Solved

Export AD info showing accounts with Allow Access Dial-In enabled

Posted on 2010-11-30
5
1,237 Views
Last Modified: 2012-05-10
Is there a way to export a csv showing just the users that have AD accounts with Allow Access Dial-In enabled (VPN access)?

Windows Server 2003 AD...

Thx in advance.
0
Comment
Question by:OdyChris
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34239859
Several good ways (I'm not at my lab so can't take a screenshot)

John outlines some methods here  http://www.windowsitpro.com/article/tips/jsi-tip-10596-more-ways-to-determine-who-has-dial-in-permission-in-my-domain-.aspx

I'm partial to the adfind tool from Joe Richards.   Try that out and let me know how that works.  In John's example he only outputted the DN but you can output any attributes you wish (i.e. samaccountname sn givenname etc...)

Thanks

Mike
0
 

Author Comment

by:OdyChris
ID: 34267815
Thanks for your help mkline... I have been trying to use the ADFIND program, I am just not having any luck with this... I dont think I know how to enter the right commands for this to work... Is there a forum somewhere that you could recommend that has help with using ADFIND? I know I know... Google is my friend :)

Thanks...
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34267844
Joe used to have a forum but took it down.  I'll test tonight in my lab and get back with you.
0
 

Author Comment

by:OdyChris
ID: 34268060
That would be awesome, thank you for your help.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 34272592
I created two users that were set to allowed.  If you take a look at the screenshots you will see the command I'm using

adfind  -default -f "&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE)" samaccountname msnpallowdialin

Notice that the msNPAllowDialin=TRUE is case sensitive

in 2008 the text on the GUI changed (to network access permission)  You can see the differences (between 2003 and 2008) here  

http://www.selfadsi.org/user-attributes-w2k8.htm
http://www.selfadsi.org/user-attributes-w2k3.htm

Let me know if that helps

Thanks

Mike





Dialin-Query-ADUC.png
Dialin-Query.png
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now