Solved

Search for Active Direcotry fields longer than a certain length

Posted on 2009-07-06
4
647 Views
Last Modified: 2013-12-24
I have a situation that came up that requires me to find all of the users in our AD environment whos title field is longer than 40 characters. I am pretty familiar with the DS fmaily of commands but I do not think this can be done using those. I have taken a look at some other tools but nothing really jumps out to me. I am hoping someone else out there might have some insight or other tools to try in order to search for and return users whos title field is longer than X characters.

0
Comment
Question by:Joseph Daly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 24785236
One pretty simple way should be to use VBScript.
I won't give the details, if you are familiar with most commands it should be fairly, plus there will be a ton of examples on the Internet.

Basically you will you ADSI in VBS to loop through all your users. Read the title field, use the "LEN" command to determine the length of the string, and output the User DN or something if > 40.

Or use dsquery user to get all users, pipe it to "dsget user -dn -title", direct the output to a file, and use Excel to determine the fields longer than 40 characters. Probably a little easier, but more manual effort.

dsquery user -name * -limit ???? | dsget user -dn -title > list.txt
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24785509

Hey xxdcmast :)

You can do far worse than PowerShell for these odd little jobs.

Grab this:

http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx

Then this:

http://www.quest.com/activeroles-server/arms.aspx

Then you can run this tiny command to find them:

Get-QADUser | ?{ $_.Title.Length -gt 40 }

It'll let you export that to a CSV file easily enough with:

Get-QADUser | ?{ $_.Title.Length -gt 40 } | Export-CSV "SomeFile.csv"

Or you can do other stuff with it depending on your needs.

Chris
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 24785526
Paste the script below into a text file with a .vbs extension.  Customize the value of the strContainer variable on line 3 with the distinguished name of the domain or OU to search under.

Running the script will search for users whose Title attribute is over 40 characters long and write their distinguished names, titles, and title lengths to a comma-delimited text file.


Const ADS_SCOPE_SUBTREE = 2
 
strContainer = "dc=yourdomain,dc=local"
strField = "Title"
intLength = 40
strReport = "report.csv"
 
On Error Resume Next
 
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objReport = objFSO.CreateTextFile(strReport, True)
 
objReport.WriteLine "User,Field Value,Field Length"
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
objCommand.CommandText = "SELECT ADSPath," & strField & _
    " FROM 'LDAP://" & strContainer & "' " & "WHERE objectCategory='user'"  
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
 
Do Until objRecordSet.EOF
    Set objUser = GetObject(objRecordSet.Fields("ADSPath").Value)
    strValue = objRecordSet.Fields(strField).Value
    
    If Len(strValue) > intLength Then
        objReport.WriteLine Chr(34) & objUser.distinguishedName & _
            Chr(34) & "," & strValue & "," & Len(strValue)
    End If
    
    objRecordSet.MoveNext
Loop
 
objReport.Close

Open in new window

0
 
LVL 35

Author Closing Comment

by:Joseph Daly
ID: 31600167
These tools are pretty awesome.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question