[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 411
  • Last Modified:

Query a OU and all OU's below it and get the details

Query a OU and all OU's below it and get the Display name,Description,Email id and forwarded user name and email id.
We have a contact set as forward thats in a different OU. So need a combined list from it
0
bsharath
Asked:
bsharath
1 Solution
 
Nuno MartinsCommented:
Hi There,

You can use this tool :
http://www.manageengine.com/products/free-windows-active-directory-tools/free-windows-active-directory-query-tool.html
is very easy to use and to configure.
If you prefer i can post the correct syntax for you to query from command prompt but i perfer that tool to make that kind of query ;)

NM
0
 
GovvyCommented:
Use CSVDE:

csvde -f OUTPUT.CSV -d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com" -r "(objectClass=user)"

You can also add the -l switch and specify specific attributes such as sAMAccountName
0
 
RobSampsonCommented:
Hi, try this.

Regards,

Rob.
strOU = "OU=SecondOU,OU=FirstOU,DC=domain,DC=com"
strOutput = "UserForwards.csv"

' Setup FSO objects.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutput = objFSO.CreateTextFile(strOutput, True)
objOutput.WriteLine """Username"",""DisplayName"",""Description"",""Email"",""Alt Username"",""Alt DisplayName"",""Alt Email"""

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
strBase = "<LDAP://" & strOU & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "adsPath"
strScope = "subtree"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
	Set objUser = adoRecordset.Fields("adsPath").Value
	strUsername = objUser.samAccountName
	strDisplayName = objUser.DisplayName
	strDescription = objUser.Description
	strEmail = objUser.mail
	strAltRecipient = objUser.altRecipient
	If strAltRecipient <> "" Then
		Set objForwardedUser = GetObject("LDAP://" & strAltRecipient)
		strForwardedUsername = objForwardedUser.samAccountName
		strForwardedDisplayName = objForwardedUser.displayName
		strForwardedEmail = objForwardedUser.mail
	Else
		strForwardedUsername = ""
		strForwardedDisplayName = ""
		strForwardedEmail = ""
	End If
	objOutput.WriteLine """" & strUsername & """,""" & strDisplayName & """,""" & strDescription & """,""" & strEmail & """,""" & strForwardedUsername & """,""" & strForwardedDisplayName & """,""" & strForwardedEmail & """"
	adoRecordset.MoveNext
Loop

adoRecordset.Close
adoConnection.Close
      
objOutput.Close

WScript.Echo "Finished"

Open in new window

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
bsharathAuthor Commented:
Thanks Rob
I get this

---------------------------
Windows Script Host
---------------------------
Script:      D:\Get details AD with forwards.vbs
Line:      25
Char:      1
Error:      Table does not exist.
Code:      80040E37
Source:       Provider

---------------------------
OK  
---------------------------
0
 
RobSampsonCommented:
You will need to make sure that this line is structured properly:
strOU = "OU=SecondOU,OU=FirstOU,DC=domain,DC=com"

and do not put the LDAP:// at the start.

Rob.
0
 
bsharathAuthor Commented:
Now get this


---------------------------
Windows Script Host
---------------------------
Script:      D:\Get details AD with forwards.vbs
Line:      27
Char:      2
Error:      Object required: '[string: "LDAP://CN=Uha Si,O"]'
Code:      800A01A8
Source:       Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
 
RobSampsonCommented:
Oops, plase change
      Set objUser = adoRecordset.Fields("adsPath").Value

to
      Set objUser = GetObject(adoRecordset.Fields("adsPath").Value)

Regards,

Rob.
0
 
bsharathAuthor Commented:
perfect Rob
One change
Can we have 4 OU's excluded within the root we scan
0
 
RobSampsonCommented:
Do you want each OU, and then each sub OU excluded?

For example, if you scan
domain.com/FirstOU/SecondOU

and then exclude
domain.com/FirstOU/SecondOU/ThirdOU

do you also want it to exclude
domain.com/FirstOU/SecondOU/ThirdOU/FourthOU

as well, or ONLY ThirdOU?

Rob.
0
 
bsharathAuthor Commented:
I scan OURoot
Exclude 3 OU's that i mention exactly
Not the Ou;s that are within the excluded OU

Say i have

>OU1
>>OU2
>>OU3

If i exclude OU1 then OU2 and OU3 has to be scanned
If excluded OU3 then OU1 and OU2 should be scanned
0
 
RobSampsonCommented:
OK, so exact matches only. Try this.

Regards,

Rob.
Set objExcludes = CreateObject("Scripting.Dictionary")

strOU = "OU=SecondOU,OU=FirstOU,DC=domain,DC=com"

objExcludes.Add LCase("OU=3,OU=2,OU=1,DC=domain,DC=com"), 0
objExcludes.Add LCase("OU=4,OU=1,DC=domain,DC=com"), 0
objExcludes.Add LCase("OU=5,OU=2,OU=1,DC=domain,DC=com"), 0
objExcludes.Add LCase("OU=6,OU=2,OU=1,DC=domain,DC=com"), 0

strOutput = "UserForwards.csv"

' Setup FSO objects.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutput = objFSO.CreateTextFile(strOutput, True)
objOutput.WriteLine """Username"",""DisplayName"",""Description"",""Email"",""Alt Username"",""Alt DisplayName"",""Alt Email"""

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
strBase = "<LDAP://" & strOU & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "adsPath"
strScope = "subtree"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
	Set objUser = GetObject(adoRecordset.Fields("adsPath").Value)
	If objExcludes.Exists(LCase(Mid(objUser.Parent, 8))) = False Then
		strUsername = objUser.samAccountName
		strDisplayName = objUser.DisplayName
		strDescription = objUser.Description
		strEmail = objUser.mail
		strAltRecipient = objUser.altRecipient
		If strAltRecipient <> "" Then
			Set objForwardedUser = GetObject("LDAP://" & strAltRecipient)
			strForwardedUsername = objForwardedUser.samAccountName
			strForwardedDisplayName = objForwardedUser.displayName
			strForwardedEmail = objForwardedUser.mail
		Else
			strForwardedUsername = ""
			strForwardedDisplayName = ""
			strForwardedEmail = ""
		End If
		objOutput.WriteLine """" & strUsername & """,""" & strDisplayName & """,""" & strDescription & """,""" & strEmail & """,""" & strForwardedUsername & """,""" & strForwardedDisplayName & """,""" & strForwardedEmail & """"
	End If
	adoRecordset.MoveNext
Loop

adoRecordset.Close
adoConnection.Close
      
objOutput.Close

WScript.Echo "Finished"

Open in new window

0
 
bsharathAuthor Commented:
0
 
bsharathAuthor Commented:
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now