#138406 - 2005-04-21 08:19 PM
TranslateName() & InContainer() - What OU am I in?
|
jdogg
Getting the hang of it
Registered: 2003-09-11
Posts: 91
Loc: RTP, North Cakalaka, USA
|
Hi, I am trying out the excellent UDF's TranslateName() and InContainer() to get away from basing everything off of global group membership.
I am pretty sure I have the OU structure written out right, but InContainer() still reports that my machine is not a member of the OU I am specifying or a child of it... even though I know my machine IS a member.
Using these UDF's, how do I output the name of the OU that it THINKS my machine is in so that I can see where I'm wrong?
Thanks!
Code:
$rc = InContainer ("OU=US-RTP,OU=Admin US-RTP,OU=Clients,DC=na,DC=agrogroup,DC=net", "Computer") Select Case $rc[0]=1 $lblThree.text="object is a member of the specified container." Case $rc[0]=2 $lblThree.text="object is a member of a child container lower in the hierarchy." Case $rc[0]=0 $lblThree.text="object is NOT a member of this container or a child of this container." Case $rc[0]=-1 $lblThree.text="InContainer() Error - Invalid input for $NameType " Case $rc[0]=-2 $lblThree.text="TranslateName() Error" Case 1 $lblThree.text="Unknown return code" EndSelect
|
Top
|
|
|
|
#138408 - 2005-04-21 09:20 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11623
Loc: CA
|
Well I'm sure someone will come along with the code to do it, but since I don't have it right off hand and don't feel like searching for it.
Try this cool little KiXform script written by Chris S. It will allow you to copy the OU as a string needed by KiX.
KiXforms - Active Directory Browser
It could also be that you have some other invalid code somewhere else in your script.
|
Top
|
|
|
|
#138409 - 2005-04-21 09:30 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
jdogg
Getting the hang of it
Registered: 2003-09-11
Posts: 91
Loc: RTP, North Cakalaka, USA
|
Thanks I will try that and let you guys know what happens. Les... "escaped"? "US-RTP" is the OU name... Maybe I don't understand. I will try what NTDOC suggested. You guys are the best!! -Jdogg
|
Top
|
|
|
|
#138410 - 2005-04-21 09:32 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
maciep
Korg Regular
Registered: 2002-06-14
Posts: 947
Loc: Pittsburgh
|
I don't think hyphens(-) need to be escaped. What do you get if you run
Code:
break on
? getOU(@wksta)
function getOU($computer) dim $objRootDSE,$strDomain,$objConnection dim $objCommand,$objRecordSet,$dn
$getOU = "Not Found" $objRootDSE = GetObject("LDAP://RootDSE") $strDomain = $objRootDSE.Get("DefaultNamingContext") $objConnection = CreateObject("ADODB.Connection") $objConnection.Open("Provider=ADsDSOObject;") $objCommand = CreateObject("ADODB.Command") $objCommand.ActiveConnection = $objConnection $objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" + $strDomain + "' WHERE objectCategory='computer' and cn='" + $computer + "'" $objRecordSet = $objCommand.Execute() While Not $objRecordSet.EOF $dn = $objRecordSet.Fields("distinguishedName").Value $getOU = right($dn, len($dn) - instr($dn, ",")) $objRecordSet.MoveNext loop endfunction
|
Top
|
|
|
|
#138412 - 2005-04-21 10:02 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
If you just use TranslateName() to return your distinguished name what does it return? How does that compare to your string you submit to InContainer()? Please post the DN returned from TRanslateName().
Edited by Howard Bullock (2005-04-21 10:03 PM)
|
Top
|
|
|
|
#138416 - 2005-04-21 10:51 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
maciep
Korg Regular
Registered: 2002-06-14
Posts: 947
Loc: Pittsburgh
|
The CommandText property was orginally similar to how it is HERE
But i can't seem to post the less than sign (<) followed by "LDAP" or any letter(s) for that matter.
