Hi Joe. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, May 26, 2004 2:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?
Hi Al. :o) &(objectcategory=person)(objectclass=user) is a good filter though it wouldn't catch inetorgpersons. Slightly better may be &(objectcategory=person)(samaccountname=*) if you have contact objects or you have inetorgpersons you want to catch as well as user objects. If you have no contacts and no inetorgpersons, either of those filters should perform the same. Just doing objectcategory=person will get you objectclasses: dn:CN=Organizational-Person,CN=Schema,CN=Configuration,DC=joe,DC=com dn:CN=Contact,CN=Schema,CN=Configuration,DC=joe,DC=com dn:CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com dn:CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=joe,DC=com dn:CN=User,CN=Schema,CN=Configuration,DC=joe,DC=com So let's put it this way, say you have 100k users and 200k contacts in your directory. If you just do Objectcategory=person You will get back 300k objects. If you do (&(objectcategory=person)(objectclass=user)) You will get back 100k objects though it would have to chase through 300k objects (assuming objectclass has not been indexed in that forest). If you do (&(objectcategory=person)(objectclass=samaccountname=*)) You will get back 100k objects and will only chase through 100k objects. If you add inetorgperson into the mix, you will catch them on the first filter and the third, but not the second. So if your mix was 100k users, 200k contacts, 50k inetorgpersons you would see First filter 350k objects returned Second filter 100k objects returned, 350k objects checked Third filter 150k objects returned, 150k objects checked. Now to just get the ones with an email address you add in email=* but note that that may not necessarily be people with Exchange mailboxes... That you would need to go after something like home MDB. Note that mail is indexed so that is a nice attribute to use. Home MDB I don't believe is. On the script that was posted (I think by Tom), it would be just as efficient as you say if there was only a single container BUT ALSO if it only contained user objects. If there were for instance many computer or group objects in the same container it would bog down chasing through those. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, May 26, 2004 11:52 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD? The -l params is a nice touch but curious why you want to find objectClass objects. That's an inefficient query IIRC. Plus, if you return each person in the directory (you should start at a higher node to supply an answer to his request which is to find ALL users in the domain; if he had them in one OU or container, he could use that script that as posted quite easily wihtout much mod.)you're potentially bringing back way more than he wanted, which again is inefficient right? It's a best practice to narrow the search as much as possible prior to execution to prevent overloading the dc with query traffic. ObjectClass is not usually recommended nor is both user and person (they're redundant mostly)in the same query. Correct me if I'm wrong though. I hate to be wrong thinking I'm right ;) Narrow it down to just users in the domain that have mail attributes and return the mail and proxyaddresses attributes (forgot about the list of attributes to post before in my haste to rush off to other things). Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A Sent: Wednesday, May 26, 2004 11:29 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Can LDP be used to create email report of all users in AD? csvde -f outfile.txt -d "cn=users,dc=yourdomain,dc=com" -r "(&(objectclass=user)(objectcategory=person))" -l mail,proxyaddresses Replace the "cn=users,dc=yourdomain,dc=com" with the place you want to start the search, or leave out the -r altogether if you want to do the whole domain naming context of the current domain. You indicated they have only one address, so you could leave off the proxyaddresses part as well. HTH Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Grantham, Caron Sent: Wednesday, May 26, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Can LDP be used to create email report of all users in AD? They only have one address, I'm trying to figure out the correct syntax for a CSVDE export, do you know? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Wednesday, May 26, 2004 9:45 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Can LDP be used to create email report of all users in AD? If your users have more than one email address, you will also need to get the proxyAddresses attribute. -----Original Message----- From: Grantham, Caron [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 7:35 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Can LDP be used to create email report of all users in AD? I'm looking for a way to get an email address report for all user objects in Active Directory. Any idea on how to do this? I see the mail attribute in LDP but how can I get just this one field filtered out into a report Thanks List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
