1

Dear LotusScript Gurus,

I am developing a Lotus Notes agent who should synch our Windows 2003 AD with our Lotus Domino Directory (V 7.0.3 Server/Client).

I am using the ADODB.Connection and ADODB.Command processes to connect it and query the AD users.

This is the command text:

objCommand.CommandText = "<LDAP://ou=DMHU Users,dc=some,dc=kindof,dc=domain>;(&(objectCategory=person)(objectClass=user));name,lastLogon;subTree"

Then I would access the content of the field "lastLogon":

objRecordSet.Fields("lastLogon").Value

but this is empty while the field "name" has the correct values (I know that the lastLogon field is a 64bit date - integer or so).

Using the same query e.g. in a VBScript receives the lastLogon content well.

Also using the SQL like query within the LotusScript code gives the same empty lastLogon value.

Does anybody have an idea?

Thanks in advance!

parphis
  • 41
  • 1
  • 7
  • what data type are you trying to assign objRecordSet.Fields("lastLogon").Value to? – Richard Schwartz Nov 17 '12 at 02:35
  • I have tried to assign it as a String, a Variant, a Long, an Integer and a NotesDateTime. In each case the result is Null or zero. – parphis Nov 19 '12 at 06:55
  • Hmmm.... One thought. Is this an unauthenticated request? It's been a while so I don't remember details, but Domino LDAP will return only a subset of atttributes for unauthenticated requests, so perhaps it's refusing to return lastLogon for that reason. Have you turned on the DebugLDAP=7 setting on the server in order to see exactly what the server is actually returning? That would at least let you know whether LotusScript really is getting the data back from the server, or not. – Richard Schwartz Nov 19 '12 at 19:11
  • Richard, thanks for your time to effort. Finally I have found the solution. Not the authentication was the problem. – parphis Nov 20 '12 at 13:13

1 Answers1

3

Finally I have found the solution.

To access the lastLogon (and so kind AD variables) first of all an object has to be set which receives the current AD user object:

Set objUser = GetObject(rs.Fields("adspath").Value)

...

then the lastLogon has to be set as an object, as well:

Set objLastLogon = objUser.Get("lastLogonTimeStamp")

This OLE object will have a HighPart and a LowPart member. Using that members the last logon date and time can be calculated.

This blog entry opened my eyes: http://sgwindowsgroup.org/blogs/badz/archive/2010/03/01/querying-for-the-lastlogontimestamp-attribute-of-all-users-in-an-ou.aspx

Here is the function implemented by me which can receive the CN and lastLogonTimeStamp of a specific user.

Sub getADUserLastLogon(sUser As String)
    Dim workspace As New NotesUIWorkspace
    Dim conn As Variant
    Dim sRoot As String

    sRoot = "LDAP://ou=USERS_OR_WHATEVER,dc=my,dc=domain"

    Set oConn = CreateObject("ADODB.Connection")
    oConn.Provider = "ADSDSOObject"
    oConn.Open "Ads Provider", "USERNAME", "SECRETPWD" ' open connection with specific user credentials

    Dim rs
    Set rs = oConn.Execute("<" & sRoot & ">;(&(objectCategory=person)(objectClass=user)(cn=" & sUser & "));" &_
    "adspath,distinguishedname,sAMAccountName,cn,mail,telephoneNumber,lastLogonTimeStamp;subtree")

    While Not (rs.EOF)
        On Error Resume Next

        Set objUser = GetObject(rs.Fields("adspath").Value)

        'Print "getting user: " & objUser.Get("cn")

        Set objLastLogon = objUser.Get("lastLogonTimeStamp")

        Dim intLastLogonTime As Double

        intLastLogonTime = (objLastLogon.HighPart * (2^32)) + objLastLogon.LowPart ' due to the 64 bit number
        intLastLogonTime = intLastLogonTime / (60 * 10000000) ' convert from 100nanosec to minutes
        intLastLogonTime = intLastLogonTime + 60 ' local timezone
        intLastLogonTime = intLastLogonTime / 1440 ' convert to hours
        intLastLogonTime = intLastLogonTime + Datenumber(1601,1,1)

        Call workspace.CurrentDocument.Document.ReplaceItemValue("txtADResult", _
        workspace.CurrentDocument.FieldGetText("txtADResult") & Chr(13) & _
        rs.Fields("cn").Value & " Last Logon: " & Format$(Cdat(intLastLogonTime), "yyyy.mm.dd. hh:nn:ss"))

        rs.MoveNext
    Wend
End Sub
parphis
  • 41
  • 1
  • 7