Announcement

Collapse
No announcement yet.

adfind /ds*tools - Get group name and members

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • adfind /ds*tools - Get group name and members

    I am trying to get a list of all the groups in a particular OU and then also query each group to get its members and get both the CN and also the first name and last name of each user

    I understand it has to be a two part deal and am okay with it. With Adfind this is what I am doing for the first piece and part of the second piece

    adfind -b "ou=db administrators,ou=user goups,dc=us,dc=comsys,dc=net" member > c:\usr.txt


    this line [ adfind -b "ou=db administrators,ou=user groups,dc=us,dc=comsys,dc=net" ] gets the list of all the groups in the specified OU

    this switch [ member ] gets the CN of each user in the respective groups

    output of the above command looks like this


    Using server: dndcw02.US.comsys.net:389
    Directory: Windows Server 2003
    dn:OU=db Administrators,OU=User Groups,DC=US,DC=comsys,DC=net
    dn:CN=SQL db Admins,OU=db Administrators,OU=User Groups,DC=US,DC=comsys,DC=net
    >member: CN=SHM096,OU=Mig,OU=User Acc,DC=US,DC=comsys,DC=net
    .
    .
    .



    My second command is

    adfind -b "CN=SHM096,OU=Mig,OU=User Acc,DC=US,DC=comsys,DC=net" displayname


    The output of this comamnd is

    dn:CN=SHM096,OU=Mig,OU=User Acc,DC=US,DC=comsys,DC=net
    >displayName: Morris, Shanon

    So now coming to the problem part of this simple thing

    Expectation is that I can tie in the two commands somehow so that I can run one script/task via the task scheduler so that I get a clean output

    the final result that I am looking to get is in this format

    OU name
    Group name
    member cn, lastname firstname

    Ideally I would like to run this at the base of the domain so that it queries all the groups and then gives me the desired output

  • #2
    Re: adfind /ds*tools - Get group name and members

    Originally posted by glacieredlightning View Post
    I understand it has to be a two part deal
    <...>
    Expectation is that I can tie in the two commands somehow so that I can run one script/task via the task scheduler so that I get a clean output
    For what I know is that latest version of adfind now support STDIN piping (|) of DN's to.. and from.. adfind, dsget and dsquery statements. And piping DN's to.. dsmod or admod.

    A sampe of piping results using dsquery and dsget:
    Code:
    Dsquery Group domainroot -limit 0 | Dsget Group -members -expand | Dsget User -samid
    What you'll get in the final list and how it is formatted is depending in the first place of the available options and switches of the tool (a tool like adfind) and in what format it will return the results to you. In the second place, it is depending also on how you'd be able to modify the output by using batch statements.
    For example, to get an nicer list by using the same statements as above you can make use of For-Do statement(s) in a batch (main part is in 'Blue' all other code is mostly for dressing-up the dos box):
    Code:
    @echo off
    title ^>    dsquery groups
    color 6A & cls & echo wait.....
    
    Set StartFrom="dc=domainname,dc=local"
    
    Set "outputfile=%temp%.\outputfile.txt"
    Call:print 1>"%outputfile%" 2>nul
    
    GOTO:END
    
       :titlebar -----------------------------------------------------------
         Set _title=(Set "_mill=\ ")
         IF DEFINED _mill (call:updtitle) ELSE (%_title%)
         title ^>    dsquery groups      %_mill% & goto:eof
         :updtitle
           If "%_mill:~-2%"=="\ " (Set "_mill=^|" & goto:eof)
           If "%_mill:~-2%"=="^|" (Set "_mill=/ " & goto:eof)
           If "%_mill:~-2%"=="/ " (Set "_mill=--" & goto:eof)
           %_title% & goto:eof
    
       :print --------------------------------------------------------------
         For /f "delims=" %%* in ('Dsquery group %StartFrom% -limit 0') Do (
         call:titlebar
         Dsget group %%* -dn -samid -l -q |(
           findstr /v /ic:"dsget succeeded")
         call:titlebar
         echo.Members:
         Dsget group %%* -members -expand | Dsget user -samid |(
           findstr /v /ic:"dsget succeeded" /ic:"samid  ")
         echo\________&echo\
         )
         goto:EOF
    
    :END
    echo --- End --->>"%outputfile%"
    start NOTEPAD %outputfile%
    
    >NUL ping -w 0 0.0.0.1 -n 2
    del "%outputfile%"
    Adfind can do what dsget can, and can also do what dsquery can, and even more.
    If you not like the type of lists you can create by using adfind or dsquery/dsget, then you could use vbs to perform a LDAP query and creating the list as an alternative.


    \Rems


    Similar Thread: http://forums.petri.com/showthread.php?t=38929

    _
    Last edited by Rems; 8th August 2009, 14:52.

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: adfind /ds*tools - Get group name and members

      REMS ...

      Comment

      Working...
      X