Go Premium for a chance to win a PS4. Enter to Win

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 652
  • Last Modified:

Search for Active Direcotry fields longer than a certain length

I have a situation that came up that requires me to find all of the users in our AD environment whos title field is longer than 40 characters. I am pretty familiar with the DS fmaily of commands but I do not think this can be done using those. I have taken a look at some other tools but nothing really jumps out to me. I am hoping someone else out there might have some insight or other tools to try in order to search for and return users whos title field is longer than X characters.

Joseph Daly
Joseph Daly
1 Solution
One pretty simple way should be to use VBScript.
I won't give the details, if you are familiar with most commands it should be fairly, plus there will be a ton of examples on the Internet.

Basically you will you ADSI in VBS to loop through all your users. Read the title field, use the "LEN" command to determine the length of the string, and output the User DN or something if > 40.

Or use dsquery user to get all users, pipe it to "dsget user -dn -title", direct the output to a file, and use Excel to determine the fields longer than 40 characters. Probably a little easier, but more manual effort.

dsquery user -name * -limit ???? | dsget user -dn -title > list.txt
Chris DentPowerShell DeveloperCommented:

Hey xxdcmast :)

You can do far worse than PowerShell for these odd little jobs.

Grab this:


Then this:


Then you can run this tiny command to find them:

Get-QADUser | ?{ $_.Title.Length -gt 40 }

It'll let you export that to a CSV file easily enough with:

Get-QADUser | ?{ $_.Title.Length -gt 40 } | Export-CSV "SomeFile.csv"

Or you can do other stuff with it depending on your needs.

Paste the script below into a text file with a .vbs extension.  Customize the value of the strContainer variable on line 3 with the distinguished name of the domain or OU to search under.

Running the script will search for users whose Title attribute is over 40 characters long and write their distinguished names, titles, and title lengths to a comma-delimited text file.

strContainer = "dc=yourdomain,dc=local"
strField = "Title"
intLength = 40
strReport = "report.csv"
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objReport = objFSO.CreateTextFile(strReport, True)
objReport.WriteLine "User,Field Value,Field Length"
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
objCommand.CommandText = "SELECT ADSPath," & strField & _
    " FROM 'LDAP://" & strContainer & "' " & "WHERE objectCategory='user'"  
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
    Set objUser = GetObject(objRecordSet.Fields("ADSPath").Value)
    strValue = objRecordSet.Fields(strField).Value
    If Len(strValue) > intLength Then
        objReport.WriteLine Chr(34) & objUser.distinguishedName & _
            Chr(34) & "," & strValue & "," & Len(strValue)
    End If

Open in new window

Joseph DalyAuthor Commented:
These tools are pretty awesome.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now