jskfan
asked on
Kixstart script explanation
Any Kixstart Expert to explain the code below:
Thank you
Thank you
Function OtherADObject ($_Filter, optional $fnDomain,optional $_category)
dim $fnFilter
if $fnDomain=""
$fnDomain="AD"
endif
$_aAttributes = "Name", "AdsPath"
$_sADsPath = "LDAP://"+GetObject("LDAP://rootDSE").Get("defaultNamingContext")
if $_category=""
$_ADCategory="*"
else
$_ADCategory=$_category
endif
$fnFilter=$_Filter
$fnstrFilter = "(&(objectCategory="+$_ADCategory+")("+$fnFilter+"))"
$_aResults = fnLDAPQuery($_aAttributes,$_sADsPath,$fnstrFilter,"Name")
; @ERROR " | " @SERROR ?
DIM $_Position[0],$_tmpObject[0]
$i=0
$k=1
$l=0
For $_c = 0 To UBound($_aResults)
For $_r = 1 To UBound($_aResults,2)
$_tmpObject[UBound($_tmpObject)]=$_aResults[$_c,1]
ReDIM preserve $_tmpObject[UBound($_tmpobject)+1]
;? $aResults[$c,$r] : $r=1 results in ldap dn path (eg ldap://cn=jdoe,dc=domain,dc=name)
;? $aResults[$c,$r] : $r=0 results in name of object
Next
Next
if ubound($_tmpobject)>0
ReDIM preserve $_tmpObject[UBound($_tmpobject)-1]
endif
$otherADObject=$_tmpObject
EndFunction
Function GetADAttribute($LDAP,$Attribute)
$Object=GetObject($LDAP)
If not @ERROR
$_Attribute=$object.get($Attribute)
If @ERROR
$_Attribute=""
EndIf
Else
$_Attribute=""
EndIf
$GetADAttribute=$_Attribute
EndFunction
Function UsersOffice (optional $_userid)
dim $office
if not $_userid
$_userid=@userid
endif
$ADCategory="Person"
$Filter="sAMAccountName="+$_userid
$aAttributes = "Name", "AdsPath"
$strFilter = "(&(objectCategory="+$ADCategory+")("+$Filter+"))"
$aResults = fnLDAPQuery($aAttributes,$sADsPath,$strFilter,"Name")
; @ERROR " | " @SERROR ?
For $c = 0 To UBound($aResults)
For $r = 1 To UBound($aResults,2)
if instr ($aResults[$c,1],"ou=UK,")
$office="UK"
else
$office="US"
endif
Next
next
$UsersOffice=$office
Endfunction
Function fnLDAPQuery($What,Optional $From,Optional $Filter,Optional $OrderBy,Optional $Scope,
Optional $User,Optional $Pswd)
;$ADCategory="Person"
;$Filter=
;$aAttributes = "Name", "AdsPath"
;if @ldomain="AD" or @ldomain="devad"
; $sADsPath = "LDAP://OU=MyDomain,"+GetObject("LDAP://rootDSE").Get("defaultNamingContext")
;else
; $sADsPath = "LDAP://"+GetObject("LDAP://rootDSE").Get("defaultNamingContext")
;endif
;
;$testMode="y"
;if $testMode="y" and not instr (@LDOMAIN,"dev")
; "You are not in dev domain. Quitting."
; exit
;endif
;
;$strFilter = "(&(objectCategory="+$ADCategory+")("+$Filter+"))"
;$aResults = fnLDAPQuery($aAttributes,$sADsPath,$strFilter,"Name")
; @ERROR " | " @SERROR ?
