ADFIND V01.27.00 is now out of beta. Final version is available at http://www.joeware.net/win/free/tools/adfind.htm
Thanks to those who beta tested and forwarded on input. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, October 25, 2005 10:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADFIND mods Beta 2 is ready. Same download location. http://www.joeware.net/win/free/tools/adfind-beta.htm I have fixed a couple of bugs I found and some others reported. Also added a couple of items that I thought of and/or were recommended. -tdcs - time decode in more easily sortable format than -tdc. CSV really helped drive this change. I had everything in place for it, just didn't have it exposed via a switch. -utc - output -tdc/-tdcs in UTC instead of local TZ Also have -tdc/-tdcs output TZ so you know what it is. -nocsvheader - doesn't list attribute header at top of csv output -po - print out all switches and attributes specified. This will dump out everything set through command line as well as -e and -ef options. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, October 19, 2005 12:15 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADFIND mods I have finished the initial pass through the adfind updates. I have done some testing and allowed a few others to test it and am now opening up the beta to this list, please don't forward as I don't want a bunch of people using the beta 2 months from now. o Phantom Root capability (-pr) - Allows you to search across all partitions across a DC or ADAM instance based on specified base. I.E. -b ".com" would retrieve *.com partitions. -b "" would retrieve all partitions say all ADAM partitions or default domain, config, and schema of a DC (even if it isn't a GC). o Added list (-list) - output from adfind is in list format. For instance say you want a simple list of ldapdisplaynames of all the attributes in the schema. You could use a query like Adfind -schema -f objectcategory=attributeschema ldapdisplayname -list If you want the output sorted by ldapdisplayname, you do not have to specify -sort ldapdisplayname, if you specify -sort or -rsort it will automatically assume you want ldapdisplayname or whatever other attribute you are listing by. However, if you want it sorted by some other attribute, you can still specify it. o Added -soao - Sorted order attribute output. Jerry Schulman asked me for this and the next update. This sorts the attributes output for each object by attribute name so they will be in a consistent order. This is nice for scripting in the scripting languages that have minimal parsing capabilities (like not Perl) ;o) o -oao - Ordered attribute output. Attribute output for each object is in the order you specify attributes to be returned in the command submitted. Not only that, but if a specific object doesn't have one of the attributes, it will still put a slot in the output for that attribute. By default that slot will be empty (>attribname:) but if you like, you can specify a value to insert (this is from Al Mulnick from some time last year) like say #undef# so if an attribute you specify to be returned will have that value in the output (>attribname: #undef#). This is done by specifying that string after the -oao switch. o CSV output... You must specify a list of attributes to be returned, if you don't it will autoselect dn and name for you. If you don't want to specify a list of attributes, you can still use adcsv.pl (Should I compile that?). Supporting switches are -csvdelim, -csvmvdelim, -csvq. The delim switches let you specify delimiters for the attribs and the values of a mv attrib. csvq lets you specify a different value to quote the attributes, default is the quote character. -nodn is supported with -csv... o -incldn and -incldndelim - these are like -excldn and -excldndelim but allows you to filter on what you want to see versus what you don't want to see. Remember, all data from the query comes back, this will simply filter out unwanted objects on display. o Added the ability to decode msDS-User-Account-Control-Computed when using -samdc o Added decode for AzMan groups (basic and query based) with -samdc on grouptypes. o Fixed a bug in the filter expansion of the stats+ output. It would blow it if there were parens in the output that wasn't related to the filter itself. o Added environment option (-e). We discussed this functionality and the next functionality on the list a while back. You can specify environment variables and adfind will read them and use them like they were specified on the command line. Switches provided at the command line will override anything specified in the env vars. Attributes specified will be in addition to what is specified on the command line. The default prefix for the env vars is adfind-. So if you wanted to specify a host to use in the env vars, say because you don't want to keep typing it, you could type Set adfind-h=hostname.somedomain.someotherdomain.somedomain.com And then when you do adfind and specify the -e switch it will pull that in and use it. If you want to specify a different prefix you specify it after the -e like for instance -e adam1 -e adam2 -adam3 and then you could have Set adam1-h=somehost:345 Set adam2-h=somehost:5000 Set adam3-h=someotherhost.something.com You could also do this with filters you like to use Set nastyfilter1-f=&(blah)(blah)(blah)(blah)(|(blah)(!