Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

AD quarrying  tools

Posted on 2013-02-03
10
Medium Priority
?
523 Views
Last Modified: 2013-03-08
Hi Guys,

I am looking for a tool to quarrying AD object ( computers ), we have different computer OU like Test OU , DEV OU  and PROD OU etc . Could anyone please provide me simple quarrying tools or script to get just OU members ( servers and workstation) . I would like to get the final result in CVS format .

Regards
J
0
Comment
Question by:Jey_P
10 Comments
 
LVL 10

Assisted Solution

by:Prashant Girennavar
Prashant Girennavar earned 1000 total points
ID: 38849948
Below is the powershell script which will list out the ComputerName, OperatingSystem and the Object patch where it exists.

Import-Module ActiveDirectory
$k = Get-ADComputer -Filter * -SearchBase "DC=Contoso,Dc=Com" -Properties *
$list = @()
Foreach ($os in $k)
{
 If ($os.Operatingsystem -match "windows *")
 {
  $list +=$os | Select-Object -Property @{l='Servername';e={$_.Name}},@{l='Operatingsystem';e={$_.Operatingsystem}},@{l='Objectpath';e={$_.CanonicalName}}
  }

  }
$list | Export-Csv C:\Windows.csv -NoTypeInformation
  

Open in new window



You should modify the DN (DC=Constoso,DC=com) according to your needs.

Hope this helps.

Regards,

_Prashant_
0
 
LVL 20

Assisted Solution

by:agonza07
agonza07 earned 400 total points
ID: 38849949
Change the LDAP for each OU, and modify the output to your liking. You can also nest the code to output in a CVS format for all your OUs.


' List All Computer Accounts in Active Directory


Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name, Location from 'LDAP://OU=TestOU,DC=fabrikam,DC=com' " _
        & "Where objectClass='computer'"  
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
    Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value
    Wscript.Echo "Location: " & objRecordSet.Fields("Location").Value
    objRecordSet.MoveNext
Loop

Open in new window

0
 
LVL 5

Expert Comment

by:coraxal
ID: 38849969
Well, I'd definitely recommend Powershell...one of the main goals of Powershell is to help in the administration of Microsoft technologies such as AD. I'd also suggest using the Quest AD Powerhsell cmdlets (very handy) http://www.quest.com/powershell/activeroles-server.aspx

Here's a sample script to query specific OU objects:
# To query user objects in a specific OU. Selecting the Name, SamAccountName, and DN of the user object

Get-QADUser -SearchRoot "OU=Test,DC=mydomain,DC=local" -SizeLimit 0 |
Select-Object Name,SamAccount,DN |
Export-Csv "C:\Temp\users.csv" -NoType

 # To query computer objects in a specific OU. Selecting the Name, SamAccountName of the computer object

Get-QADComputer -SearchRoot "OU=Test,DC=mydomain,DC=local" -SizeLimit 0 |
Select-Object Name,SamAccount,DN |
Export-Csv "C:\Temp\computers.csv" -NoType

# If you rather not install the Quest Powershell tools, and if you have the Active Directory powershell module installed on Windows 2008 R2

Get-ADUser -Filter * -ResultSetSize $null -SearchBase "OU=Test,DC=mydomain,DC=local" | 
Select-Object Name,SamAccountName,DistinguishedName |
Export-Csv "C:\Temp\users.csv" -NoType

Get-ADComputer -Filter * -ResultSetSize $null -SearchBase "OU=Test,DC=mydomain,DC=local" | 
Select-Object Name,SamAccountName | 
Export-Csv "C:\temp\computers.csv" -NoType

Open in new window

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Accepted Solution

by:
Jey_P earned 0 total points
ID: 38850024
Does anyone has a tools instated of Script?
0
 
LVL 41

Expert Comment

by:footech
ID: 38850121
To me it's a bit unclear what information you actually want in the .CSV.  Do you just want the computer name?  When you query an OU, do you want to include child OUs?  Do you need to be able to query your entire AD at once, or a single OU, or what?

You could even use Active Directory Users and Computers (ADUC) for this.  You can navigate to an OU and export a list of all objects it contains, or to be more specific, go to Saved Queries and make a new query for what ever criteria you want.  Pick an OU, include subtrees or not, limit it to computers or whatever.  Choose what columns you want (when you export it will include all the columns you've chosen).  And when you export you can choose tab delimited or comma delimited.
0
 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 38850775
You can use CSVDE tool or LDIFDE.
0
 
LVL 18

Expert Comment

by:Americom
ID: 38851686
I would use the above suggestion regarding Saved Queries from ADUC. You can select the whole domain to list all the computer object or simply select the OU you want to list all the objects etc. Give it a try first and you may not need any other tools if you just need to find out or sort out specific types of objects and export them to a file.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38855846
You may try this AD reporting tool and see if it works for you...
http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html
0
 

Author Comment

by:Jey_P
ID: 38948258
Thanks everyone.
0
 

Author Closing Comment

by:Jey_P
ID: 38965389
Thanks everyone.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Loops Section Overview

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question