|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Get attributes of user list from ADI have managed to generate a text file of the SAMIDs of users whose
attributes I need to get, one line per user. I need to query Active Directory for the corresponding attributes (telephone, email, department...) and generate a report for further processing. What's the best way of getting this data generated in a batch file? I am trying to use DSQUERY USER and DSGET USER commands, but I am not clear how to limit DSQUERY to the supplied list of users. <srira***@hotmail.com> wrote in message
news:ff2376bd-5110-472c-a8b6-d0689359d985@v39g2000pro.googlegroups.com... I would suggest you use Joe Richards' free adfind utiltity:>I have managed to generate a text file of the SAMIDs of users whose > attributes I need to get, one line per user. > I need to query Active Directory for the corresponding attributes > (telephone, email, department...) and generate a report for further > processing. > What's the best way of getting this data generated in a batch file? > I am trying to use DSQUERY USER and DSGET USER commands, but I am not > clear how to limit DSQUERY to the supplied list of users. http://www.joeware.net/freetools/tools/adfind/index.htm I got it working through the following command eventually, but I think
I'll explore the adfind utility further: For /F %i in (users.txt) do dsquery user -name %i | dsget user -dn - desc -tel -email | find "CN" >> c:\results.txt On Jan 22, 10:28 pm, "Richard Mueller [MVP]" <rlmueller- nos...@ameritech.nospam.net> wrote: Show quoteHide quote > <srira***@hotmail.com> wrote in message > > news:ff2376bd-5110-472c-a8b6-d0689359d985@v39g2000pro.googlegroups.com... > > >I have managed to generate a text file of the SAMIDs of users whose > > attributes I need to get, one line per user. > > I need to query Active Directory for the corresponding attributes > > (telephone, email, department...) and generate a report for further > > processing. > > What's the best way of getting this data generated in a batch file? > > I am trying to use DSQUERY USER and DSGET USER commands, but I am not > > clear how to limit DSQUERY to the supplied list of users. > > I would suggest you use Joe Richards' free adfind utiltity: > > http://www.joeware.net/freetools/tools/adfind/index.htm > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab -http://www.rlmueller.net > -- <srira***@hotmail.com> wrote in message
news:ff2376bd-5110-472c-a8b6-d0689359d985@v39g2000pro.googlegroups.com... Sorry, I don't know how to make any of the command line utilities read a >I have managed to generate a text file of the SAMIDs of users whose > attributes I need to get, one line per user. > I need to query Active Directory for the corresponding attributes > (telephone, email, department...) and generate a report for further > processing. > What's the best way of getting this data generated in a batch file? > I am trying to use DSQUERY USER and DSGET USER commands, but I am not > clear how to limit DSQUERY to the supplied list of users. text file of sAMAccountName's, even adfind. It's easier for me to code a VBScript program for this than to figure out the syntax to make a command line tool do it. For example: =========== Option Explicit Dim objFSO, strFile, objFile Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain Dim strUserDN, objUser Const ForReading = 1 ' Constants for the NameTranslate object. Const ADS_NAME_INITTYPE_GC = 3 Const ADS_NAME_TYPE_NT4 = 3 Const ADS_NAME_TYPE_1779 = 1 ' Specify input file of user NT names. strFile = "c:\scripts\usernames.txt" ' Determine DNS name of domain from RootDSE. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") ' Use the NameTranslate object to find the NetBIOS domain name from the ' DNS domain name. Set objTrans = CreateObject("NameTranslate") objTrans.Init ADS_NAME_INITTYPE_GC, "" objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4) ' Remove trailing backslash. strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1) ' Open text file for read access. Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(strFile, ForReading) ' Read file one line at a time. Do Until objFile.AtEndOfStream strName = Trim(objFile.ReadLine) ' Skip blank lines. If (strName <> "") Then ' Use Set method to specify NT format of user name. ' Trap error if user not found. On Error Resume Next objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strName If (Err.Number <> 0) Then On Error GoTo 0 Wscript.Echo "User " & strName & " not found." Else On Error GoTo 0 ' Use the Get method to retrieve DN of user object. strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) ' Bind to the user object. Set objUser = GetObject("LDAP://" & strUserDN) ' Retrieve attribute values and output in comma delimited line. Wscript.Echo """" & objUser.sAMAccountName & """,""" _ & objUser.mail & """,""" _ & objUser.department & """" End If End If Loop ' Clean up. objFile.Close ========= You only need to modify the line that specifies the text file of user NT names. As with most administrative scripts, this one is designed to be run at a command prompt using cscript. The output can be redirected to a text file. In this case it creates a comma delimited file that can be read into a spreadsheet. For example, if