Link to home
Start Free TrialLog in
Avatar of annayeg
annayeg

asked on

ADfind to list a distribution lists for 20 users

Hi, I have been tasked to get a liist of distribution lists that about 20-25 users belong to.  Is there a way I can list my users in a textfile and pass that to adfind.

I have the following syntax but don't know how to do it for multiple users.
adfind -f "(&(objectCategory=user)(cn=lastname, firstname))" attr memberof >>c:\filename.csv

Avatar of KenMcF
KenMcF
Flag of United States of America image
This might be easier with Powershell and Quest AD cmdlets if you do not have 2008R2

Or you could use adfind in a batch file with a for loop.

Put all the users into a file by username

$users = gc c:\users.txt
Foreach($user in $users){
get-qadmemberof $user | select name | out-file c:\$user.txt
}


This will export each users groups to their own file
Avatar of annayeg
annayeg

ASKER

I copied the commands to a text file and renamed it to script.ps1.  However, when I run it, I get an error message that the term get-quadmemberof is not recognized as the name of a cmdlet. function, script file or operable  program.

I am new with powershell, any help would be appreciated.

thanks
ASKER CERTIFIED SOLUTION
Avatar of rwskas
rwskas
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of KenMcF
KenMcF
Flag of United States of America image
You will need to install the Quest AD cmdlets.

http://www.quest.com/powershell/activeroles-server.aspx

Then add this line to the top of the PS1 file

add-pssnapin *Quest*
Avatar of annayeg
annayeg

ASKER

When I ran the script, myoutputfile.txt  lists only the username's that I provided in the mytextfile.txt.  It doesn't list any of the dl's the users are in.

Any idea what I am doing wrong.

I changed my $targetOU = "LDAP://OU=offices,Dc=dc,dc=name,dc=net
Avatar of rwskas
rwskas
Flag of United States of America image
Looks like you have many dc's in their, try removing the dc=dc.
Avatar of annayeg
annayeg

ASKER

The name of our domain is dc.name.net
don't I need to specify it.    ou=offices, dc=dc,dc=name,dc=net
Here's what I run, with the exception of changing dc=name to our real name.

$users = Get-Content mytextfile.txt
$OutFile = "C:\hm\MyOutput.txt"

$TargetOU = "LDAP://OU=offices,DC=dc,DC=name,dc=net"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.SearchScope = "Subtree"
$objSearcher.PageSize = 1000

Foreach ($user in $Users) {
      Add-Content -Path $OutFile "$User"
      $objSearcher.Filter = "(&(objectCategory=User)(sAMAccountName=$User))"
      $colResults = $objSearcher.Findone()
            Foreach ($Group in ($ColResults.Properties.memberof)) {
            Add-Content -Path $OutFile "$Group"
            }
Add-Content -Path $OutFile ""
}
Avatar of annayeg
annayeg

ASKER

I changed the (SamAccountName=$User) to (CN=$user) and it started working.  
Is it possible to surpress the dn information?  
Avatar of rwskas
rwskas
Flag of United States of America image
You bet, I added line 16, and changed line 17

$users = Get-Content mytextfile.txt
$OutFile = "C:\MyOutput.txt"

$TargetOU = "LDAP://OU=myou,DC=mysite,DC=com"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.SearchScope = "Subtree" 
$objSearcher.PageSize = 1000

Foreach ($user in $Users) {
	Add-Content -Path $OutFile "$User"
	$objSearcher.Filter = "(&(objectCategory=User)(cn=$User))"
	$colResults = $objSearcher.Findone()
		Foreach ($Group in ($ColResults.Properties.memberof)) {
			$GroupName = ([ADSI]"LDAP://$Group").Name
			Add-Content -Path $OutFile "$GroupName"
		}
Add-Content -Path $OutFile ""
}

Open in new window