Announcement

Collapse
No announcement yet.

dsquery filter: that does not belong to

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • dsquery filter: that does not belong to

    first of all apologize for my English, am Spanish and not fluent

    You see, I have an OU that are geographic areas


    ou=zonas
    ou=madrid
    ou=aragon
    ou=andalucia
    ou=valencia

    and I have another OU = lists that have the following

    empleados_madrid
    empleados_andalucia
    .....etc

    in the ou=zonas,ou=andalucia

    users are in andalucia for example a user named user1 is a member of a mailing list called empleados_andalucia and so with user2, user3 etc ..
    I want to remove dsquey by users ou = andalucia that are not in the list empleados_andalucia
    I make the following dsquery
    I correct the sentence


    dsquery * ou=andalucia,ou=zonas,ou=usuarios,dc=dominio,dc=es -limit 30000 -filter "(&(!memberof=empleados_andalucia))" -attr name memberof


    what users want to filter is I forgot to put on the list empleados_andalucia ie non-
    Did you have any ideas? Does not belong to the group parameter is empleados_andalucia! ?
    Last edited by mgonzalol; 3rd December 2010, 13:42.
    "The destination is the shuffled cards, but we are where we play."

  • #2
    Re: dsquery filter: that does not belong to

    Hi,

    Just trying to understand what is your requirement

    1. So you want to search all the users in OU andalucia
    2. Users who are not member of empleados_andalucia

    is it ?
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: dsquery filter: that does not belong to

      if that's what I do
      thanks
      "The destination is the shuffled cards, but we are where we play."

      Comment


      • #4
        Re: dsquery filter: that does not belong to

        1. Get all users in OU %strOU% that are not member of group %GroupDN%.
        Code:
        :: Get all users in OU %strOU% that are not member of group %GroupDN%.
        @echo off
        
        Set "GroupDN=cn=empleados_andalucia,ou=lists,ou=zonas,ou=usuarios,dc=dominio,dc=es"
        
        Set "strOU=ou=andalucia,ou=zonas,ou=usuarios,dc=dominio,dc=es"
        
        
        >"%temp%.\$wrk_" (Dsget.exe GROUP "%GroupDN%" -members)
        
        For /f "delims=" %%* in (
        'Dsquery.exe USER "%strOU%" -limit 0 -scope onelevel'
        ) DO >nul Findstr.exe /ic:"%%~*" "%temp%.\$wrk_" ||(
        
         echo.USER is in the OU but NOT in the group:
         echo.%%~*
         echo.
        ) 
        del "%temp%.\$wrk_"
        
        
        pause
        or,

        2. Get all users of group %GroupDN% that are not in OU %strOU%
        Code:
        :: Get all users of group %GroupDN% that are not in OU %strOU%
        @echo off
        
        Set "GroupDN=cn=empleados_andalucia,ou=lists,ou=zonas,ou=usuarios,dc=dominio,dc=es"
        
        Set "strOU=ou=andalucia,ou=zonas,ou=usuarios,dc=dominio,dc=es"
        
        
        For /f "delims=" %%! in (
           'Dsget.exe GROUP "%GroupDN%" -members ^| Findstr.exe /vric:"cn=[^=]*,%strOU%"'
           ) Do >nul 2>&1 (dsget.exe user "%%~!" -dn -c -L )&& (
           For /f "tokens=*" %%* in (
           'dsget.exe user "%%~!" -dn -c ^| find.exe "%%~!"') do (
        
         echo.USER is in the group but NOT in the OU:
         echo.%%*
         echo.
        ))
        
        pause
        \Rems
        Last edited by Rems; 9th December 2010, 20:46.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: dsquery filter: that does not belong to

          Hi,

          can you install Quest ADcommand lets then it will become easy.

          The query would be
          get-qaduser -searchroot "ou=andalucia,ou=zonas,ou=usuarios,dc=dominio,dc=e s" -sizelimit 30000 -memberof empleados_andalucia

          I am trying to get a dsquery to work as well but need to adjust ldap filter.
          Thanks & Regards
          v-2nas

          MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
          Sr. Wintel Eng. (Investment Bank)
          Independent IT Consultant and Architect
          Blog: http://www.exchadtech.blogspot.com

          Show your appreciation for my help by giving reputation points

          Comment


          • #6
            Re: dsquery filter: that does not belong to

            Hi,

            here is the dsquery as well

            dsquery * "ou=testout,dc=mydomain,dc=net" -sizelimit 3000 -filter "(&(&(objectClass=user)(ObjectCategory=Person)(mem berOf=CN=TestGroup,OU=TestOU,DC=mydomain,DC=net))" -attr displayName, sAMAccountName
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: dsquery filter: that does not belong to

              No works because I put TESTOUT = andalucia, TestGroup = empleados_andalucia and I put in testou?
              "The destination is the shuffled cards, but we are where we play."

              Comment


              • #8
                Re: dsquery filter: that does not belong to

                Originally posted by mgonzalol
                what users want to filter is I forgot to put on the list empleados_andalucia
                So, one of the OUs where the users are is,
                Code:
                ou=andalucia,ou=zonas,ou=usuarios,dc=dominio,dc=es
                
                dominio.es
                   |
                   +-- usuarios
                          |
                          +-- zonas
                                 |
                                 +-- andalucia    (user objects are here)
                The group that should contain all users from that particular OU is,
                Code:
                cn=empleados_andalucia,ou=lists,ou=zonas,ou=usuarios,dc=dominio,dc=es
                
                dominio.es
                   |
                   +-- usuarios
                          |
                          +-- zonas
                                 |
                                 +-- lists    (the group object empleados_andalucia is here)
                If that is correct.. (? else, what is the distinguished name of the groups)
                then use the first Batch sample from my previous post. It will show you any user in the OU "andalucia" that is not yet a member of the group "empleados_andalucia".


                \Rems
                Last edited by Rems; 9th December 2010, 23:32.

                This posting is provided "AS IS" with no warranties, and confers no rights.

                __________________

                ** Remember to give credit where credit's due **
                and leave Reputation Points for meaningful posts

                Comment


                • #9
                  Re: dsquery filter: that does not belong to

                  Thanks REMS and v-2nas, I work the batch and dsquery


                  dsquery * ou=andalucia,ou=zonas,ou=usuarios,dc=dominio,dc=es -limit 30000 -filter "(&(objectCategory=person)(objectClass=user)(!Memb erOf=CN=empleados_andalucia,OU=lists,DC=dominio,DC =es))" -attr name displayname
                  "The destination is the shuffled cards, but we are where we play."

                  Comment

                  Working...
                  X