IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Ready to scream
I posted the link to that KB article. Here's the ICQ I got back:
Won't work, we are not on Active Directory yet.
I'm in the uncomfortable position of believing he is flat wrong but knowing he still knows more about this than I do. And he's the one who has to think it works, anyway, because I don't have rights on the box to do this myself.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
New If you want to control the output format...
Take another look at [link|http://z.iwethey.org/forums/render/content/show?contentid=56269|my suggestion]. The interface is a little ugly, but the short example script seems simple enough. (For what you want it is sufficient to just print out the hash.)

Cheers,
Ben
"Career politicians are inherently untrustworthy; if it spends its life buzzing around the outhouse, it\ufffds probably a fly."
- [link|http://www.nationalinterest.org/issues/58/Mead.html|Walter Mead]
New New info
I just found out why they can't do it. Apparently the problem is that they suck at communication. The domain controller isn't running W2K yet; it's still NT. And no one bothered to mention this even after I brought them three different ways to do this from W2K.

So, new question. Is there any way to get the usernames and realnames from an NT domain controller?
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
New Re: New info
Hang fire until I get to work tomorrow. I wrote a Perl script to do just this.


Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
New Coolio
Thanks. Now I just need to see if they've got Perl installed on it.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
New Here ya go.
Note that (a) it probably suxxors and Ben will refactor it into about two lines of code and (b) it emits a CSV file with each group enumerated - so anyone who's in multiple groups will be listed multiple times.
#!/usr/bin/perl -w

use Win32::AdminMisc;
use Win32::NetAdmin qw (GroupGetMembers);

use strict;

my $dc;
my @groups;

$dc = Win32::AdminMisc::GetDC();

Win32::AdminMisc::GetGroups($dc, GROUP_TYPE_ALL, \\@groups);

my $item;
my %groups_with_users;

foreach $item(@groups) {
my @tmp_user_list;
GroupGetMembers($dc, $item, \\@tmp_user_list);
$groups_with_users{$item} = [@tmp_user_list];
}

my $group;

open USERGROUP, ">usergroup.csv" || die "Can't open file for writing:$!";

print USERGROUP "Group, User\\n";

foreach $item(keys %groups_with_users) {
my $i;
print "Group: $item\\nUsers: ";
foreach $i (0 .. $#{ $groups_with_users{$item} } ) {
print "$groups_with_users{$item}[$i] ";
}
print "\\n";
}

close USERGROUP;

Enjoi.


Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
New Run this on the domain controller?
Neither a Perl nor an NT guru, so these may be noob questions.

* Does this need to be saved and run on the domain controller?

* If so, I guess it will run with permission to do this?

* Is it safe to assume the domain controller has Perl installed?

* If not, can this be run from another box that can connect to the domain controller?

* If so, does it need to authenticate somehow?
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
New Re: Run this on the domain controller?
1. No, any machine that participates in the domain will do.
2. Ornery user account will be OK.
3. No, Perl is an add-on for Windows - www.activestate.com
4. N/A
5. N/A

You will probably have to use the Perl Package Manager (PPM) from a a command prompt to install the approprate Perl libraries.


Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
New While that's good for me
Am I simply being uncharitable to think that an ordinary user probably shouldn't be able to do this?
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
New Can't install them
"Read a PPD for 'Win32-AdminMisc.ppd', but it is not intended for this build of Perl (MSWin32-x86-multi-thread)"

Trying to update my Perl install now, will see what happens.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
New You need to grab a Perl ghod then
Or build the modules by hand.

Either way, you're out of my knowledge realm.

Ben?


Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
New All that I will say is...
[link|http://www.roth.net/perl/packages/|Here] are instructions. They say to use the ppm utility. That is good advice.

You can always do a fresh install of Perl within an arbitrary directory and choose not to put it in the path etc. No update risk there. (In fact if you find something with a name like PerlCTL.dll in your system32 directory and stick it in Perl's bin, then you can have a network install done on any machine afterwards by just adding Perl's bin in the PATH. This will only work if every machine - including the one that did the install - see that directory as having the same name. The installation etches that name inside the executable.)

