Solved

How can I get the account type from a list of DNs?

Posted on 2008-10-30
10
361 Views
Last Modified: 2012-05-05
I have generated a list of accounts with altRecipients from active directory using dsquery

(dsquery * dc=domain,dc=com -attr userPrincipalName altRecipient > list.txt)

which generates this list:

userPrincipalName      altRecipient
asmith@domain.com      CN=Ashley Smith,OU=Users,OU=Headquarters,DC=domain,DC=com
ajones@domain.com      CN=Ann Jones,OU=Users,OU=Headquarters,DC=domain,DC=com

... and so on.

The problem is, some of these accounts are users, and some are contacts.

How can I take this information and determine which accounts are which (without looking it up manually in ADU&C)? I don't see a way I can just add another attribute to the dsquery above to find this, but if so, that would be great. Or, if I could pipe the text file containing the list above into a command, that would be OK also, but above my skill set at this point.

Any help would be greatly appreciated!!!!

thanks in advance...
0
Comment
Question by:shattuck007
  • 5
  • 5
10 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 22842542
Include the objectClass attribute in your query.


(dsquery * dc=domain,dc=com -attr userPrincipalName altRecipient objectClass > list.txt)

Open in new window

0
 

Author Comment

by:shattuck007
ID: 22843142
That seems to return the objectClass of the uerPrincipalName, not the altRecipient unfortunately :-(

0
 
LVL 38

Expert Comment

by:Shift-3
ID: 22844446
Ah,  I misunderstood the intent of your question.

After fiddling with it a bit I came up with the batch script below.  It required some extra effort because dsquery apparently tacks several spaces onto the end of its attribute output.

This should output a tilde-delimited text file containing each DN and its objectClass attribute.  You should be able to import this into Excel, splitting columns on the tilde, and match up the contents with your first list.  It's not the most elegant method but it works.


@echo off
setlocal
 
set container="dc=domain,dc=com"
 
for /F "skip=1 tokens=*" %%G in ('dsquery * %container% -attr distinguishedName') do call :_process "%%G"
goto :eof
 
:_process
set string=%~1
:_trim
if "%string:~-1%"==" " (
 set string=%string:~0,-1%
 goto :_trim
)
for /F "skip=1 tokens=*" %%H in ('dsquery * "%string%" -attr objectClass') do echo "%string%"~%%H>>newlist.txt
goto :eof

Open in new window

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:shattuck007
ID: 22846962
First of all, thank you very, very much for taking your time with this!

OK, I ran the script and it generated a lot account attributes, but I'm not sure how to match these up with the data I generated with the first dsquery? Do I just paste it as a third column next to the original output?

Is there any way we can focus on taking the txt file I've generated already (which contains ONLY accounts that have altRecipients, and their altRecipients) and append either contact or user to a third column? Or, as I believe you've done, the entire objectClass field as a thrid column? :

userPrincipalName altRecipient
asmith@domain.com CN=Ashley Smith,OU=Users,OU=Headquarters,DC=domain,DC=com
ajones@domain.com CN=Ann Jones,OU=Users,OU=Headquarters,DC=domain,DC=com

and turn it into this? (note: the objectClass would be a third column, not a new line as shown below (because of the font size)
userPrincipalName altRecipient objectClass
asmith@domain.com CN=Ashley Smith,OU=Users,OU=Headquarters,DC=domain,DC=com
user
ajones@domain.com CN=Ann Jones,OU=Users,OU=Headquarters,DC=domain,DC=com
contact

once again, thank you!!!
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 22850816
The way that the data is formatted makes it difficult to deal with in batch.  I think it would be more efficient to re-write this entire task as a query in vbscript.
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 22858746
Would a vbscript solution be acceptable?  If so, what data would you ideally want returned and in what format?
0
 

Author Comment

by:shattuck007
ID: 22867190
Sure, that would be great. I would want the output to look like the following:
Account, AltRecipient, AltRecipient SMTP Address
JSmith@domain.com, Joe's External contact, jsmith@att.net
ajones@domain.com, ajones external contact, ajones@aol.com
... and so on.
 
thanks!
 
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 22868268
Paste the script below into a text file with a .vbs extension.  Customize the value of the strContainer variable with the distinguished name of the domain or OU to search under.  Running it should write the desired information to a comma-delimited text file.

I don't have a working Exchange instance to test this against, so let me know if I missed something.


Const ADS_SCOPE_SUBTREE = 2
Const ForWriting = 2
 
On Error Resume Next
 
strContainer = "dc=domain,dc=com"
strList = "list.csv"
 
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objList = objFSO.OpenTextFile(strList, ForWriting, True)
objList.WriteLine "Account,AltRecipient,AltRecipient SMTP Address,AltRecipient type"
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
objCommand.CommandText = _
    "SELECT AdsPath FROM 'LDAP://" & strContainer & "' WHERE objectClass='user'"  
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)
    
    strUPN = objUser.userPrincipalName
    strAlt = objUser.altRecipient
    
    If strAlt Then
        Set objAlt = GetObject(strAlt)
        strAltName = objAlt.CN
        arrSMTP = objAlt.GetEx("proxyAddresses")
        strSMTP = arrSMTP(0)
        arrClass = objAlt.objectClass
        strClass = arrClass(UBound(arrClass))
        
        objList.WriteLine strUPN & "," & strAltName & "," & strSMTP & "," & strClass
    End If
    
    objRecordSet.MoveNext
Loop
 
objList.Close

Open in new window

0
 

Accepted Solution

by:
shattuck007 earned 0 total points
ID: 22886681
this script generated a file with four columns:
 Account AltRecipient AltRecipient SMTP Address AltRecipient type
but only the accout column contains any data. It contains internal SMTP addresses of domain accounts that DO have an alternate recipient, but none of the other columns are poulated ...
thanks again for your time on this. I went ahead and found all the information manually (since most of the contacts were indicated as such by their OU location), so if you no longer want to spend time on this I understand and will close the question.
thank you,
0
 

Author Comment

by:shattuck007
ID: 25571165
closed
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question