Solved

How can I get the account type from a list of DNs?

Posted on 2008-10-30
10
367 Views
Last Modified: 2012-05-05
I have generated a list of accounts with altRecipients from active directory using dsquery

(dsquery * dc=domain,dc=com -attr userPrincipalName altRecipient > list.txt)

which generates this list:

userPrincipalName      altRecipient
asmith@domain.com      CN=Ashley Smith,OU=Users,OU=Headquarters,DC=domain,DC=com
ajones@domain.com      CN=Ann Jones,OU=Users,OU=Headquarters,DC=domain,DC=com

... and so on.

The problem is, some of these accounts are users, and some are contacts.

How can I take this information and determine which accounts are which (without looking it up manually in ADU&C)? I don't see a way I can just add another attribute to the dsquery above to find this, but if so, that would be great. Or, if I could pipe the text file containing the list above into a command, that would be OK also, but above my skill set at this point.

Any help would be greatly appreciated!!!!

thanks in advance...
0
Comment
Question by:shattuck007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 22842542
Include the objectClass attribute in your query.


(dsquery * dc=domain,dc=com -attr userPrincipalName altRecipient objectClass > list.txt)

Open in new window

0
 

Author Comment

by:shattuck007
ID: 22843142
That seems to return the objectClass of the uerPrincipalName, not the altRecipient unfortunately :-(

0
 
LVL 38

Expert Comment

by:Shift-3
ID: 22844446
Ah,  I misunderstood the intent of your question.

After fiddling with it a bit I came up with the batch script below.  It required some extra effort because dsquery apparently tacks several spaces onto the end of its attribute output.

This should output a tilde-delimited text file containing each DN and its objectClass attribute.  You should be able to import this into Excel, splitting columns on the tilde, and match up the contents with your first list.  It's not the most elegant method but it works.


@echo off
setlocal
 
set container="dc=domain,dc=com"
 
for /F "skip=1 tokens=*" %%G in ('dsquery * %container% -attr distinguishedName') do call :_process "%%G"
goto :eof
 
:_process
set string=%~1
:_trim
if "%string:~-1%"==" " (
 set string=%string:~0,-1%
 goto :_trim
)
for /F "skip=1 tokens=*" %%H in ('dsquery * "%string%" -attr objectClass') do echo "%string%"~%%H>>newlist.txt
goto :eof

Open in new window

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:shattuck007
ID: 22846962
First of all, thank you very, very much for taking your time with this!

OK, I ran the script and it generated a lot account attributes, but I'm not sure how to match these up with the data I generated with the first dsquery? Do I just paste it as a third column next to the original output?

Is there any way we can focus on taking the txt file I've generated already (which contains ONLY accounts that have altRecipients, and their altRecipients) and append either contact or user to a third column? Or, as I believe you've done, the entire objectClass field as a thrid column? :

userPrincipalName altRecipient
asmith@domain.com CN=Ashley Smith,OU=Users,OU=Headquarters,DC=domain,DC=com
ajones@domain.com CN=Ann Jones,OU=Users,OU=Headquarters,DC=domain,DC=com

and turn it into this? (note: the objectClass would be a third column, not a new line as shown below (because of the font size)
userPrincipalName altRecipient objectClass
asmith@domain.com CN=Ashley Smith,OU=Users,OU=Headquarters,DC=domain,DC=com
user
ajones@domain.com CN=Ann Jones,OU=Users,OU=Headquarters,DC=domain,DC=com
contact

once again, thank you!!!
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 22850816
The way that the data is formatted makes it difficult to deal with in batch.  I think it would be more efficient to re-write this entire task as a query in vbscript.
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 22858746
Would a vbscript solution be acceptable?  If so, what data would you ideally want returned and in what format?
0
 

Author Comment

by:shattuck007
ID: 22867190
Sure, that would be great. I would want the output to look like the following:
Account, AltRecipient, AltRecipient SMTP Address
JSmith@domain.com, Joe's External contact, jsmith@att.net
ajones@domain.com, ajones external contact, ajones@aol.com
... and so on.
 
thanks!
 
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 22868268
Paste the script below into a text file with a .vbs extension.  Customize the value of the strContainer variable with the distinguished name of the domain or OU to search under.  Running it should write the desired information to a comma-delimited text file.

I don't have a working Exchange instance to test this against, so let me know if I missed something.


Const ADS_SCOPE_SUBTREE = 2
Const ForWriting = 2
 
On Error Resume Next
 
strContainer = "dc=domain,dc=com"
strList = "list.csv"
 
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objList = objFSO.OpenTextFile(strList, ForWriting, True)
objList.WriteLine "Account,AltRecipient,AltRecipient SMTP Address,AltRecipient type"
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
objCommand.CommandText = _
    "SELECT AdsPath FROM 'LDAP://" & strContainer & "' WHERE objectClass='user'"  
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)
    
    strUPN = objUser.userPrincipalName
    strAlt = objUser.altRecipient
    
    If strAlt Then
        Set objAlt = GetObject(strAlt)
        strAltName = objAlt.CN
        arrSMTP = objAlt.GetEx("proxyAddresses")
        strSMTP = arrSMTP(0)
        arrClass = objAlt.objectClass
        strClass = arrClass(UBound(arrClass))
        
        objList.WriteLine strUPN & "," & strAltName & "," & strSMTP & "," & strClass
    End If
    
    objRecordSet.MoveNext
Loop
 
objList.Close

Open in new window

0
 

Accepted Solution

by:
shattuck007 earned 0 total points
ID: 22886681
this script generated a file with four columns:
 Account AltRecipient AltRecipient SMTP Address AltRecipient type
but only the accout column contains any data. It contains internal SMTP addresses of domain accounts that DO have an alternate recipient, but none of the other columns are poulated ...
thanks again for your time on this. I went ahead and found all the information manually (since most of the contacts were indicated as such by their OU location), so if you no longer want to spend time on this I understand and will close the question.
thank you,
0
 

Author Comment

by:shattuck007
ID: 25571165
closed
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question