If you get into trouble, I am sorry but I won't be able to answer questions. However the kind folks at [link|http://www.perlmonks.org|Perlmonks] include several people who are most certainly qualified to offer assistance, and they are very responsive.

Cheers,
Ben
"Career politicians are inherently untrustworthy; if it spends its life buzzing around the outhouse, it\ufffds probably a fly."
- [link|http://www.nationalinterest.org/issues/58/Mead.html|Walter Mead]
New Will try PerlMonks tomorrow a.m.
Got AdminMisc installed finally, but NetAdmin is still complaining about the build. Tried to figure out what to change in the PPD and it claimed to install but I got different errors. (No, this isn't a complete bug report.)

Done trying for the night. Thanks for the pointer. (Adding repository got AdminMisc installed.)
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
New Here's another one.
Man, Ben's gonna have a field day with my Perl...

#!/usr/bin/perl -w

use strict;
use Win32;
use Win32::NetAdmin;

my $domain;

$domain = Win32::DomainName();

my $pdc = "";
my $rc = Win32::NetAdmin::GetDomainController("",$domain, $pdc);

print "Processing user list from $pdc in $domain\\n";

my %users;

%users = Win32::NetAdmin::GetUsers($pdc, FILTER_NORMAL_ACCOUNT, \\%users) || die "GetUsers() failed :$^E";

foreach (keys %users) {
print "Checking group memberships for $_\\n";
if (Win32::NetAdmin::GroupIsMember($pdc, "Domain Users", $_)) {
print "$_\\n";
}
}

sub PrintIfGroupMember($p, $u, $g)
{
if (Win32::NetAdmin::GroupIsMember($p, $g, $u)) {
print "$u is a member of $g\\n";
}
}


Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
New Erm, the module that I mentioned was originally *for* NT
Even odds that Peter's script uses it. :-)

Cheers,
Ben
"Career politicians are inherently untrustworthy; if it spends its life buzzing around the outhouse, it\ufffds probably a fly."
- [link|http://www.nationalinterest.org/issues/58/Mead.html|Walter Mead]
New Time to see if we have any Perl haxxors
I've got several questions about this module, but I'll wait for Peter's solution tomorrow before I go re-inventing the wheel again.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
     How do you export usernames from a W2K domain controller? - (drewk) - (27)
         User mangler? - (Silverlock)
         I haven't used it.... - (ben_tilly)
         Get new network guys. - (pwhysall) - (23)
             Why am I not surprised.... - (ben_tilly) - (4)
                 Nor in Mozilla 1.2b -NT - (Andrew Grygus)
                 I know. - (pwhysall) - (1)
                     Eating their own dogfood - using FrontPage? -NT - (CRConrad)
                 Not only that - (drewk)
             What format will the output be? - (drewk) - (17)
                 Re: What format will the output be? - (pwhysall) - (16)
                     Ready to scream - (drewk) - (15)
                         If you want to control the output format... - (ben_tilly) - (14)
                             New info - (drewk) - (13)
                                 Re: New info - (pwhysall) - (10)
                                     Coolio - (drewk) - (9)
                                         Here ya go. - (pwhysall) - (7)
                                             Run this on the domain controller? - (drewk) - (6)
                                                 Re: Run this on the domain controller? - (pwhysall) - (5)
                                                     While that's good for me - (drewk)
                                                     Can't install them - (drewk) - (3)
                                                         You need to grab a Perl ghod then - (pwhysall)
                                                         All that I will say is... - (ben_tilly) - (1)
                                                             Will try PerlMonks tomorrow a.m. - (drewk)
                                         Here's another one. - (pwhysall)
                                 Erm, the module that I mentioned was originally *for* NT - (ben_tilly) - (1)
                                     Time to see if we have any Perl haxxors - (drewk)
         Use an LDAP browser? -NT - (tseliot)

I finally caught it when it tried to drink from my used bong and fell in.
74 ms