Using the excellent (and free) ADFind utility to search Windows Active Directory August 10, 2006
Posted by Matt in Active Directory.trackback
While not scripting per say, there are many times when you just need to do a quick lookup or dump from your Windows Active Directory installation. You could write a script in vbscript, .NET, vb6, Java, PHP, and almost any other language, but save your time for something else.
ADFind available at Joeware.net provides a powerful commandline interface for Windows where you can run any LDAP query you can think of.
Here’s a sample…
AdFind.exe -s subtree -nodn -t 900 -csv -b “dc=corp,dc=com” -f “(&(objectCategory=person)(objectclass=contact)(mail=*))” displayname mail >contacts_displaynames.csv
Running this against your AD will provide you with a nice comma-separated dump of all your Contact object’s displaynamesa and primary e-mail address’. As you can see you can use ADFind to point to a particular BaseDN (-b) and run any LDAP query (-f), along with dumping your choice of properties. The “>contacts_displaynames.csv” piece is a DOS command to dump the results to a new file.
Some more examples…
Dump Global Security Groups
AdFind.exe -s subtree -t 900 -b “dc=corp,dc=com” -nodn -csv -bit -f “(&(objectcategory=group)
(grouptype:1.2.840.113556.1.4.803:=2147483650))”
name samaccountname >global_security_groups.csv
Count of Global Security Groups
AdFind.exe -s subtree -t 900 -b “dc=corp,dc=com” -bit -c -f “(&(objectcategory=group)
(grouptype:1.2.840.113556.1.4.803:=2147483650))”
Find the SidHistory of an object
AdFind.exe -s subtree -nodn -t 900 -csv -b “dc=corp,dc=com” -f “(&(objectCategory=person)(samaccountname=myuserid))” objectsid SidHistory
Search by Primary E-Mail address
AdFind.exe -s subtree -nodn -t 900 -b “dc=corp,dc=com” -f “(&(objectcategory=person)(mail=my.mail@corp.com))” displayname samaccountname
[…] So, get dig up those old command line tools and go to town! You could even use it to fire off ADFind to do some nice Active Directory reporting. […]
Just being a little picky, your sentence is not correct. The correct way to open would be per se, not per say.
http://en.wikipedia.org/wiki/Per_se
🙂
Hello, after reading this awesome article i am also
cheerful to share my experience here with friends.