Solved

How can I get the account type from a list of DNs?

Posted on 2008-10-30
10
353 Views
Last Modified: 2012-05-05
I have generated a list of accounts with altRecipients from active directory using dsquery

(dsquery * dc=domain,dc=com -attr userPrincipalName altRecipient > list.txt)

which generates this list:

userPrincipalName      altRecipient
asmith@domain.com      CN=Ashley Smith,OU=Users,OU=Headquarters,DC=domain,DC=com
ajones@domain.com      CN=Ann Jones,OU=Users,OU=Headquarters,DC=domain,DC=com

... and so on.

The problem is, some of these accounts are users, and some are contacts.

How can I take this information and determine which accounts are which (without looking it up manually in ADU&C)? I don't see a way I can just add another attribute to the dsquery above to find this, but if so, that would be great. Or, if I could pipe the text file containing the list above into a command, that would be OK also, but above my skill set at this point.

Any help would be greatly appreciated!!!!

thanks in advance...
0
Comment
Question by:shattuck007
  • 5
  • 5
10 Comments
 
LVL 38

Expert Comment

by:Shift-3
Comment Utility
Include the objectClass attribute in your query.


(dsquery * dc=domain,dc=com -attr userPrincipalName altRecipient objectClass > list.txt)

Open in new window

0
 

Author Comment

by:shattuck007
Comment Utility
That seems to return the objectClass of the uerPrincipalName, not the altRecipient unfortunately :-(

0
 
LVL 38

Expert Comment

by:Shift-3
Comment Utility
Ah,  I misunderstood the intent of your question.

After fiddling with it a bit I came up with the batch script below.  It required some extra effort because dsquery apparently tacks several spaces onto the end of its attribute output.

This should output a tilde-delimited text file containing each DN and its objectClass attribute.  You should be able to import this into Excel, splitting columns on the tilde, and match up the contents with your first list.  It's not the most elegant method but it works.


@echo off

setlocal
 

set container="dc=domain,dc=com"
 

for /F "skip=1 tokens=*" %%G in ('dsquery * %container% -attr distinguishedName') do call :_process "%%G"

goto :eof
 

:_process

set string=%~1

:_trim

if "%string:~-1%"==" " (

 set string=%string:~0,-1%

 goto :_trim

)

for /F "skip=1 tokens=*" %%H in ('dsquery * "%string%" -attr objectClass') do echo "%string%"~%%H>>newlist.txt

goto :eof

Open in new window

0
 

Author Comment

by:shattuck007
Comment Utility
First of all, thank you very, very much for taking your time with this!

OK, I ran the script and it generated a lot account attributes, but I'm not sure how to match these up with the data I generated with the first dsquery? Do I just paste it as a third column next to the original output?

Is there any way we can focus on taking the txt file I've generated already (which contains ONLY accounts that have altRecipients, and their altRecipients) and append either contact or user to a third column? Or, as I believe you've done, the entire objectClass field as a thrid column? :

userPrincipalName altRecipient
asmith@domain.com CN=Ashley Smith,OU=Users,OU=Headquarters,DC=domain,DC=com
ajones@domain.com CN=Ann Jones,OU=Users,OU=Headquarters,DC=domain,DC=com

and turn it into this? (note: the objectClass would be a third column, not a new line as shown below (because of the font size)
userPrincipalName altRecipient objectClass
asmith@domain.com CN=Ashley Smith,OU=Users,OU=Headquarters,DC=domain,DC=com
user
ajones@domain.com CN=Ann Jones,OU=Users,OU=Headquarters,DC=domain,DC=com
contact

once again, thank you!!!
0
 
LVL 38

Expert Comment

by:Shift-3
Comment Utility
The way that the data is formatted makes it difficult to deal with in batch.  I think it would be more efficient to re-write this entire task as a query in vbscript.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 38

Expert Comment

by:Shift-3
Comment Utility
Would a vbscript solution be acceptable?  If so, what data would you ideally want returned and in what format?
0
 

Author Comment

by:shattuck007
Comment Utility
Sure, that would be great. I would want the output to look like the following:
Account, AltRecipient, AltRecipient SMTP Address
JSmith@domain.com, Joe's External contact, jsmith@att.net
ajones@domain.com, ajones external contact, ajones@aol.com
... and so on.
 
thanks!
 
0
 
LVL 38

Expert Comment

by:Shift-3
Comment Utility
Paste the script below into a text file with a .vbs extension.  Customize the value of the strContainer variable with the distinguished name of the domain or OU to search under.  Running it should write the desired information to a comma-delimited text file.

I don't have a working Exchange instance to test this against, so let me know if I missed something.


Const ADS_SCOPE_SUBTREE = 2

Const ForWriting = 2
 

On Error Resume Next
 

strContainer = "dc=domain,dc=com"

strList = "list.csv"
 

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objList = objFSO.OpenTextFile(strList, ForWriting, True)

objList.WriteLine "Account,AltRecipient,AltRecipient SMTP Address,AltRecipient type"
 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
 

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 

objCommand.CommandText = _

    "SELECT AdsPath FROM 'LDAP://" & strContainer & "' WHERE objectClass='user'"  

Set objRecordSet = objCommand.Execute
 

objRecordSet.MoveFirst

Do Until objRecordSet.EOF

    Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)

    

    strUPN = objUser.userPrincipalName

    strAlt = objUser.altRecipient

    

    If strAlt Then

        Set objAlt = GetObject(strAlt)

        strAltName = objAlt.CN

        arrSMTP = objAlt.GetEx("proxyAddresses")

        strSMTP = arrSMTP(0)

        arrClass = objAlt.objectClass

        strClass = arrClass(UBound(arrClass))

        

        objList.WriteLine strUPN & "," & strAltName & "," & strSMTP & "," & strClass

    End If

    

    objRecordSet.MoveNext

Loop
 

objList.Close

Open in new window

0
 

Accepted Solution

by:
shattuck007 earned 0 total points
Comment Utility
this script generated a file with four columns:
 Account AltRecipient AltRecipient SMTP Address AltRecipient type
but only the accout column contains any data. It contains internal SMTP addresses of domain accounts that DO have an alternate recipient, but none of the other columns are poulated ...
thanks again for your time on this. I went ahead and found all the information manually (since most of the contacts were indicated as such by their OU location), so if you no longer want to spend time on this I understand and will close the question.
thank you,
0
 

Author Comment

by:shattuck007
Comment Utility
closed
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now