[ADFind] 2 Query issues

Home Forums Scripting General Scripting [ADFind] 2 Query issues

  • This topic has 9 replies, 6 voices, and was last updated 11 years ago by AvatarAnonymous.
Viewing 1 post (of 1 total)
  • Author
  • Avatar

    Hi all,

    I have 2 questions concerning the same subject.

    I’m trying to make a query on AD for the following information:

    The customer needs a READABLE list of groups and the containing members available within AD so they can restructure and see if everyone’s in the proper group.

    The reason why I say readable is because i’ve been able to make a nice long list already with the following query:

    adfind -f objectcategory=group member >> f:groups.txt

    Which seems to be fine for me, but I need computer illiterates to make sense of it.
    The current resulting code is:

    dn:CN=Group Policy Creator Owners,CN=Users,DC=Domain,DC=com
    >member: CN=Administrator,CN=Users,DC=Domain,DC=com

    In order to clean it up a bit I’ve made a batch file which looks like this:

    @echo off
    :: PROGRAM – Groups.bat

    adfind -f objectcategory=group member >F:test1.txt

    :: Cleaning up the result

    echo Stripping down output …
    (for /F “skip=2 delims=,= tokens=1,2,3*” %%i in (‘type F:test1.txt’) do (
    if “%%i”==”dn:CN” (
    echo Group=%%j
    ) else (
    echo. %%j
    )) > F:test.txt

    :: Show results

    echo Done.
    start F:test.txt

    :: cleanup

    del F:test1.txt >nul 2>&1

    I’ve copied a bit of this code from:

    But while for my previous example it looks ok

    Group=Group Policy Creator Owners

    for my normal users it doesn’t look good as their format is
    Last name, First name

    resulting in:

    Group=Backup Operators

    It just removed the first name completely which is annoying to say the least [think or a Mr Smith example…]
    Anyone have a clue on what I’d have to change to make it just display the full name?


    I’m running the following query:

    adfind -b “ou=Employees,dc=shieldmark,dc=local” -f “&(objectcategory=person)(samaccountname=*)(!userAccountControl:1.2.840.113556.1.4.803:=2)” CanonicalName -nodn >>F:Active_User_accounts.txt

    This query will give me all the active [non-disabled] user accounts in the Employees OU and show me their names as CanonicalName.

    However if I want to have more information from them, such as ProxyAddress:SMTP [their primary email address], DisplayName etc, I’d do something like:

    adfind -b “ou=Employees,dc=shieldmark,dc=local” -f “&(objectcategory=person)(samaccountname=*)(!userAccountControl:1.2.840.113556.1.4.803:=2)” CanonicalName DisplayName ProxyAddress:SMTP -nodn >>F:Active_User_accounts.txt

    but then I get no good results or only CanonicalName.

    any clue?


Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.