LDAP query for users in countries

karlpearson
karlpearson used Ask the Experts™
on
Hi,

I am trying to write a user definaed query in AD using LDAP to find all of the user's whose country is either Denmark, Sweden, Norway, finland or Germany. Is it possible to have an or command in an ldap query?
Ideally I would like to include anyone who has Italy in their Office field and anyone with Ireland in their Job title.
I realise I am asking a lot but I've been trying to et my head around this for the last couple of days.
I'd also be happy to get this straight into a csv file if it's easier to do in something like powershell.
Hope someone can help or point me in the right direction.
Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013

Commented:
I like adfind for this sort of thing   http://www.joeware.net/freetools/tools/adfind/index.htm

but at the core for this request the LDAP query should be the same

adfind -default -f "&(objectcategory=person)(objectclass=user)(|(co=sweden)(co=denmark)(co=norway)(co=finland)(co=germany))"  samaccountname co

So notice I used the "or" symbol | (same key as backslash)

Did you want that to also query anyone that has italy in their office field or Ireland in their job title

You could add to the end  (office=italy)(title=*ireland*)

You can tackle these in stages first do the country then add other requirements from there.

Thanks

Mike

Commented:
This will put them in a database for you to query and manipulate:  
http://gallery.technet.microsoft.com/scriptcenter/4e09d784-ddcd-45bc-bedb-3df61f899861

You could also update to only pull the information that you want.

This script would also require minimal manipulation to do what you want.
http://gallery.technet.microsoft.com/scriptcenter/540c3d25-7dc6-4a80-901a-7f7f6f22d1e0

Let me know if that is enough to get you going or you need some help modifying the existing scripts.
As above but this is my favoured method, using CSVDE :)

Can be used from CMD prompt and for me seems to work fine on any 2003/2008 servers:

CSVDE -r "(&(ObjectClass=User)(ObjectCategory=Person)(|(co=Germany)(co=France)))" -f "C:\temp.csv"

Open in new window


You can add other things to the OR part of the query, such as (&(ObjectClass=User)(ObjectCategory=Person)(|(co=Germany)(co=France)(office=Italy)))
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Forgot to mention, you can also filter the export results with -l, such as -l "SamAccountName, DisplayName, UserPrincipalName" etc, and you can also filter OU with -d such as -d "OU=Users,DC=Domain,DC=Net"

Author

Commented:
Thanks for all of your input guys.
mkline71 I'm not keen on the output that is coming out of adfind.
ChrisMerritt I like csvde not used it before and the out looks great and just what I wanted.
Thank you all.
Top Expert 2013

Commented:
Just for anyone that comes to this question via Google/Bing  - you can output adfind several ways including using the -csv switch and if you are pulling any attributes that contain dates it does a much better job of decoding versus a tool like csvde.

Thanks

Mike

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial