Re^2: perl module for AD administration

Replies are listed 'Best First'.
Re^3: perl module for AD administration by ksublondie (Friar) on Jul 15, 2010 at 17:44 UTC
If I can access ntSecurityDescriptor, that would be great. However: my $ldap_session=Net::LDAP->new($ldaphost) or die "error connecting to + LDAP $ldaphost: $@\n"; my $mesg=$ldap_session->bind($ldapuser, password=>$ldappassword) or di +e "error binding: $@\n"; my $temp=$ldap_session->search( base=>$base, filter=>"(distinguishedName=$user)", attrs=> [ '*' ] ) or die "error searching tree:$@\n"; my $tempuser = $temp->entry(0); $data->{securityflag}=$tempuser->get_value('nTSecurityDescriptor')?$te +mpuser->get_value('nTSecurityDescriptor'):'none'; my @attributes=$tempuser->attributes; $data->{values}=''; foreach(@attributes){ $data->{values}=$data->{values}.'<br>'.$_.'='.$tempuser->get_valu +e($_); } [download] $data->{securityflag} displays 'none' and nowhere in $data->{values} shows nTSecurityDescriptor. I am seeing a few Exchange fields, but I haven't played with them enough to know if they actually edit Exchange or simply reference Exchange settings. However, I don't see anything that looks related to Communicator. Here are the fields returned: objectClass cn sn c l st title postalCode physicalDeliveryOfficeName telephoneNumber facsimileTelephoneNumber userCertificate givenName initials distinguishedName instanceType whenCreated whenChanged displayName uSNCreated info memberOf uSNChanged co department company proxyAddresses streetAddress displayNamePrintable name objectGUID userAccountControl badPwdCount codePage countryCode homeDirectory homeDrive badPasswordTime lastLogoff lastLogon logonHours pwdLastSet primaryGroupID userParameters objectSid adminCount accountExpires logonCount sAMAccountName sAMAccountType showInAddressBook legacyExchangeDN userPrincipalName lockoutTime objectCategory msNPAllowDialin dSCorePropagationData lastLogonTimestamp mail manager mobile pager msRTCSIP-PrimaryUserAddress ciscoEcsbuTransferId msExchRecordedName mailNickname publicDelegatesBL ciscoEcsbuAmisDisableOutbound msRTCSIP-UserEnabled msExchPoliciesIncluded ciscoEcsbuUMLocationObjectId msRTCSIP-ArchivingEnabled msExchRecipientDisplayType mDBUseDefaults ciscoEcsbuDtmfId msRTCSIP-PrimaryHomeServer ciscoEcsbuObjectType ciscoEcsbuListInUMDirectory msExchMailboxGuid msExchUserCulture msExchMailboxSecurityDescriptor msExchUserAccountControl msRTCSIP-OptionFlags msExchRecipientTypeDetails msExchVersion msExchMobileMailboxFlags homeMTA homeMDB msExchHomeServerName ciscoEcsbuUnityAttributes [download] (values not displayed for security reasons)	[reply] [d/l] [select]
Re^4: perl module for AD administration by NetWallah (Canon) on Jul 16, 2010 at 05:36 UTC
The ntSecurityDescriptor is a complex attribute, and I have not had a chance to play with it. Leads from the internet indicate that you need to do something like this (VB): Const SE_DACL_PROTECTED = &H1000 Dim objUser, objNtSecurityDescriptor, intNtSecurityDescriptorControl Set objUser = GetObject("LDAP://cn=TestUser,dc=MyDomain,dc=com") Wscript.Echo "User: " & objUser.sAMAccountName Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor") intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then Wscript.Echo "Allow inheritable permissions check box disabled" Else Wscript.Echo "Allow inheritable permissions check box enabled" End If [download] Here are some links for your persual: http://www.servernewsgroups.net/group/microsoft.public.windows.server.scripting/topic10521.aspx http://ldap.perl.org/FAQ.html See section titled "How do I create a Microsoft Exchange user." http://msdn.microsoft.com/en-us/magazine/cc188700.aspx Syntactic sugar causes cancer of the semicolon. --Alan Perlis	[reply] [d/l]