;$i=0
;For $c = 0 To UBound($aResults)
; For $r = 1 To UBound($aResults,2)
;? $aResults[$c,$r] : $r=1 results in ldap dn path (eg ldap://cn=jdoe,dc=domain,dc=name)
;? $aResults[$c,$r] : $r=0 results in name of object
; Next
;Next
DIM $oCon,$oCMD,$oRS,$sQ,$aR,$C,$R
$sQ="<"+IIf($From="","LDAP://"+GetObject("LDAP://rootDSE").Get("defaultNamingContext"),
$From)+">;"+$Filter+";"+IIf(VarType($What)>8192,Join($What,','),$What)+";"+
IIf($Scope<>"base" AND $Scope<>"onelevel","subtree",$Scope)
$oCon=CreateObject("ADODB.Connection")
$oCon.Provider="ADsDSOObject"
$oCon.Properties("Encrypt Password").Value=1
$oCon.Properties("ADSI Flag").Value=1
If $User AND $Pswd
$oCon.Properties("User ID").Value=$User
$oCon.Properties("Password").Value=$Pswd
EndIf
$oCon.Open("Active Directory Provider")
$oCMD=CreateObject("ADODB.Command")
$oCMD.ActiveConnection=$oCon
$oCMD.CommandText=$sQ
$oCMD.Properties("Page Size").Value=1000
$oCMD.Properties("Timeout").Value=30
$oCMD.Properties("Cache Results").Value=0
If InSTR($OrderBy,"distinguishedName")
$oRS=CreateObject("ADODB.Recordset")
$oRS.CursorLocation=3
$oRS.Sort=$OrderBy
$oRS.Open($sQ,$oCon,0,1,1)
Else
If $OrderBy
$oCMD.Properties("Sort On").Value=$OrderBy
EndIf
$oRS=$oCMD.Execute
EndIf
If @ERROR Exit @ERROR EndIf
If $oRS.BOF AND $oRS.EOF Exit @ERROR EndIf
$aR = $oRS.GetRows()
DIM $aFR[UBound($aR,2),UBound($aR,1)]
For $R=0 To UBound($aR,2)
For $C=0 To UBound($aR,1)
$aFR[$R,$C]=$aR[$C,$R]
Next
Next
$fnLDAPQuery=$aFR
EndFunction
function FindAuthenticatingDC ()
$objDomain=GetObject("LDAP://RootDSE")
$objDC=$objDomain.GET("dnshostname")
$FindAuthenticatingDC=$objDC
endfunction
function AddSiebelGroup ($_User,$_Group)
$_UserObj=GetObject("LDAP://"+$_User)
$_UserObj.wwwHomePage=$_Group
$_UserObj.Setinfo
endfunction
function removeSiebelGroup($_User)
dim $_UserObj
$_UserObj=getObject("LDAP://"+$_User)
$_UserObj.wwwHomePage=" "
$_UserObj.SetInfo
endfunction
function MemberOf ($_LDAP,$_GroupName)
dim $ADCategory, $filter, $aAttributes, $strFilter
dim $nestedGroup[0]
$ADCategory="Group"
$Filter="Name="+$_GroupName
$aAttributes = "Name", "AdsPath"
$strFilter = "(&(objectClass="+$ADCategory+")("+$Filter+"))"
$_aResults = fnLDAPQuery($aAttributes,$sADsPath,$strFilter,"Name")
; @ERROR " | " @SERROR ?
For $c = 0 To UBound($_aResults)
For $r = 1 To UBound($_aResults,2)
$GroupObj=getObject($_aResults[$c,1])
$Members=$groupObj.Getex("Member")
for each $Member in $members
if "LDAP://"+$member=$_LDAP
$MemberOf=1
endif
$MemberObj=getObject("LDAP://"+$member)
if instr($memberObj.ObjectCategory,"Group")
$nestedGroup[ubound($nestedGroup)]=$memberObj.distinguishedName
redim preserve $nestedGroup[ubound($nestedGroup)+1]
endif
next
do
$GroupAdded=0
for each $ngroup in $nestedGroup
if $ngroup<>""
$groupObj=getobject("LDAP://"+$ngroup)
$Members=$groupObj.getex("Member")
for each $member in $members
$memberObj=getobject("LDAP://"+$member)
if instr($MemberObj.ObjectCategory,"Group")
$isMember=0
for each $ngroup2 in $nestedGroup
if $ngroup2=$memberObj.distinguishedname
$isMember=1
endif
next
if $isMember=0
$nestedGroup[ubound($nestedGroup)]=$memberObj.distinguishedName
redim preserve $nestedGroup[ubound($nestedGroup)+1]
$GroupAdded=1
endif
endif
next
endif
next
until $GroupAdded=0
if ubound ($nestedGroup)>0
redim preserve $nestedGroup[ubound($nestedGroup)-1]
endif
for each $ngroup in $nestedGroup
if $nGroup<>""
$groupObj=getobject("LDAP://"+$ngroup)
$members=$groupObj.getex("Member")
for each $member in $members
$memberObj=getobject("LDAP://"+$member)
if "LDAP://"+$member=$_LDAP
$MemberOf=1
endif
next
endif
next
Next
next
endfunction
function validateUser($fnUsername,$fnPassword)
dim $fnADS_Secure_Authentication, $fnADS_Use_Encryption, $fnLDAP, $fnDSO, $fnObjUser
$fnADS_Secure_Authentication=1
$fnADS_Use_Encryption=2
$validateUser=0
; $fnLDAP=OtherADObject("sAMAccountName="+$fnUsername)
; ?$fnLDAP[0]
; $fnObjDSO=GetObject("LDAP:")
; $fnObjUser=$fnObjDSO.OpenDSObject($fnLDAP[0], "AD\"+$fnUsername,$fnPassword,$fnADS_Secure_Authentication,$fnADS_Use_Encryption)
; $fnObjUser=$fnObjDSO.OpenDSObject("LDAP://cn=Brian Lee,ou=test,ou=MyDomain,dc=ad,dc=ewsad,dc=net", "151984",'nji9)OKM',1,2)
$fnObject=GetObject("LDAP:").OpenDSObject('LDAP://dc=MyDomain,dc=corp','MyDomain\'+$fnUsername,$fnPassWord,$fnADS_Secure_Authentication or $fnADS_Use_Encryption)
if @error=0
$ValidateUser=1
endif
endfunction
function LastLogin ($fnUsername)
$fnDCs="szntdc01","szntdc02";,"szntdc03"
for each $fnDC in $fnDCs
$fnUserObj=getObject("WinNT://"+$fnDC+"/"+$fnUsername+",user")
$fnTmpDate=split($fnUserObj.LastLogin," ")
if $fnPrevDate<>""
if $fnprevDate<stddate($fnTmpDate[0])
$fnPrevDate=stddate($fnTmpDate[0])
$fnPrevTimeStamp=$fnUserObj.LastLogin
endif
else
if instr ($fnTmpDate[0],"/")
$fnPrevDate=stddate($fnTmpDate[0])
$fnPrevTimeStamp=$fnUserObj.LastLogin
endif
endif
next
if instr ($fnPrevTimeStamp,"/")
?"Last known logon was on "+$fnPrevTimeStamp
else
?"Could not find last known logon."
