The script I posted last week will do pretty much precisely that ... it's
enclosed as is the original post.
<paste>
Since a solution hasn't manifested itself to date, I got intrigued and tried
to put this together in a simple and relatively fast shell script ... which
I've enclosed as a text file (if memory serves I am able to enclose small
text files).
The script requires two args; a QUOTED "DN" and the LDAP name of the
attribute to look at.
Hope this serves your purpose, if not, I'm certain it will serve me at some
point in the future :)
Dean
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Palenchar
Sent: Monday, April 04, 2005 5:23 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] GroupBy type queries in LDAP
OK, LDAP evangelists,
I need to query our customer-facing AD for a list of all the users who share
a particular attribute. Let's call that attribute "Attribute1."
So, if two people have the same value in Attribute1, I need their DN.
The trick is, that I want the results for all possible values of Attribute1.
In SQL, I would use group by Attribute1 having count(Attribute1) >1 to get a
list of all Attribute1 values where more than one object had the same value.
I would then join that back to the table to get a list of all the DN's with
those values of Attribute1.
Is there a way to do this with an LDAP query.
Please note that the directory contains millions of objects and iterating
through them will be painful.
</paste>
:: Active Directory Duplicate value detection script / Dean Wells /
MSEtechnology / April 2005
:: Requires 2 arguments = 1st is a quoted DN, 2nd is an attribute LDAP name
:: Script then queries directory for any 2 or omre objects that share the same
value and writes
:: their DN to the results file which is displayed upon script completion
@echo off
setlocal ENABLEDELAYEDEXPANSION
if [%2]==[] goto :ERROR
set DN=%1
set ATTRIBUTE=%2
set TEMPDIR=%TEMP%\$DUPES$
set TEMPFILE1="%TEMP%\$DUPES$.ldf"
set TEMPFILE2="%TEMP%\$DUPES$.tmp"
set RESULTFILE=\DupeResults.TXT
rd /s /q "%TEMPDIR%" 2>nul
md "%TEMPDIR%" 2>nul
ldifde -o "objectcategory=*" -f %TEMPFILE1% -d %DN% -l %ATTRIBUTE%
if errorlevel 1 goto :END
set DN=
set UNIQUEVALUE=
set LINE=
for /f "tokens=*" %%p in ('type %TEMPFILE1% ^| findstr /i "dn: %ATTRIBUTE%:"')
do (
set LINE=%%p
if /i "!LINE:~0,3!"=="dn:" (
set DN=!LINE:~4!
set UNIQUEvALUE=
) else (
set UNIQUEVALUE=!LINE:~0,80!
set UNIQUEVALUE=!UNIQUEVALUE:%ATTRIBUTE%: =!
set UNIQUEVALUE=!UNIQUEVALUE:\=-!
set UNIQUEVALUE=!UNIQUEVALUE:/=-!
set UNIQUEVALUE=!UNIQUEVALUE::=-!
if not [!UNIQUEVALUE!]==[] echo !DN! >>"%TEMPDIR%\!UNIQUEVALUE!"
)
)
del %RESULTFILE% 2>nul
for %%a in (%TEMPDIR%\*.*) do (
set COUNT=0
for /f "usebackq tokens=*" %%d in ("%%a") do (
set /a COUNT+=1
echo %%d>>%TEMPFILE2%
)
if "!COUNT!" GTR "1" (
echo %ATTRIBUTE%: %%~na>>%RESULTFILE%
type %TEMPFILE2% >>%RESULTFILE%
echo/>>%RESULTFILE%
)
del %TEMPFILE2% 2>nul
)
%RESULTFILE%
goto :END
:ERROR
echo ERROR - Supply DN in quotes followed by attribute's LDAP name
:END
del %TEMPFILE1% 2>nul
