RE: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?

DePriest, Jason R. Thu, 13 Nov 2003 15:06:45 -0800

Awesome.

I added
use constant ADS_GROUP_TYPE_GLOBAL_GROUP => 0x2;
use constant ADS_GROUP_TYPE_LOCAL_GROUP => 0x4;
and the appropriate elsif statements and it works perfectly.


Thanks again!

-Jason

> -----Original Message-----
> From: Steven Manross [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, November 13, 2003 3:04 PM
> To: DePriest, Jason R.; [EMAIL PROTECTED]
> Subject: RE: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?
> 
> 
> use Win32::OLE;
> 
> use constant ADS_GROUP_TYPE_UNIVERSAL_GROUP => 0x8;
> use constant ADS_GROUP_TYPE_SECURITY_ENABLED => 0x80000000;
> 
> my $RootDSE = Win32::OLE->GetObject("LDAP://RootDSE";);
> if (Win32::OLE->LastError() != 0) {
>   print "Error getting ROOTDse: ".Win32::OLE->LastError();
>   exit 0;
> }
> my $NC = $RootDSE->Get("defaultNamingContext");
> if (Win32::OLE->LastError() != 0) {
>   print "Error getting configurationNamingContext:
> ".Win32::OLE->LastError();
>   exit 0;
> }
> my $Conn = Win32::OLE->new("ADODB.Connection");
> $Conn->{'Provider'} = "ADsDSOObject";
> $Conn->Win32::OLE::Open("ADs Provider");
> my $path = "<LDAP://$NC>;(grouptype=*);cn,grouptype;subtree";
> my $RS = $Conn->Win32::OLE::Execute($path);
> if (Win32::OLE::LastError() != 0) {
>   print "Error executing path: $path\n";
>   exit 0;
> }
> 
> if ($RS->{RecordCount} > 0) {
>   while ($search_val == 0) {
>     $x++;
>     if ($RS->Fields(grouptype)->value & ADS_GROUP_TYPE_UNIVERSAL_GROUP
> && $RS->Fields(grouptype)->value & ADS_GROUP_TYPE_SECURITY_ENABLED) {
>       print $RS->Fields(cn)->value."\n";
>     }
> 
>     $RS->MoveNext;
>     if ($RS->EOF) {
>       $search_val = "-1";
>     }
>   }
> }
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Steven Manross
> Sent: Thursday, November 13, 2003 1:49 PM
> To: DePriest, Jason R.; [EMAIL PROTECTED]
> Subject: RE: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?
> 
> 
> Well, I am grateful that I realized my own mistake before anyone else
> did.
> 
> I'm using the WinNT provider instead of the LDAP provider.
> 
> I'll post an LDAP version here soon.
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> DePriest, Jason R.
> Sent: Thursday, November 13, 2003 11:44 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?
> 
> 
> Using the sample code from the provided link, I can get a list of
> groups. However, the Universal groups are being listed as 
> Global groups.
> Is there some other attribute besides groupType that would be useful?
> 
> -Jason
> 
> > -----Original Message-----
> > From: Steven Manross [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, November 13, 2003 11:13 AM
> > To: DePriest, Jason R.; [EMAIL PROTECTED]
> > Subject: RE: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?
> > 
> > 
> > The quick answer is NO.
> > 
> > The longer answer is that Win32::OLE can be used to query active
> > directory for groups as well from the WinNT or LDAP interfaces.
> > 
> > The list archives have some good example code (searching on 
> Universal
> > group should reveal a few matches). Hey, look it's 
> something I wrote..
> 
> > :)
> > 
> > http://aspn.activestate.com/ASPN/Mail/Message/1521485
> > 
> > Steven
> > 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On 
> Behalf Of
> > DePriest, Jason R.
> > Sent: Thursday, November 13, 2003 9:52 AM
> > To: [EMAIL PROTECTED]
> > Subject: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?
> > 
> > 
> > Hello,
> > 
> > I have a perl script that queries a primary domain controller for 
> > local and global groups.  However, it also has the 
> new-and-improved AD
> > universal groups.
> > 
> > Can Win32::AdminMisc::GetGroups get those, as well?
> > 
> > Using this
> > Win32::AdminMisc::GetGroups($pdc,GROUP_TYPE_UNIVERSAL,[EMAIL PROTECTED]
> > salGroupLi
> > st)
> > Generates the following error:
> > Argument "GROUP_TYPE_UNIVERSAL" isn't numeric in subroutine 
> entry at 
> > regroup.pl line 83.
> > 
> > I have tried replacing GROUP_TYPE_UNIVERSAL with numbers and come up
> > with this analogy 0 -> error 1 -> GROUP_TYPE_LOCAL 2 -> 
> > GROUP_TYPE_GLOBAL 3 -> GROUP_TYPE_ALL 4 -> error 5 -> mildly 
> > unprintable characters with 'NetAdmin::' stuck at the end 6 
> -> mildly 
> > unprintable characters with 'NetAdmin::' stuck at the end 7 
> -> mildly 
> > unprintable characters with 'NetAdmin::' stuck at the end I 
> stopped at
> 
> > that point.
> > 
> > If it doesn't know about universal groups, can that be added?
> > 
> > Thank you!
> > 
> > Jason DePriest, GSEC, GCFW
> > Systems and Applications Security Analyst
> > E-Business Security Team
> > ph.  (901) 523-5975
> > fax  (901) 523-5714
> > email jrdepriest at ftb dot com
> > 
> > -----
> > "There is no patch for stupidity."
> > 
> >                        _
> > ASCII ribbon campaign ( )
> >  - against HTML email  X
> >              & vCards / \
> > 
> > _______________________________________________
> > Perl-Win32-Admin mailing list 
> > [EMAIL PROTECTED]
> > To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
> > 
> 
> _______________________________________________
> Perl-Win32-Admin mailing list 
> [EMAIL PROTECTED]
> To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
> 
> _______________________________________________
> Perl-Win32-Admin mailing list 
> [EMAIL PROTECTED]
> To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
> 

_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

RE: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?

Reply via email to