the VBScript program is saved in the file GetUsers.vbs, the command to create the text file report.csv would be: cscript //nologo GetUsers.vbs > report.txt You must be in the folder where the file GetUsers.vbs is saved, otherwise you must specify the full path to the command. The file report.txt is created in the current folder. I hope this helps. The program above uses the NameTranslate object to convert the NT names (sAMAccountName values) into the Distinguished Names required by the LDAP provider. Once you bind to the user object you can retrieve any attribute values desired. In case any of the values has embedded commas, I enclose them in quotes. Any quote characters in a quoted string must be doubled. The string """" will echo a single double quote character, for example. The string """,""" becomes ",". I retrieved the "mail" attribute, which is single valued, for email address (as displayed on "General" tab of ADUC). If you have Exchange you need to retrieve the proxyAddresses attribute, but that attribute is multi-valued. You could enumerate all of the values in the collection and output them as one string (perhaps delimited by semicolons), or you could attempt to determine the default value and only output that. Either option would require a bit more code. Reply if you need this. My immediate need was met with the coomand line tools:
For /F %i in (users.txt) do dsquery user -name %i | dsget user -dn - desc -tel -email | find "CN" >> c:\results.txt However I agree this has limitations, so I might need to bone up on the scripting. My very next problem cannot be solved with the command line tools - to retrieve the user details for a given list of Display Names! (as in Outlook). DSquery is unable to handle this :( Sriram On Jan 22, 11:25 pm, "Richard Mueller [MVP]" <rlmueller- nos...@ameritech.nospam.net> wrote: Show quoteHide quote > <srira***@hotmail.com> wrote in message > > news:ff2376bd-5110-472c-a8b6-d0689359d985@v39g2000pro.googlegroups.com... > > >I have managed to generate a text file of the SAMIDs of users whose > > attributes I need to get, one line per user. > > I need to query Active Directory for the corresponding attributes > > (telephone, email, department...) and generate a report for further > > processing. > > What's the best way of getting this data generated in a batch file? > > I am trying to use DSQUERY USER and DSGET USER commands, but I am not > > clear how to limit DSQUERY to the supplied list of users. > > Sorry, I don't know how to make any of the command line utilities read a > text file of sAMAccountName's, even adfind. It's easier for me to code a > VBScript program for this than to figure out the syntax to make a command > line tool do it. For example: > =========== > Option Explicit > > Dim objFSO, strFile, objFile > Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain > Dim strUserDN, objUser > > Const ForReading = 1 > ' Constants for the NameTranslate object. > Const ADS_NAME_INITTYPE_GC = 3 > Const ADS_NAME_TYPE_NT4 = 3 > Const ADS_NAME_TYPE_1779 = 1 > > ' Specify input file of user NT names. > strFile = "c:\scripts\usernames.txt" > > ' Determine DNS name of domain from RootDSE. > Set objRootDSE = GetObject("LDAP://RootDSE") > strDNSDomain = objRootDSE.Get("defaultNamingContext") > > ' Use the NameTranslate object to find the NetBIOS domain name from the > ' DNS domain name. > Set objTrans = CreateObject("NameTranslate") > objTrans.Init ADS_NAME_INITTYPE_GC, "" > objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain > strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4) > ' Remove trailing backslash. > strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1) > > ' Open text file for read access. > Set objFSO = CreateObject("Scripting.FileSystemObject") > Set objFile = objFSO.OpenTextFile(strFile, ForReading) > > ' Read file one line at a time. > Do Until objFile.AtEndOfStream > strName = Trim(objFile.ReadLine) > ' Skip blank lines. > If (strName <> "") Then > ' Use Set method to specify NT format of user name. > ' Trap error if user not found. > On Error Resume Next > objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strName > If (Err.Number <> 0) Then > On Error GoTo 0 > Wscript.Echo "User " & strName & " not found." > Else > On Error GoTo 0 > ' Use the Get method to retrieve DN of user object. > strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) > ' Bind to the user object. > Set objUser = GetObject("LDAP://" & strUserDN) > ' Retrieve attribute values and output in comma delimited line. > Wscript.Echo """" & objUser.sAMAccountName & """,""" _ > & objUser.mail & """,""" _ > & objUser.department & """" > End If > End If > Loop > > ' Clean up. > objFile.Close > ========= > You only need to modify the line that specifies the text file of user NT > names. As with most administrative scripts, this one is designed to be run > at a command prompt using cscript. The output can be redirected to a text > file. In this case it creates a comma delimited file that can be read into a > spreadsheet. For example, if the VBScript program is saved in the file > GetUsers.vbs, the command to create the text file report.csv would be: > > cscript //nologo GetUsers.vbs > report.txt > > You must be in the folder where the file GetUsers.vbs is