Post #56,654
10/14/02 12:25:59 PM
|
Ready to scream
I posted the link to that KB article. Here's the ICQ I got back: Won't work, we are not on Active Directory yet. I'm in the uncomfortable position of believing he is flat wrong but knowing he still knows more about this than I do. And he's the one who has to think it works, anyway, because I don't have rights on the box to do this myself.
=== Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #56,675
10/14/02 1:44:01 PM
|
If you want to control the output format...
Take another look at [link|http://z.iwethey.org/forums/render/content/show?contentid=56269|my suggestion]. The interface is a little ugly, but the short example script seems simple enough. (For what you want it is sufficient to just print out the hash.)
Cheers, Ben
"Career politicians are inherently untrustworthy; if it spends its life buzzing around the outhouse, it\ufffds probably a fly." - [link|http://www.nationalinterest.org/issues/58/Mead.html|Walter Mead]
|
Post #56,692
10/14/02 2:37:01 PM
|
New info
I just found out why they can't do it. Apparently the problem is that they suck at communication. The domain controller isn't running W2K yet; it's still NT. And no one bothered to mention this even after I brought them three different ways to do this from W2K.
So, new question. Is there any way to get the usernames and realnames from an NT domain controller?
=== Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #56,693
10/14/02 2:45:46 PM
|
Re: New info
Hang fire until I get to work tomorrow. I wrote a Perl script to do just this.
Peter [link|http://www.debian.org|Shill For Hire] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Blog]
|
Post #56,696
10/14/02 3:03:19 PM
|
Coolio
Thanks. Now I just need to see if they've got Perl installed on it.
=== Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #56,892
10/15/02 7:34:33 AM
|
Here ya go.
Note that (a) it probably suxxors and Ben will refactor it into about two lines of code and (b) it emits a CSV file with each group enumerated - so anyone who's in multiple groups will be listed multiple times. #!/usr/bin/perl -w
use Win32::AdminMisc; use Win32::NetAdmin qw (GroupGetMembers);
use strict;
my $dc; my @groups;
$dc = Win32::AdminMisc::GetDC();
Win32::AdminMisc::GetGroups($dc, GROUP_TYPE_ALL, \\@groups);
my $item; my %groups_with_users;
foreach $item(@groups) { my @tmp_user_list; GroupGetMembers($dc, $item, \\@tmp_user_list); $groups_with_users{$item} = [@tmp_user_list]; }
my $group;
open USERGROUP, ">usergroup.csv" || die "Can't open file for writing:$!";
print USERGROUP "Group, User\\n";
foreach $item(keys %groups_with_users) { my $i; print "Group: $item\\nUsers: "; foreach $i (0 .. $#{ $groups_with_users{$item} } ) { print "$groups_with_users{$item}[$i] "; } print "\\n"; }
close USERGROUP; Enjoi.
Peter [link|http://www.debian.org|Shill For Hire] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Blog]
|
Post #56,933
10/15/02 10:22:10 AM
|
Run this on the domain controller?
Neither a Perl nor an NT guru, so these may be noob questions.
* Does this need to be saved and run on the domain controller?
* If so, I guess it will run with permission to do this?
* Is it safe to assume the domain controller has Perl installed?
* If not, can this be run from another box that can connect to the domain controller?
* If so, does it need to authenticate somehow?
=== Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #56,943
10/15/02 10:51:26 AM
|
Re: Run this on the domain controller?
1. No, any machine that participates in the domain will do. 2. Ornery user account will be OK. 3. No, Perl is an add-on for Windows - www.activestate.com 4. N/A 5. N/A
You will probably have to use the Perl Package Manager (PPM) from a a command prompt to install the approprate Perl libraries.
Peter [link|http://www.debian.org|Shill For Hire] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Blog]
|
Post #56,954
10/15/02 11:33:55 AM
|
While that's good for me
Am I simply being uncharitable to think that an ordinary user probably shouldn't be able to do this?
=== Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #56,968
10/15/02 12:01:07 PM
|
Can't install them
"Read a PPD for 'Win32-AdminMisc.ppd', but it is not intended for this build of Perl (MSWin32-x86-multi-thread)"
Trying to update my Perl install now, will see what happens.
=== Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #56,974
10/15/02 12:13:38 PM
|
You need to grab a Perl ghod then
Or build the modules by hand.
Either way, you're out of my knowledge realm.
Ben?
Peter [link|http://www.debian.org|Shill For Hire] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Blog]
|
Post #57,057
10/15/02 7:36:45 PM
|
All that I will say is...
[link|http://www.roth.net/perl/packages/|Here] are instructions. They say to use the ppm utility. That is good advice.
You can always do a fresh install of Perl within an arbitrary directory and choose not to put it in the path etc. No update risk there. (In fact if you find something with a name like PerlCTL.dll in your system32 directory and stick it in Perl's bin, then you can have a network install done on any machine afterwards by just adding Perl's bin in the PATH. This will only work if every machine - including the one that did the install - see that directory as having the same name. The installation etches that name inside the executable.)
If you get into trouble, I am sorry but I won't be able to answer questions. However the kind folks at [link|http://www.perlmonks.org|Perlmonks] include several people who are most certainly qualified to offer assistance, and they are very responsive.
Cheers, Ben
"Career politicians are inherently untrustworthy; if it spends its life buzzing around the outhouse, it\ufffds probably a fly." - [link|http://www.nationalinterest.org/issues/58/Mead.html|Walter Mead]
|
Post #57,060
10/15/02 7:52:15 PM
|
Will try PerlMonks tomorrow a.m.
Got AdminMisc installed finally, but NetAdmin is still complaining about the build. Tried to figure out what to change in the PPD and it claimed to install but I got different errors. (No, this isn't a complete bug report.)
Done trying for the night. Thanks for the pointer. (Adding repository got AdminMisc installed.)
=== Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #56,894
10/15/02 7:40:06 AM
|
Here's another one.
Man, Ben's gonna have a field day with my Perl... #!/usr/bin/perl -w
use strict; use Win32; use Win32::NetAdmin;
my $domain;
$domain = Win32::DomainName();
my $pdc = ""; my $rc = Win32::NetAdmin::GetDomainController("",$domain, $pdc);
print "Processing user list from $pdc in $domain\\n";
my %users;
%users = Win32::NetAdmin::GetUsers($pdc, FILTER_NORMAL_ACCOUNT, \\%users) || die "GetUsers() failed :$^E";
foreach (keys %users) { print "Checking group memberships for $_\\n"; if (Win32::NetAdmin::GroupIsMember($pdc, "Domain Users", $_)) { print "$_\\n"; } }
sub PrintIfGroupMember($p, $u, $g) { if (Win32::NetAdmin::GroupIsMember($p, $g, $u)) { print "$u is a member of $g\\n"; } }
Peter [link|http://www.debian.org|Shill For Hire] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Blog]
|
Post #56,697
10/14/02 3:07:18 PM
|
Erm, the module that I mentioned was originally *for* NT
Even odds that Peter's script uses it. :-)
Cheers, Ben
"Career politicians are inherently untrustworthy; if it spends its life buzzing around the outhouse, it\ufffds probably a fly." - [link|http://www.nationalinterest.org/issues/58/Mead.html|Walter Mead]
|
Post #56,698
10/14/02 3:13:20 PM
|
Time to see if we have any Perl haxxors
I've got several questions about this module, but I'll wait for Peter's solution tomorrow before I go re-inventing the wheel again.
=== Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|