Search code examples
active-directorylotusscriptldap-query

Query AD using LotusScript - lastLogon value empty

Dear LotusScript Gurus,

I am developing a Lotus Notes agent who should synch our Windows 2003 AD with our Lotus Domino Directory (V 7.0.3 Server/Client).

I am using the ADODB.Connection and ADODB.Command processes to connect it and query the AD users.

This is the command text:

objCommand.CommandText = "<LDAP://ou=DMHU Users,dc=some,dc=kindof,dc=domain>;(&(objectCategory=person)(objectClass=user));name,lastLogon;subTree"

Then I would access the content of the field "lastLogon":

objRecordSet.Fields("lastLogon").Value

but this is empty while the field "name" has the correct values (I know that the lastLogon field is a 64bit date - integer or so).

Using the same query e.g. in a VBScript receives the lastLogon content well.

Also using the SQL like query within the LotusScript code gives the same empty lastLogon value.

Does anybody have an idea?

Thanks in advance!

Solution

  • Finally I have found the solution.

    To access the lastLogon (and so kind AD variables) first of all an object has to be set which receives the current AD user object:

    Set objUser = GetObject(rs.Fields("adspath").Value)

...

    then the lastLogon has to be set as an object, as well:

    Set objLastLogon = objUser.Get("lastLogonTimeStamp")

    This OLE object will have a HighPart and a LowPart member. Using that members the last logon date and time can be calculated.

    This blog entry opened my eyes: http://sgwindowsgroup.org/blogs/badz/archive/2010/03/01/querying-for-the-lastlogontimestamp-attribute-of-all-users-in-an-ou.aspx

    Here is the function implemented by me which can receive the CN and lastLogonTimeStamp of a specific user.

    Sub getADUserLastLogon(sUser As String)
    Dim workspace As New NotesUIWorkspace
    Dim conn As Variant
    Dim sRoot As String

    sRoot = "LDAP://ou=USERS_OR_WHATEVER,dc=my,dc=domain"

    Set oConn = CreateObject("ADODB.Connection")
    oConn.Provider = "ADSDSOObject"
    oConn.Open "Ads Provider", "USERNAME", "SECRETPWD" ' open connection with specific user credentials

    Dim rs
    Set rs = oConn.Execute("<" & sRoot & ">;(&(objectCategory=person)(objectClass=user)(cn=" & sUser & "));" &_
    "adspath,distinguishedname,sAMAccountName,cn,mail,telephoneNumber,lastLogonTimeStamp;subtree")

    While Not (rs.EOF)
        On Error Resume Next

        Set objUser = GetObject(rs.Fields("adspath").Value)

        'Print "getting user: " & objUser.Get("cn")

        Set objLastLogon = objUser.Get("lastLogonTimeStamp")

        Dim intLastLogonTime As Double

        intLastLogonTime = (objLastLogon.HighPart * (2^32)) + objLastLogon.LowPart ' due to the 64 bit number
        intLastLogonTime = intLastLogonTime / (60 * 10000000) ' convert from 100nanosec to minutes
        intLastLogonTime = intLastLogonTime + 60 ' local timezone
        intLastLogonTime = intLastLogonTime / 1440 ' convert to hours
        intLastLogonTime = intLastLogonTime + Datenumber(1601,1,1)

        Call workspace.CurrentDocument.Document.ReplaceItemValue("txtADResult", _
        workspace.CurrentDocument.FieldGetText("txtADResult") & Chr(13) & _
        rs.Fields("cn").Value & " Last Logon: " & Format$(Cdat(intLastLogonTime), "yyyy.mm.dd. hh:nn:ss"))

        rs.MoveNext
    Wend
End Sub