I am considering writing some Perl scripts that interact with Active Directory. Being somewhat new to Perl, I was wondering if there were any specific modules, tools, techniques, etc. that anyone would suggest I use. As of right now, I am only looking to pull user information to process with the script.
A:
From what I understand, there are two options:
- Win32::OLE module
- Execute external tools (suchs DSQuery, DSGet, etc) and parse the output.
I don't have much experience with Win32::Ole, may be someone else can elaborate on that a bit.
nsr81
2009-10-06 14:47:33
+4
A:
The best source of Active Directory example code in Perl is available here. It's from Robbie Allen, the co-author of O'Reilly's excellent Active Directory Cookbook.
Here is an example from their cookbook code:
# This Perl code finds all disabled user accounts in a domain.
# ---------------------------------------------------------------
# Adapted from VBScript code contained in the book:
# "Active Directory Cookbook" by Robbie Allen
# ISBN: 0-596-00466-4
# ---------------------------------------------------------------
# ------ SCRIPT CONFIGURATION ------
my $strDomainDN = "<DomainDN>"; # e.g. dc=rallencorp,dc=com
# ------ END CONFIGURATION ---------
use Win32::OLE;
$Win32::OLE::Warn = 3;
my $strBase = "<LDAP://" . $strDomainDN . ">;";
my $strFilter = "(&(objectclass=user)(objectcategory=person)" .
"(useraccountcontrol:1.2.840.113556.1.4.803:=2));";
my $strAttrs = "name;";
my $strScope = "subtree";
my $objConn = Win32::OLE->CreateObject("ADODB.Connection");
$objConn->{Provider} = "ADsDSOObject";
$objConn->Open;
my $objRS = $objConn->Execute($strBase . $strFilter . $strAttrs . $strScope);
$objRS->MoveFirst;
while (not $objRS->EOF) {
print $objRS->Fields(0)->Value,"\n";
$objRS->MoveNext;
}
Mick
2009-10-06 14:47:55
@Mick don't post affiliate links to avoid having your answer flagged as spam.
Sinan Ünür
2009-10-06 15:06:29
My bad, I didn't realize it was. I just grabbed their Amazon link from their site without thinking. Thanks for fixing!
Mick
2009-10-06 15:14:59
I get an error ("Table does not exist") using this code. I've tried to replace the $strDomainDN with something I think is right for my company, but it must be wrong. How do you find out the DN?
jimtut
2009-10-06 16:16:57
Here's a link to a VBScript that will show you your top level DN: http://www.visualbasicscript.com/Get-DN-of-Computer-m27103.aspx
Mick
2009-10-06 17:06:36
Just add the following to the end of the vbscript and run: MsgBox sDNSDomain
Mick
2009-10-06 17:07:22
I assume that the internal variable "sDNSDomain" is the one containing the domain controller DN needed for LDAP queries? The msgbox at the end shows the CN for my PC, which doesn't seem right. I did use the value shown in sDNSDomain (dc=corp,dc=acme,dc=com) in the Perl example above, but got the table error. Any other thoughts on getting a simple AD query from Perl? I have used Net::LDAP::Express to talk to other (non-AD) LDAP databases, but I've never been able to get a simple AD query to work (works like a breeze in .NET though!).
jimtut
2009-10-06 17:23:34
Here, this is any easier way, and makes use of GPResult that is already on your pc. Open a CMD prompt and type: gpresult /r | find /i "DC="
Mick
2009-10-07 13:27:21
"/r" isn't a valid arg to gpresult on my XP box, but it does provide a lot of info. The DN is the same as the VBScript gave, but that string doesn't work in the original Perl AD/LDAP search. "Table does not exist" My company must be doing something strange w/ their AD setup...
jimtut
2009-10-07 17:56:06