|
|
本帖最后由 aux649350702 于 2010-11-8 23:09 编辑
; #FUNCTION# ====================================================================================================================
; Name...........: _AD_Open
; Description ...: Opens a connection to Active Directory.
; Syntax.........: _AD_Open([$sAD_UserIdParam = "", $sAD_PasswordParam = ""[, $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = ""]])
; Parameters ....: $sAD_UserIdParam - Optional: UserId credential for authentication. This has to be a valid domain user
; $sAD_PasswordParam - Optional: Password for authentication
; $sAD_DNSDomainParam - Optional: Active Directory domain name if you want to connect to an alternate domain
; $sAD_HostServerParam - Optional: Name of Domain Controller if you want to connect to a different domain
; $sAD_ConfigurationParam - Optional: Configuration naming context if you want to connect to a different domain
; Return values .: Success - 1
; Failure - 0, sets @error to:
; |1 - Installation of the custom error handler failed. @extended returns error code from ObjEvent
; |2 - Creation of the COM object to the AD failed. @extended returns error code from ObjCreate
; |3 - Open the connection to AD failed. @extended returns error code of the COM error handler.
; | Generated if the User doesn't have query / modify access
; |4 - Creation of the RootDSE object failed. @extended returns the error code received by the COM error handler.
; | Generated when connection to the domain isn't successful. @extended returns -2147023541 (0x8007054B)
; |5 - Creation of the DS object failed. @extended returns the error code received by the COM error handler
; |6 - Parameter $sAD_HostServerParam and $sAD_ConfigurationParam are required when $sAD_DNSDomainParam is specified
; |7 - Parameter $sAD_PasswordParam is required when $sAD_UserIdParam is specified
; |8 - OpenDSObject method failed. @extended set to error code received by the COM error handler (decimal).
; | On Windows XP or lower this shows that $sAD_UserIdParam and/or $sAD_PasswordParam are invalid
; |x - For Windows Vista and later: Win32 error code (decimal). To get detailed error information call function _AD_GetLastADSIError
; Author ........: Jonathan Clelland
; Modified.......: Thomas Rupp
; Remarks .......: To close the connection to the Active Directory, use the _AD_Close function.
;+
; _AD_Open will use the alternative credentials $sAD_UserIdParam and $sAD_PasswordParam if passed as parameters.
; $sAD_UserIdParam has to be in one of the following forms (assume the samAccountName = DJ)
; * Windows Login Name e.g. "DJ"
; * NetBIOS Login Name e.g. "<DOMAIN>\DJ"
; * User Principal Name e.g. "DJ@domain.com"
; All other name formats have NOT been successfully tested (see section "Link").
;+
; Connection to an alternate domain (not the domain your computer is a member of) or your computer is not a domain member
; requires $sAD_DNSDomainParam, $sAD_HostServerParam and $sAD_ConfigurationParam as FQDN as well as $sAD_UserIdParam and $sAD_PasswordParam.
; Example:
; $sAD_DNSDomainParam = "DC=subdomain,DC=example,DC=com"
; $sAD_HostServerParam = "servername.subdomain.example.com"
; $sAD_ConfigurationParam = "CN=Configuration,DC=subdomain,DC=example,DC=com"
;+
; The COM error handler will be initialised if no error handler exists.
; Be aware that some functions will not work correctly because they handle error codes ($iAD_COMError) that are set by the error handler.
;+
; If you specify $sAD_UserIdParam as NetBIOS Login Name or User Principal Name and the OS is Windows Vista or later then _AD_Open will try to
; verify the userid/password.
; @error will be set to the Win32 error code (decimal). To get detailed error information please call _AD_GetlastADSIError.
; For all other OS or if userid is specified as Windows Login Name @error=8.
; This is OS dependant because Windows XP doesn't return useful error information.
; For Windows Login Name all OS return success even when an error occures. This seems to be caused by secure authentification.
; Related .......: _AD_Close
; Link ..........: http://msdn.microsoft.com/en-us/library/cc223499(PROT.10).aspx (Simple Authentication), http://msdn.microsoft.com/en-us/library/aa746471(VS.85).aspx (ADO)
; Example .......: Yes
; ===============================================================================================================================
Func _AD_Open($sAD_UserIdParam = "", $sAD_PasswordParam = "", $sAD_DNSDomainParam = "", $sAD_HostServerParam = "", $sAD_ConfigurationParam = "")
; A COM error handler will be initialised only if one does not exist.
