annayeg
asked on
ADfind to list a distribution lists for 20 users
Hi, I have been tasked to get a liist of distribution lists that about 20-25 users belong to. Is there a way I can list my users in a textfile and pass that to adfind.
I have the following syntax but don't know how to do it for multiple users.
adfind -f "(&(objectCategory=user)(c n=lastname , firstname))" attr memberof >>c:\filename.csv
I have the following syntax but don't know how to do it for multiple users.
adfind -f "(&(objectCategory=user)(c
ASKER
I copied the commands to a text file and renamed it to script.ps1. However, when I run it, I get an error message that the term get-quadmemberof is not recognized as the name of a cmdlet. function, script file or operable program.
I am new with powershell, any help would be appreciated.
thanks
I am new with powershell, any help would be appreciated.
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will need to install the Quest AD cmdlets.
http://www.quest.com/powershell/activeroles-server.aspx
Then add this line to the top of the PS1 file
add-pssnapin *Quest*
http://www.quest.com/powershell/activeroles-server.aspx
Then add this line to the top of the PS1 file
add-pssnapin *Quest*
ASKER
When I ran the script, myoutputfile.txt lists only the username's that I provided in the mytextfile.txt. It doesn't list any of the dl's the users are in.
Any idea what I am doing wrong.
I changed my $targetOU = "LDAP://OU=offices,Dc=dc,d c=name,dc= net
Any idea what I am doing wrong.
I changed my $targetOU = "LDAP://OU=offices,Dc=dc,d
Looks like you have many dc's in their, try removing the dc=dc.
ASKER
The name of our domain is dc.name.net
don't I need to specify it. ou=offices, dc=dc,dc=name,dc=net
Here's what I run, with the exception of changing dc=name to our real name.
$users = Get-Content mytextfile.txt
$OutFile = "C:\hm\MyOutput.txt"
$TargetOU = "LDAP://OU=offices,DC=dc,D C=name,dc= net"
$objDomain = New-Object System.DirectoryServices.D irectoryEn try
$objSearcher = New-Object System.DirectoryServices.D irectorySe archer
$objSearcher.SearchRoot = $objDomain
$objSearcher.SearchScope = "Subtree"
$objSearcher.PageSize = 1000
Foreach ($user in $Users) {
Add-Content -Path $OutFile "$User"
$objSearcher.Filter = "(&(objectCategory=User)(s AMAccountN ame=$User) )"
$colResults = $objSearcher.Findone()
Foreach ($Group in ($ColResults.Properties.me mberof)) {
Add-Content -Path $OutFile "$Group"
}
Add-Content -Path $OutFile ""
}
don't I need to specify it. ou=offices, dc=dc,dc=name,dc=net
Here's what I run, with the exception of changing dc=name to our real name.
$users = Get-Content mytextfile.txt
$OutFile = "C:\hm\MyOutput.txt"
$TargetOU = "LDAP://OU=offices,DC=dc,D
$objDomain = New-Object System.DirectoryServices.D
$objSearcher = New-Object System.DirectoryServices.D
$objSearcher.SearchRoot = $objDomain
$objSearcher.SearchScope = "Subtree"
$objSearcher.PageSize = 1000
Foreach ($user in $Users) {
Add-Content -Path $OutFile "$User"
$objSearcher.Filter = "(&(objectCategory=User)(s
$colResults = $objSearcher.Findone()
Foreach ($Group in ($ColResults.Properties.me
Add-Content -Path $OutFile "$Group"
}
Add-Content -Path $OutFile ""
}
ASKER
I changed the (SamAccountName=$User) to (CN=$user) and it started working.
Is it possible to surpress the dn information?
Is it possible to surpress the dn information?
You bet, I added line 16, and changed line 17
$users = Get-Content mytextfile.txt
$OutFile = "C:\MyOutput.txt"
$TargetOU = "LDAP://OU=myou,DC=mysite,DC=com"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.SearchScope = "Subtree"
$objSearcher.PageSize = 1000
Foreach ($user in $Users) {
Add-Content -Path $OutFile "$User"
$objSearcher.Filter = "(&(objectCategory=User)(cn=$User))"
$colResults = $objSearcher.Findone()
Foreach ($Group in ($ColResults.Properties.memberof)) {
$GroupName = ([ADSI]"LDAP://$Group").Name
Add-Content -Path $OutFile "$GroupName"
}
Add-Content -Path $OutFile ""
}
Or you could use adfind in a batch file with a for loop.
Put all the users into a file by username
$users = gc c:\users.txt
Foreach($user in $users){
get-qadmemberof $user | select name | out-file c:\$user.txt
}
This will export each users groups to their own file