saved, otherwise > you must specify the full path to the command. The file report.txt is > created in the current folder. I hope this helps. > > The program above uses the NameTranslate object to convert the NT names > (sAMAccountName values) into the Distinguished Names required by the LDAP > provider. Once you bind to the user object you can retrieve any attribute > values desired. In case any of the values has embedded commas, I enclose > them in quotes. Any quote characters in a quoted string must be doubled. The > string """" will echo a single double quote character, for example. The > string """,""" becomes ",". > > I retrieved the "mail" attribute, which is single valued, for email address > (as displayed on "General" tab of ADUC). If you have Exchange you need to > retrieve the proxyAddresses attribute, but that attribute is multi-valued.. > You could enumerate all of the values in the collection and output them as > one string (perhaps delimited by semicolons), or you could attempt to > determine the default value and only output that. Either option would > require a bit more code. Reply if you need this. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab -http://www.rlmueller.net > -- Would this be a text file with the value of the displayName attribute
(corresponding to the "Display Name" field on the "General" tab of ADUC), or the value of the cn (Common Name) attribute (referred to as the "Name" field in ADUC)? In either case you would need to use ADO in a VBScript program to query AD for the user objects. The displayName is not required, so it could be blank. In both cases there can be more than one user that has the value (cn need only be unique in the container or OU). For more on using ADO see this link: http://www.rlmueller.net/ADOSearchTips.htm For example, if you have a text file of Common Names: ============== Option Explicit Dim objFSO, strFile, objFile Dim adoCommand, adoConnection, strBase, strFilter, strAttributes Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName Dim strMail, arrDesc, strItem, strDesc Const ForReading = 1 ' Specify input file of user NT names. strFile = "c:\scripts\usernames.txt" ' Open text file for read access. Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(strFile, ForReading) ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") strBase = "<LDAP://" & strDNSDomain & ">" ' Comma delimited list of attribute values to retrieve. strAttributes = "sAMAccountName,mail,department" ' Read file one line at a time. Do Until objFile.AtEndOfStream strName = Trim(objFile.ReadLine) ' Skip blank lines. If (strName <> "") Then ' Filter on user objects with given Common Name. strFilter = "(&(objectCategory=person)(objectClass=user)" _ & "(cn=" & strName & "))" ' Construct the LDAP syntax query. strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 100 adoCommand.Properties("Timeout") = 30 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute ' Enumerate the resulting recordset. Do Until adoRecordset.EOF ' Retrieve values and display. strName = adoRecordset.Fields("sAMAccountName").Value strMail = adoRecordset.Fields("mail").Value arrDesc = adoRecordset.Fields("description").Value If IsNull(arrDesc) Then strDesc = "" Else For Each strItem in arrDesc strDesc = strItem Next End If Wscript.Echo """" & strName & """,""" _ & strMail & """,""" _ & strDesc & """" ' Move to the next record in the recordset. adoRecordset.MoveNext Loop End If Loop ' Clean up. objFile.Close adoRecordset.Close adoConnection.Close =========== Note that the description attribute is actually multi-valued (even though there is never more than one value), so ADO returns the value as an array. You can easily add other attributes if they are single valued strings. The above was thrown together quickly, but should work. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- <sriram.narasi***@gmail.com> wrote in message news:72af6805-5671-4790-9484-dcdb29e3eba9@w39g2000prb.googlegroups.com... My immediate need was met with the coomand line tools:For /F %i in (users.txt) do dsquery user -name %i | dsget user -dn - desc -tel -email | find "CN" >> c:\results.txt However I agree this has limitations, so I might need to bone up on the scripting. My very next problem cannot be solved with the command line tools - to retrieve the user details for a given list of Display Names! (as in Outlook). DSquery is unable to handle this :( Sriram On Jan 22, 11:25 pm, "Richard Mueller [MVP]" <rlmueller- nos...@ameritech.nospam.net> wrote: Show quoteHide quote > <srira***@hotmail.com> wrote in message > > news:ff2376bd-5110-472c-a8b6-d0689359d985@v39g2000pro.googlegroups.com... > > >I have managed to generate a text file of the SAMIDs of users whose > > attributes I need to get, one line per user. > > I need to query Active Directory for the corresponding attributes > > (telephone, email, department...) and generate a report for further > > processing. > > What's the best way of getting this data generated in a batch file? > > I am trying to use DSQUERY USER and DSGET USER commands, but I am not > > clear how to limit DSQUERY to the supplied list of users. > > Sorry, I don't know how to make any of the command line utilities read a > text file of sAMAccountName's, even adfind. It's easier for me to