If ObjEvent("AutoIt.Error") = "" Then
$oAD_MyError = ObjEvent("AutoIt.Error", "_AD_ErrorHandler") ; Creates a custom error handler
If @error <> 0 Then Return SetError(1, @error, 0)
EndIf
$iAD_COMError = 0
$oAD_Connection = ObjCreate("ADODB.Connection") ; Creates a COM object to AD
If Not IsObj($oAD_Connection) Or @error <> 0 Then Return SetError(2, @error, 0)
; ConnectionString Property (ADO): http://msdn.microsoft.com/en-us/library/ms675810.aspx
$oAD_Connection.ConnectionString = "Provider=ADsDSOObject" ; Sets Service providertype
If $sAD_UserIdParam <> "" Then
If $sAD_PasswordParam = "" Then Return SetError(7, 0, 0)
$oAD_Connection.Properties("User ID") = $sAD_UserIdParam ; Authenticate User
$oAD_Connection.Properties("Password") = $sAD_PasswordParam ; Authenticate User
; If userid is the Windows login name then set the flag for secure authentification
If StringInStr($sAD_UserIdParam, "\") = 0 And StringInStr($sAD_UserIdParam, "@") = 0 Then
$oAD_Connection.Properties("ADSI Flag") = $ADS_SECURE_AUTH
Else
$oAD_Connection.Properties("ADSI Flag") = 0x0
EndIf
$sAD_UserId = $sAD_UserIdParam
$sAD_Password = $sAD_PasswordParam
EndIf
; ADO Open Method: http://msdn.microsoft.com/en-us/library/ms676505.aspx
$oAD_Connection.Open() ; Open connection to AD
If @error <> 0 Then Return SetError(3, @error, 0)
; Connect to another Domain if the Domain parameter is provided
If $sAD_DNSDomainParam <> "" Then
If $sAD_HostServerParam = "" Or $sAD_ConfigurationParam = "" Then Return SetError(6, 0, 0)
$oAD_RootDSE = ObjGet("LDAP://" & $sAD_HostServerParam & "/RootDSE")
If Not IsObj($oAD_RootDSE) Or @error <> 0 Then Return SetError(4, @error, 0)
$sAD_DNSDomain = $sAD_DNSDomainParam
$sAD_HostServer = $sAD_HostServerParam
$sAD_Configuration = $sAD_ConfigurationParam
Else
$oAD_RootDSE = ObjGet("LDAP://RootDSE")
If Not IsObj($oAD_RootDSE) Or @error <> 0 Then Return SetError(4, @error, 0)
$sAD_DNSDomain = $oAD_RootDSE.Get("defaultNamingContext") ; Retrieve the current AD domain name
$sAD_HostServer = $oAD_RootDSE.Get("dnsHostName") ; Retrieve the name of the connected DC
$sAD_Configuration = $oAD_RootDSE.Get("ConfigurationNamingContext") ; Retrieve the Configuration naming context
EndIf
$oAD_OpenDS = ObjGet("LDAP:")
If Not IsObj($oAD_OpenDS) Or @error <> 0 Then Return SetError(5, @error, 0)
; Check userid/password if provided
If $sAD_UserIdParam <> "" Then
Local $oAD_Temp
; If userid is the Windows login name then set the flag for secure authentification
If StringInStr($sAD_UserIdParam, "\") = 0 And StringInStr($sAD_UserIdParam, "@") = 0 Then
$oAD_Temp = $oAD_OpenDS.OpenDSObject("LDAP://" & $sAD_HostServer, $sAD_UserIdParam, $sAD_PasswordParam, BitOR($ADS_SECURE_AUTH, $ADS_SERVER_BIND))
Else
$oAD_Temp = $oAD_OpenDS.OpenDSObject("LDAP://" & $sAD_HostServer, $sAD_UserIdParam, $sAD_PasswordParam, $ADS_SERVER_BIND)
EndIf
If Not IsObj($oAD_Temp) Or @error <> 0 Then ; login error occurred - get extended information
Local $sAD_Hive = "HKLM"
If @OSArch = "IA64" Or @OSArch = "X64" Then $sAD_Hive = "HKLM64"
Local $sAD_OSVersion = RegRead($sAD_Hive & "\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentVersion")
$sAD_OSVersion = StringSplit($sAD_OSVersion, ".")
#cs
Microsoft Windows Server 2008 R2 6.1
Microsoft Windows 7 6.1
Microsoft Windows Server 2008 6.0
Microsoft Windows Vista 6.0
Microsoft Windows Server 2003 R2 5.2
Microsoft Windows Server 2003 5.2
Microsoft Windows XP 5.1
Microsoft Windows 2000 5.0
#ce
If Int($sAD_OSVersion[1]) >= 6 Then ; Delivers detailed error information for Windows Vista and later if debugging is activated
Local $aAD_Errors = _AD_GetLastADSIError()
If $aAD_Errors[4] <> 0 Then
If $iAD_Debug = 1 Then ConsoleWrite("_AD_Open: " & _ArrayToString($aAD_Errors, @CRLF, 1) & @CRLF)
If $iAD_Debug = 2 Then MsgBox(64, "Active Directory Functions - Debug Info - _AD_Open", _ArrayToString($aAD_Errors, @CRLF, 1))
If $iAD_Debug = 3 Then FileWrite("AD_Debug.txt", @YEAR & "." & @MON & "." & @MDAY & " " & @HOUR & ":" & @MIN & ":" & @SEC & " " & @CRLF & _
"-------------------" & @CRLF & "_AD_Open: " & _ArrayToString($aAD_Errors, @CRLF, 1) & @CRLF & _
"========================================================" & @CRLF)
Return Seterror(Dec($aAD_Errors[4]), 0, 0)
Endif
Return SetError(8, $iAD_COMErrorDec, 0)
Else
Return SetError(8, $iAD_COMErrorDec, 0)
EndIf
Endif
Endif
Return 1
EndFunc ;==>_AD_Open |
|
|手机版|小黑屋|AUTOIT CN
( 鲁ICP备19019924号-1 )谷歌
百度
发表于 2010-11-4 18:48:17