But that's far enough off topic, back to the subject at hand...
|
Top
|
|
|
|
#138417 - 2005-04-21 10:56 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
jdogg
Getting the hang of it
Registered: 2003-09-11
Posts: 91
Loc: RTP, North Cakalaka, USA
|
Weird!! It is reporting an OLD OU that I had my machine in some time ago: CN=AUSRESC0200,OU=Computers,OU=US-RTP-Test,DC=na,DC=agrogroup,DC=net This OU does not even exist anymore. When I look at my machine in Active Directory Users and Computers, it shows in the correct OU.
Any quick suggestions? (I know this is not Kix related at this point)
Thanks Howard... that was what I needed!!
|
Top
|
|
|
|
#138420 - 2005-04-22 12:04 AM
Re: TranslateName() & InContainer() - What OU am I in?
|
jdogg
Getting the hang of it
Registered: 2003-09-11
Posts: 91
Loc: RTP, North Cakalaka, USA
|
Erik, Good point... as you said I was alarmed by this. Especially since the last time my computer was in that OU was over a month ago when I was test out a group policy (as indicated by the word "test" in the OU name). I will forward this "item of mention" to the uplevel domain admins. If I am going to use this awesome script, I will need the LDAP to stay in sync.
Thanks again!
|
Top
|
|
|
|
#138421 - 2005-04-22 08:44 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
When you got the bad data, to which object type was Translatename() binding? Did you try binding to other object types (GC, Domain, Server)? This may also give you more information for the upper level domain admins to trouble shoot with as they will then know where you were getting your data?
|
Top
|
|
|
|
#138423 - 2005-04-26 10:27 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
jdogg
Getting the hang of it
Registered: 2003-09-11
Posts: 91
Loc: RTP, North Cakalaka, USA
|
Ugh! The uplevel Domain Admins looked at LDAP, and they don't even see the OU that my script is reporting on any of our three DC's. They cannot find it anywhere in LDAP, and they can't tell where the script is looking for the information. Is there somewhere specifically they can check that might show the inaccurate info? This script works GREAT 90% of the time, but sometimes it reports a OU that does not exist anymore (and has not for some time now)
Thanks again!! -jdogg
|
Top
|
|
|
|
#138424 - 2005-04-26 10:32 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
You have not answered my previous questions? Have you used TranslateName and tried to bind to each object type and tested the results.
|
Top
|
|
|
|
#138425 - 2005-04-26 10:59 PM
Re: TranslateName() & InContainer() - What OU am I in?
|
jdogg
Getting the hang of it
Registered: 2003-09-11
Posts: 91
Loc: RTP, North Cakalaka, USA
|
I hate to do this but I am going to plead n00b here. I would gladly do what you asked, but I don't know where to begin. I don't even know what your UDF's do, honestly, but it seems to work for me so I used it. Perhaps this code would help (to show you exactly how I am using it and what I am looking for) Thanks! -jdogg Code:
Function LANDESK() If $Client = "Windows 2000 Workstation" OR $Client = "Windows XP Workstation" If InGroup("\\@wksta\administrators")=0 Return EndIf If Exist ("%SYSTEMDRIVE%\NWSUTIL\ldesk81installed.txt") Return EndIf If Exist ("%SYSTEMDRIVE%\NWSUTIL\NoLanDesk.txt") $JUNK=RedirectOutput("\\ausress0001\groups\workstation list\ExcludedFromLanDesk.log") ?"@WKSTA,@Userid,$Client,@Time,@Day,@Date,@IPaddress0,ExcludedFromLanDesk" $JUNK=RedirectOutput("") Return EndIf $rc = InContainer ("OU=Clients,OU=Admin US-RTP,OU=US-RTP,DC=na,DC=agrogroup,DC=net", "Computer") Select Case $rc[0]=1 $lblThree.ForeColor = 220,20,60 $lblThree.text="LanDesk will now be installed in the background." Sleep 5 Run "\\AGRVA2.na.agrogroup.net\ldlogon\wscfg32 /IP /STATUS /SCRIPT /F /IP /NOUI /NOREBOOT /CONFIG=BCS_RTPstacfg.ini" $JUNK=RedirectOutput("%SYSTEMDRIVE%\NWSUTIL\ldesk81installed.txt") ?"