code a > VBScript program for this than to figure out the syntax to make a command > line tool do it. For example: > =========== > Option Explicit > > Dim objFSO, strFile, objFile > Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain > Dim strUserDN, objUser > > Const ForReading = 1 > ' Constants for the NameTranslate object. > Const ADS_NAME_INITTYPE_GC = 3 > Const ADS_NAME_TYPE_NT4 = 3 > Const ADS_NAME_TYPE_1779 = 1 > > ' Specify input file of user NT names. > strFile = "c:\scripts\usernames.txt" > > ' Determine DNS name of domain from RootDSE. > Set objRootDSE = GetObject("LDAP://RootDSE") > strDNSDomain = objRootDSE.Get("defaultNamingContext") > > ' Use the NameTranslate object to find the NetBIOS domain name from the > ' DNS domain name. > Set objTrans = CreateObject("NameTranslate") > objTrans.Init ADS_NAME_INITTYPE_GC, "" > objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain > strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4) > ' Remove trailing backslash. > strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1) > > ' Open text file for read access. > Set objFSO = CreateObject("Scripting.FileSystemObject") > Set objFile = objFSO.OpenTextFile(strFile, ForReading) > > ' Read file one line at a time. > Do Until objFile.AtEndOfStream > strName = Trim(objFile.ReadLine) > ' Skip blank lines. > If (strName <> "") Then > ' Use Set method to specify NT format of user name. > ' Trap error if user not found. > On Error Resume Next > objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strName > If (Err.Number <> 0) Then > On Error GoTo 0 > Wscript.Echo "User " & strName & " not found." > Else > On Error GoTo 0 > ' Use the Get method to retrieve DN of user object. > strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) > ' Bind to the user object. > Set objUser = GetObject("LDAP://" & strUserDN) > ' Retrieve attribute values and output in comma delimited line. > Wscript.Echo """" & objUser.sAMAccountName & """,""" _ > & objUser.mail & """,""" _ > & objUser.department & """" > End If > End If > Loop > > ' Clean up. > objFile.Close > ========= > You only need to modify the line that specifies the text file of user NT > names. As with most administrative scripts, this one is designed to be run > at a command prompt using cscript. The output can be redirected to a text > file. In this case it creates a comma delimited file that can be read into > a > spreadsheet. For example, if the VBScript program is saved in the file > GetUsers.vbs, the command to create the text file report.csv would be: > > cscript //nologo GetUsers.vbs > report.txt > > You must be in the folder where the file GetUsers.vbs is saved, otherwise > you must specify the full path to the command. The file report.txt is > created in the current folder. I hope this helps. > > The program above uses the NameTranslate object to convert the NT names > (sAMAccountName values) into the Distinguished Names required by the LDAP > provider. Once you bind to the user object you can retrieve any attribute > values desired. In case any of the values has embedded commas, I enclose > them in quotes. Any quote characters in a quoted string must be doubled. > The > string """" will echo a single double quote character, for example. The > string """,""" becomes ",". > > I retrieved the "mail" attribute, which is single valued, for email > address > (as displayed on "General" tab of ADUC). If you have Exchange you need to > retrieve the proxyAddresses attribute, but that attribute is multi-valued. > You could enumerate all of the values in the collection and output them as > one string (perhaps delimited by semicolons), or you could attempt to > determine the default value and only output that. Either option would > require a bit more code. Reply if you need this. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab -http://www.rlmueller.net > -- It's a text file with the "Display Name" attribute, culled from user
data based on the Global Address List in Exchange Server. Your script, with the necessary modifications, works perfectly and has simplified these exercises. I notice that the "DisplayName" attribute is not multivariate. Thanks for the time and inputs! Sriram On Jan 28, 9:08 pm, "Richard Mueller [MVP]" <rlmueller- nos...@ameritech.nospam.net> wrote: Show quoteHide quote > Would this be a text file with the value of the displayName attribute > (corresponding to the "Display Name" field on the "General" tab of ADUC), or > the value of the cn (Common Name) attribute (referred to as the "Name" field > in ADUC)? In either case you would need to use ADO in a VBScript program to > query AD for the user objects. The displayName is not required, so it could > be blank. In both cases there can be more than one user that has the value > (cn need only be unique in the container or OU). For more on using ADO see > this link:  
Thread options
Other interesting topics
Continued xcopy script
xcopy errorlevel problem in script File monitoring run once script Monitor redundent processes running on the Windows Server Batch file to delete files dynamically Help with VBscript powershell storage management Bulldog (Need help with script downloaded from script center) How to run a script by a domain user ? |
|||||||||||||||||||||||
