObjRemoved
USNIntersite
uSNLastObjRem
uSNSource
wbemPath
wellKnownObjects
whenChanged
whenCreated
wWWHomePage
x121Address

I do not see any Office* properties. Can you verify the data and property name? Use LDP.exe from the W2K support tools to browse the user object properties.

KIXKicks
(Starting to like KiXtart)
2002-11-17 07:03 AM
Re: Pulling info from AD

Howard,

I got it...

code:
$USEROFFICE=$USERDETAILS.PhysicalDeliveryOfficeName
	? "@error @serror"
	? $USEROFFICE
Found it in a related post awhile back...

Thanks for all your help...It would not have possible without it...

KIXKicks

Howard Bullock
(KiX Supporter)
2002-11-17 07:03 AM
Re: Pulling info from AD

Just found that Officelocations maps to physicalDeliveryOfficeName.

Use this property and let me know.

Howard Bullock
(KiX Supporter)
2002-11-17 07:04 AM
Re: Pulling info from AD

Well look at that. A simultaneous solution.

[ 17. November 2002, 07:05: Message edited by: Howard Bullock ]

Radimus
(KiX Supporter)
2003-07-28 08:35 PM
Re: Pulling info from AD

What would ne the User logon name (first field beside the @domain combo)

from the account tab of AD U&C

Sealeopard
(KiX Master)
2003-07-28 08:42 PM
Re: Pulling info from AD

Rad: Can you please explain?

Radimus
(KiX Supporter)
2003-07-28 08:44 PM
Re: Pulling info from AD

the fiels is currently blank (account tab of user properties in AD Users&computers, beside @domain)

I would like to populate that field, and I can't figure out the field's name

Howard Bullock
(KiX Supporter)
2003-07-28 08:48 PM
Re: Pulling info from AD

You have to set "userPrincipalName" which includes the "@domainname". It appears that the dialog box parses the userPrincipalName into the first part and acceptable domain names from the infrastructure.

Changing either part updates the userPrincipalName.

[ 28. July 2003, 20:50: Message edited by: Howard Bullock ]

Howard Bullock
(KiX Supporter)
2003-07-28 08:52 PM
Re: Pulling info from AD

Personally I would set the userPrincipalName to the SamAccountName@domainname, but that is up to you. Some people like to use the email alias as the userPrincipalName.

waldmeier
(Lurker)
2004-04-14 01:42 PM
Re: Pulling info from AD

This one will do it

$sysinfo = CreateObject("ADSystemInfo")
$oUser = GetObject("LDAP://" + $sysinfo.UserName)
$dep = ($oUser.Officelocations)

**DONOTDELETE**
(Lurker)
2005-02-18 05:06 PM
Re: Pulling info from AD

Quote:

My EnumObjProps.kix script shows the following properties:

Class: user
GUID: {228D9A87-C302-11CF-9AA4-00AA004A5691}
Implemented by: {228D9A84-C302-11CF-9AA4-00AA004A5691}

Container Object
Class Contains:
nTFRSSubscriptions
classStore
Mandatory Properties in this Class:
cn
instanceType
nTSecurityDescriptor
objectCategory
objectClass
objectSid
sAMAccountName

Optional Properties in this Class:
accountExpires
accountNameHistory
aCSPolicyName
adminCount
adminDescription
adminDisplayName
allowedAttributes
allowedAttributesEffective
allowedChildClasses
allowedChildClassesEffective
altSecurityIdentities
assistant
badPasswordTime
badPwdCount
bridgeheadServerListBL
c
canonicalName
co
codePage
comment
company
controlAccessRights
countryCode
createTimeStamp
dBCSPwd
defaultClassStore
department
description
desktopProfile
destinationIndicator
directReports
displayName
displayNamePrintable
distinguishedName
division
dSASignature
dSCorePropagationData
dynamicLDAPServer
employeeID
extensionName
facsimileTelephoneNumber
flags
fromEntry
frsComputerReferenceBL
fRSMemberReferenceBL
fSMORoleOwner
garbageCollPeriod
generationQualifier
givenName
groupMembershipSAM
groupPriority
groupsToIgnore
homeDirectory
homeDrive
homePhone
homePostalAddress
info
initials
internationalISDNNumber
ipPhone
isCriticalSystemObject
isDeleted
isPrivilegeHolder
l
lastKnownParent
lastLogoff
lastLogon
legacyExchangeDN
lmPwdHistory
localeID
lockoutTime
logonCount
logonHours
logonWorkstation
mail
managedObjects
manager
masteredBy
maxStorage
memberOf
mhsORAddress
middleName
mobile
modifyTimeStamp
mS-DS-ConsistencyChildCount
mS-DS-ConsistencyGuid
mS-DS-CreatorSID
mSMQDigests
mSMQDigestsMig
mSMQSignCertificates
mSMQSignCertificatesMig
msNPAllowDialin
msNPCallingStationID
msNPSavedCallingStationID
msRADIUSCallbackNumber
msRADIUSFramedIPAddress
msRADIUSFramedRoute
msRADIUSServiceType
msRASSavedCallbackNumber
msRASSavedFramedIPAddress
msRASSavedFramedRoute
name
netbootSCPBL
networkAddress
nonSecurityMemberBL
ntPwdHistory
o
objectGUID
objectVersion
operatorCount
otherFacsimileTelephoneNumber
otherHomePhone
otherIpPhone
otherLoginWorkstations
otherMailbox
otherMobile
otherPager
otherTelephone
otherWellKnownObjects
ou
pager
partialAttributeDeletionList
partialAttributeSet
personalTitle
physicalDeliveryOfficeName
possibleInferiors
postalAddress
postalCode
postOfficeBox
preferredDeliveryMethod
preferredOU
primaryGroupID
primaryInternationalISDNNumber
primaryTelexNumber
profilePath
proxiedObjectName
proxyAddresses
pwdLastSet
queryPolicyBL
registeredAddress
replPropertyMetaData
replUpToDateVector
repsFrom
repsTo
revision
rid
sAMAccountType
scriptPath
sDRightsEffective
securityIdentifier
seeAlso
serverReferenceBL
servicePrincipalName
showInAddressBook
showInAdvancedViewOnly
sIDHistory
siteObjectBL
sn
st
street
streetAddress
subRefs
subSchemaSubEntry
supplementalCredentials
systemFlags
telephoneNumber
teletexTerminalIdentifier
telexNumber
terminalServer
textEncodedORAddress
thumbnailLogo
thumbnailPhoto
title
tokenGroups
tokenGroupsGlobalAndUniversal
tokenGroupsNoGCAcceptable
unicodePwd
url
userAccountControl
userCert
userCertificate
userParameters
userPassword
userPrincipalName
userSharedFolder
userSharedFolderOther
userSMIMECertificate
userWorkstations
uSNChanged
uSNCreated
uSNDSALastObjRemoved
USNIntersite
uSNLastObjRem
uSNSource
wbemPath
wellKnownObjects
whenChanged
whenCreated
wWWHomePage
x121Address

I do not see any Office* properties. Can you verify the data and property name? Use LDP.exe from the W2K support tools to browse the user object properties.



Howard Bullock
(KiX Supporter)
2005-02-18 07:32 PM
Re: Pulling info from AD

If you read a few posts above you will see physicalDeliveryOfficeName