endif
endfunction
function MemberOfOffice ($_LDAP,$_GroupName)
dim $ADCategory, $filter, $aAttributes, $strFilter
dim $nestedGroup[0]
$sADsPath="LDAP://MyDomain.inc"
$ADCategory="Group"
$Filter="Name="+$_GroupName
$aAttributes = "Name", "AdsPath"
$strFilter = "(&(objectClass="+$ADCategory+")("+$Filter+"))"
$_aResults = fnLDAPQuery($aAttributes,$sADsPath,$strFilter,"Name")
; @ERROR " | " @SERROR ?
For $c = 0 To UBound($_aResults)
For $r = 1 To UBound($_aResults,2)
$GroupObj=getObject($_aResults[$c,1])
$Members=$groupObj.Getex("Member")
for each $Member in $members
if "LDAP://"+$member=$_LDAP
$MemberOfOffice=1
endif
$MemberObj=getObject("LDAP://"+$member)
if instr($memberObj.ObjectCategory,"Group")
$nestedGroup[ubound($nestedGroup)]=$memberObj.distinguishedName
redim preserve $nestedGroup[ubound($nestedGroup)+1]
endif
next
do
$GroupAdded=0
for each $ngroup in $nestedGroup
if $ngroup<>""
$groupObj=getobject("LDAP://"+$ngroup)
$Members=$groupObj.getex("Member")
for each $member in $members
$memberObj=getobject("LDAP://"+$member)
if instr($MemberObj.ObjectCategory,"Group")
$isMember=0
for each $ngroup2 in $nestedGroup
if $ngroup2=$memberObj.distinguishedname
$isMember=1
endif
next
if $isMember=0
$nestedGroup[ubound($nestedGroup)]=$memberObj.distinguishedName
redim preserve $nestedGroup[ubound($nestedGroup)+1]
$GroupAdded=1
endif
endif
next
endif
next
until $GroupAdded=0
if ubound ($nestedGroup)>0
redim preserve $nestedGroup[ubound($nestedGroup)-1]
endif
for each $ngroup in $nestedGroup
if $nGroup<>""
$groupObj=getobject("LDAP://"+$ngroup)
$members=$groupObj.getex("Member")
for each $member in $members
$memberObj=getobject("LDAP://"+$member)
if "LDAP://"+$member=$_LDAP
$MemberOfOffice=1
endif
next
endif
next
Next
next
endfunction
Function isDisabled ($_LDAPString)
$fnFOO=0
$fnUserObj=getObject($_LDAPString)
if $fnUserobj.accountexpirationdate and $fnUserobj.accountexpirationdate<>"1/1/1970"
$fnTMPDate=split($fnUserObj.AccountExpirationDate," ")
;?stddate($fnTMPDate[0])+" "+@date+" "+$fnUserObj.AccountExpirationDate
; if @date>stddate($fnUserObj.AccountExpirationDate); and datecalc(stddate($fnUserObj.AccountExpirationDate),@date)<16
if @date>stddate($fnTMPDate[0]); and datecalc(stddate($fnUserObj.AccountExpirationDate),@date)<16
$fnFOO=1
endif
endif
if $fnUserObj.AccountDisabled
$fnFOO=1
endif
$isDisabled=$fnFOO
endFunction
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
ASKER
I have posted the master script on the link above, this script will call 3 other scripts, that I attached to the master script.
SInce they are long script, I have posted 4 separate questions .