Page 2 of 2 <12
Topic Options
#40297 - 2003-05-21 05:21 AM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
You need to perform bitwise operations for that data.


$usr = GetObject("LDAP://CN=Jsmith,OU=Sales,DC=ArcadiaBay,DC=Com")
$flags = $usr.Get("UserAccountControl")
if $flags & 65536
? "Password does not expire"
else
? "Password CAN expire"
endif


See the documetation for AdminMisc.DLL for some additional data.

http://mywebpages.comcast.net/habullock/Win32Admin.htm#User

More data: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/modifying_user_properties.asp

[ 21. May 2003, 05:24: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40298 - 2003-05-21 08:06 AM Re: Help with Active Directory Query
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Here are some good script examples that can be converted to KiXtart

Script Center - Users and Groups
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/user/default.asp

TechNet Script Center
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/Default.asp

Top
#40299 - 2003-05-21 08:26 AM Re: Help with Active Directory Query
Kdyer Offline
KiX Supporter
*****

Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
Howard's DLL is probably the easiest way to deal with PasswordNeverExpires property.

However, you can work with it, but you need to plug in values to set/remove it.

http://userpages.umbc.edu/~kbradl1/wsz/ref/ADSIref.html

HTH,

Kent
_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's

Top
#40300 - 2003-05-22 01:02 PM Re: Help with Active Directory Query
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
Howard, thanks for the info on obtaining the "password never expires" setting. One question about that though...Why is $flags set in the following manner: $flags & 65536 instead of $flags = 65536?

Also, in one of your previous posts, you mentioned using GetEx instead of Get. What's the diff?

Thanks so much for all of your help.

Top
#40301 - 2003-05-22 01:33 PM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
The documentation states:
quote:
The IADs::GetEx method retrieves from the property cache property values of a given attribute. The returned property values can have single or multiple values. Unlike the IADs::Get method, the property values are returned as a variant array of VARIANT, or a variant array of bytes for binary data. A property with a single value is then represented as an array of a single element
quote:
The IADs::Get method retrieves a property of a given name from the property cache. The property can be single-valued, or multi-valued. The property value is represented as either a variant for a single-valued property or a variant array (of VARIANT or bytes) for a property that allows multiple values.
The difference:
quote:
You can also use IADs::GetEx to retrieve property values from the property cache. However, the values are returned as a variant array of VARIANTs, regardless of whether they are single- or multi-valued. This means that ADSI makes an extra effort to package the returned property values in consistent data formats. This saves you, as a caller, some efforts to validate the data types when you are not sure whether the returned data has single or multiple values.
quote:
The IADs::Get and IADs::GetEx methods return a different variant structure for a single-valued property value. If the property is a string, IADs::Get will return a variant of string (VT_BSTR), whereas IADs::GetEx will return a variant array of a VARIANT type string with a single element. Thus, if you are not sure that a multi-valued attribute will return a single value or multiple values, you should use IADs::GetEx. As it does not require you to validate the result's data structures, you may want to use IADs::GetEx to retrieve a property of which you are not sure whether it is single-valued or multi-valued. The following table compares the difference in calling the two methods.
The User_Flags value is one of those items that stores many different properties. Using an equal sign to set the value as in your example would change the settings of all the other properties.

The syntax ($flags & 65536) check the current setting it does not set the value or flag. You would have to do a bitwise OR $flags = $flags | 65536 to set the value.

Please read my Win32Admin.DLL help or search the MSDN for more detail on User_Flags. In short each bit of the number represents a flag. It can be a "1" or a "0". The postion of the bit gives it its decimal value. I think that User_Flags is a 3 byte (24 bit) field. The example below uses 2 bytes (16 bits).


bit Value = Value
1 1 1 1
2 2 0
3 4 1 4
4 8 0
5 16 1 16
6 32 0
7 64 0
8 128 0
9 256 0
10 512 0
11 1024 0
12 2048 0
13 4096 1 4096
14 8192 0
15 16384 0
16 32768 0
-------------------------
User_Flags = 4117


As you can see above changing the value of 4117 to some other multiple of 2 would set the other bits to "0" changing more than you wanted to change.

Read up on Binary operation if necessary.

[ 22. May 2003, 14:33: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40302 - 2003-05-22 04:52 PM Re: Help with Active Directory Query
Jtel Offline
Fresh Scripter

Registered: 2002-04-13
Posts: 41
Staying with the subject here...

Does anyone know what the class property is to determin if an account is disabled? I looked at all of the properties in Howard's EnumObjProps function, but there are so many it's hard to tell which one it might be. I just thought that maybe someone had searched this one out before.

Top
#40303 - 2003-05-22 04:58 PM Re: Help with Active Directory Query
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
I always thought it was:

code:
if $user.accountdisabled   
? "ja - disabled!"
endif


Top
#40304 - 2003-05-22 04:58 PM Re: Help with Active Directory Query
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
That was discussed here yesterday.
http://www.kixtart.org/board/ultimatebb.php?ubb=get_topic;f=1;t=007210
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#40305 - 2003-05-22 05:09 PM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
I you are using the LDAP:// provider then the property and access is somewhat different.

$Flags = $objUser.Get("userAccountControl")

Then the bitwise operation must be performed on this value.
code:
if $Flags & 2
? Account is DISABLED"
endif



[ 22. May 2003, 17:10: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40306 - 2004-03-12 04:04 PM Question for Howard
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
Howard, the EnumOUs() UDF that you provided works great and I have modified it for various things and use the heck out of it.

My question is, and forgive me for my ignorance, what is the purpose of $i and $j?

$J obviously causes recursion after each container is exhausted, but I don't understand bumping the count of $i and then later resetting $i to $i + $j. It doesn't seem to be used anywhere and seems to work fine without using $i.

Could you briefly explain if you have a moment?

Thanks

Top
#40307 - 2004-03-12 04:44 PM Re: Question for Howard
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
It is simply a counter. $i is incremented by one for each name that is printed. the final value of $i is then returned to the calling script (recursion) ($EnumOUs = $i). This value is placed into $j of the calling function. $j which represents the total count of all recursions for a particular bracnch is then added to $i in the current loop. After all recursion is exhausted and the original function call exists to the script $i will return a count of all names seen.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40308 - 2004-03-15 01:58 PM Re: Question for Howard
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
Howard, I certainly don't mean to question you, but how can $i ultimately return the total number of items seen if $i and $j are both reset to 0 each time recursion occurs?

Edited by JohnQ (2004-03-15 02:29 PM)

Top
#40309 - 2004-03-15 07:46 PM Re: Question for Howard
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Because the function returns the number of elements each time it's called.
_________________________
There are two types of vessels, submarines and targets.

Top
#40310 - 2004-03-15 10:52 PM Re: Question for Howard
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
The variables are SCOPED within the function:

Function EnumOUs($LDAP, $Filter)
;$Filter = 'computer' | 'user'
dim $aFilter[0], $pos, $objOU, $i, $j


This means that the variables $i and $j exists multiple times independently in each recursively called instance of the EnumOUs function. Each value is used within that instance of the function and returned to parent instance via "$EnumOUs = $i" statement. If this post does not clarify the issue, please let me know and I will try to explain it better.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
Page 2 of 2 <12


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 464 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.066 seconds in which 0.025 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org