use Win32::OLE;
use constant ADS_GROUP_TYPE_UNIVERSAL_GROUP => 0x8;
use constant ADS_GROUP_TYPE_SECURITY_ENABLED => 0x80000000;
my $RootDSE = Win32::OLE->GetObject("LDAP://RootDSE";);
if (Win32::OLE->LastError() != 0) {
print "Error getting ROOTDse: ".Win32::OLE->LastError();
exit 0;
}
my $NC = $RootDSE->Get("defaultNamingContext");
if (Win32::OLE->LastError() != 0) {
print "Error getting configurationNamingContext:
".Win32::OLE->LastError();
exit 0;
}
my $Conn = Win32::OLE->new("ADODB.Connection");
$Conn->{'Provider'} = "ADsDSOObject";
$Conn->Win32::OLE::Open("ADs Provider");
my $path = "<LDAP://$NC>;(grouptype=*);cn,grouptype;subtree";
my $RS = $Conn->Win32::OLE::Execute($path);
if (Win32::OLE::LastError() != 0) {
print "Error executing path: $path\n";
exit 0;
}
if ($RS->{RecordCount} > 0) {
while ($search_val == 0) {
$x++;
if ($RS->Fields(grouptype)->value & ADS_GROUP_TYPE_UNIVERSAL_GROUP
&& $RS->Fields(grouptype)->value & ADS_GROUP_TYPE_SECURITY_ENABLED) {
print $RS->Fields(cn)->value."\n";
}
$RS->MoveNext;
if ($RS->EOF) {
$search_val = "-1";
}
}
}
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Steven Manross
Sent: Thursday, November 13, 2003 1:49 PM
To: DePriest, Jason R.; [EMAIL PROTECTED]
Subject: RE: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?
Well, I am grateful that I realized my own mistake before anyone else
did.
I'm using the WinNT provider instead of the LDAP provider.
I'll post an LDAP version here soon.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
DePriest, Jason R.
Sent: Thursday, November 13, 2003 11:44 AM
To: [EMAIL PROTECTED]
Subject: RE: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?
Using the sample code from the provided link, I can get a list of
groups. However, the Universal groups are being listed as Global groups.
Is there some other attribute besides groupType that would be useful?
-Jason
> -----Original Message-----
> From: Steven Manross [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 13, 2003 11:13 AM
> To: DePriest, Jason R.; [EMAIL PROTECTED]
> Subject: RE: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?
>
>
> The quick answer is NO.
>
> The longer answer is that Win32::OLE can be used to query active
> directory for groups as well from the WinNT or LDAP interfaces.
>
> The list archives have some good example code (searching on Universal
> group should reveal a few matches). Hey, look it's something I wrote..
> :)
>
> http://aspn.activestate.com/ASPN/Mail/Message/1521485
>
> Steven
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> DePriest, Jason R.
> Sent: Thursday, November 13, 2003 9:52 AM
> To: [EMAIL PROTECTED]
> Subject: Can Win32::AdminMisc::GetGroups list UNIVERSAL groups?
>
>
> Hello,
>
> I have a perl script that queries a primary domain controller for
> local and global groups. However, it also has the new-and-improved AD
> universal groups.
>
> Can Win32::AdminMisc::GetGroups get those, as well?
>
> Using this
> Win32::AdminMisc::GetGroups($pdc,GROUP_TYPE_UNIVERSAL,[EMAIL PROTECTED]
> salGroupLi
> st)
> Generates the following error:
> Argument "GROUP_TYPE_UNIVERSAL" isn't numeric in subroutine entry at
> regroup.pl line 83.
>
> I have tried replacing GROUP_TYPE_UNIVERSAL with numbers and come up
> with this analogy 0 -> error 1 -> GROUP_TYPE_LOCAL 2 ->
> GROUP_TYPE_GLOBAL 3 -> GROUP_TYPE_ALL 4 -> error 5 -> mildly
> unprintable characters with 'NetAdmin::' stuck at the end 6 -> mildly
> unprintable characters with 'NetAdmin::' stuck at the end 7 -> mildly
> unprintable characters with 'NetAdmin::' stuck at the end I stopped at
> that point.
>
> If it doesn't know about universal groups, can that be added?
>
> Thank you!
>
> Jason DePriest, GSEC, GCFW
> Systems and Applications Security Analyst
> E-Business Security Team
> ph. (901) 523-5975
> fax (901) 523-5714
> email jrdepriest at ftb dot com
>
> -----
> "There is no patch for stupidity."
>
> _
> ASCII ribbon campaign ( )
> - against HTML email X
> & vCards / \
>
> _______________________________________________
> Perl-Win32-Admin mailing list
> [EMAIL PROTECTED]
> To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
>
_______________________________________________
Perl-Win32-Admin mailing list [EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
_______________________________________________
Perl-Win32-Admin mailing list [EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