----------------------------------" ?"First install of LanDesk 8.1" ?"@Time,@Day,@Date" ? "(@Userid) is logging onto @WKSTA, running $Client." $JUNK=RedirectOutput("") $lblThree.text="" $lblThree.ForeColor = 0,0,0 Case $rc[0]=2 $lblThree.text="object is a member of a child container lower in the hierarchy." Case $rc[0]=0 $lblThree.text="object is NOT a member of this container or a child of this container." Case $rc[0]=-1 $lblThree.text="InContainer() Error - Invalid input for $NameType " Case $rc[0]=-2 $lblThree.text="TranslateName() Error" Case 1 $lblThree.text="Unknown return code" EndSelect EndIf EndFunction
FUNCTION INCONTAINER($Container, $NameType) ;ACTION Determines if the current NT4 account name type is a member of a specific container (OU, Computers, etc) ; in Active Directory ;PARAMETERS $Container (Required) ; - String value ; Dinstinghished name of the container to check. This must be the fully qualified DN to ; accurately make a determination. ; $NameType (Required) ; - String value ; "Computer" or "User" are currently the only valid values ;REMARKS This function returns true if the object being checked in the the specified container ; or a child container of that specified. ; ;RETURNS An ARRAY of three values: ; InContainer return code ; 1 = object is a member of the exact container specified. ; 2 = object is a member of the container hierarchy. ; 0 = object is not a member of the container hierarchy. ; -1 = Invalid input for $NameType ; -2 = Error in TranslateName ; TranslateName ErrorCode ; TranslateName ErrorText ; ;DEPENDENCIES OS: Active Directory aware client ; Other Functions: TranslateName() ; ;EXAMPLES $rc = InContainer ("OU=test,OU=9826,OU=NCS,OU=Machines,DC=us,DC=tycoelectronics,DC=com", "Computer") ; select ; case $rc[0]=1 ? "object is a member of the specified container." ; case $rc[0]=2 ? "object is a member of a child container lower in the hierarchy." ; case $rc[0]=0 ? "object is NOT a member of this container or a child of this container." ; case $rc[0]=-1 ? "InContainer() Error - Invalid input for $NameType " ; case $rc[0]=-2 ? "TranslateName() Error" ; case 1 ? "Unknown return code" ; endselect ; ; Dim $CurrentContainer, $Name1, $Name2, $Found, $commaloc Select Case $NameType = "Computer" $Name1 = @Domain + "\" + @wksta + "$$" Case $NameType = "User" $Name1 = @LDomain + "\" + @UserID Case 1 $Name1 = "" EndSelect If $Name1 <> "" $Name2 = TranslateName (3, "", 3, $Name1, 1) If $Name2[1] = 0 $Found=0 While $Found=0 $commaloc = instr($Name2[0], ",") If $commaloc > 1 If substr($Name2[0],$commaloc-1,1) = "\" $Name2[0] = substr($Name2[0], $commaloc+1) Else $Found=1 $CurrentContainer = substr($Name2[0], $commaloc+1) EndIf Else $Found=1 Endif Loop Select Case $CurrentContainer=$Container $InContainer = 1, $Name2[1], $Name2[2] Case instr($Name2[0], $Container) $InContainer = 2, $Name2[1], $Name2[2] Case 1 $InContainer = 0, $Name2[1], $Name2[2] EndSelect Else $InContainer = -2, $Name2[1], $Name2[2] EndIf Else $InContainer = -1, 0, "" Endif EndFunction
Function TranslateName ($InitType, $BindName, $LookupNameType, $LookupName, $ReturnNameType) Dim $InitType, $BindName, $LookupNameType, $LookupName, $ReturnNameType Dim $NameTranslate, $ReturnName, $Error, $ErrorText $Error = 0 $ErrorText = "" $ReturnName = "" $NameTranslate = CREATEOBJECT ("NameTranslate") $Error = @error $ErrorText = @serror If $Error = 0 $NameTranslate.Init ($InitType, $BindName) $Error = @error $ErrorText = @serror If $Error = 0 $NameTranslate.Set ($LookupNameType, $LookupName) $Error = @error $ErrorText = @serror If $Error = 0 $ReturnName = $NameTranslate.Get($ReturnNameType) $Error = @error $ErrorText = @serror Endif Endif EndIf $TranslateName = $ReturnName, $Error, $ErrorText Endfunction
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 515 anonymous users online.
|
|
|