(&(blah)(blah)(blah)))) If you want to specify properties you either don't specify a switch name or use the virtual switch props so adfind-props or adfind- should work. o Added environment from file option (-ef). Similar to above -e option except that you specify the switches in a file just like you would on the command line only one switch per line. Attributes can be specified on a single line each or all on one line. Again switches on the command line will override. You can combine -e and -ef. Processing order is -ef and then -e. For example you could have a file like -h 2k3dc01 -config -f objectcategory=subnet name siteobject If the file is named adfind.cf you simply specify -ef, if you want to use a different file name, specify the filename after the -ef. o Modified help so that hopefully it isn't so intimidating when you first try it. I started looking at making it so every switch gave full examples, etc but then realized I wasn't making this for my grandmother to use and figured a compentent AD Admin should be able to work out how to use most of the switches with the help given. If you find specific examples that you don't agree with me on, email me what you think is wrong and how you think it should be. You can download from the following location. Please download with the understanding that when I publish the "release version" in a week or two or three that you will delete the beta and get the new version. http://www.joeware.net/win/free/tools/adfind-beta.htm If you try it and find an issue, please email me directly. thanks, joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, October 12, 2005 1:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADFIND mods You will need multiple t-shirts, so far I have added around 10 new switches for V01.27.00. I have had a muse sitting near me or something. ;o) I decided it would still be quite a while for V2.* as I want to do some other things first so I figured I would shove a bunch of stuff in now. I am also looking at the usage screen too to see if I can give a simple help and an advanced help and probably a "only look at this help if you really understand what you are doing" help. I figure the simple help will show how to build the simplest query. The other screens will go from there. Honestly, I don't expect everyone to use every aspect of adfind. Many people will do things in a possibly simpler and a more inefficient manner than optimal but that manner will be familiar to them. I offer all of the abilities adfind has for those people who truly know what can be done so they can pull off what they need to do at the command line without writing their own compiled tool, hopefully in an optimal fashion. I enjoy it when Dean is forced to admit that adfind is the only way to do this that or the other advanced task. //* V01.27.00 2005.10.xx o 08/24 Added -PR (PhantomRoot) * //* o 10/10 Added -list * //* o 10/10 Changed attrib output method (deep) * //* o 10/10 Added -soao (Sorted order attr out) * //* o 10/10 Added -oao (order attr out) * //* o 10/10 Added -csv, csvdelim,csvmvdelim * //* o 10/11 Added -incldn, -incldndelim * //* o 10/11 Added port on basic info output * //* o 10/11 Decode with -samdc * //* msDS-User-Account-Control-Computed* //* and also more grouptypes * //* o 10/11 Fixed stats filter expansion bug * //* o 10/12 Added -e to read environment vars * //* for setting switches/args * Along with the help, I have one other thing I am trying to work out a way to handle in a generic way. If I can do it in the next few days I will. If not, I will stop the mods and look at allowing some folks to beta. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Tuesday, October 11, 2005 10:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADFIND mods I was waiting for the t-shirt before using it. If it's already there, that would be great. Now if only I could read... <dg> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, October 11, 2005 5:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADFIND mods Hey Al, have you actually used any of my tools? <eg> I added the CSVDelim and CSVMVDelim switches before I added the CSV switch. ValidOptions.push_back("csvdelim"); // CSV Delimiter ValidOptions.push_back("csvmvdelim"); // CSV Multivalue Delimiter ValidOptions.push_back(":list"); // List mode ValidOptions.push_back(":soao"); // Sort Ordered Attribute Output ValidOptions.push_back(":oao"); // Ordered Attribute Output ValidOptions.push_back(":csv"); // CSV Output string CSVDelim=","; string CSVMVDelim=";"; if (CmdLine.HasSwitch("csv")) { bQuiet=true; bNoDN=true; bCSV=true; bNoLabel=false; if (!CmdLine.NumArgs()) CmdLine.AddArg("name"); if (CmdLine.HasSwitch("csvdelim")) CSVDelim=CmdLine.GetSwitch("csvdelim"); if (CmdLine.HasSwitch("csvmvdelim")) CSVMVDelim=CmdLine.GetSwitch("csvmvdelim"); ... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Tuesday, October 11, 2005 11:07 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADFIND mods Yay!!! Uh, one thing though. While you're mod'ing the CSV output, can you make it so that we can pick the separator character? I know the purists out there wouldn't like to call something a csv if it's not, well comma separated, but it's sometimes useful to utilize other separator characters. Please? -ajm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, October 11, 2005 1:30 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADFIND mods Not trying to scare anyone but I actually might have somehow hacked CSV support into the V1.* version of adfind. Jerry[1] pulled me off to the side at the MVP summit during the Exec sessions and threatened to thrash me if I didn't add the ability to support sorting the attribute output order for objects into adfind. Well actually he said it very nicely, Jerry is a very nice guy. I say this in case you don't know him personally. Then Marty List said that is a great idea and then Dean said it was a good idea which almost made me not do it because Dean doesn't like me but I decided I liked Jerry and Marty enough to overcome the dislike Dean has. Yup. ;o) So I got home from the summit, received my email to myself to remind myself that I needed to make that mod for Jerry so I didn't have to keep looking in the rearview mirror and sending my cat out to start the truck. So I pulled up the adfind code and scrolled through it (since I hadn't looked at the overall flow in months) to reaquaint myself with how hacked it is (it really is at this point, positively evil). Then I closed it and waiting until the bug bit me to tell me my mind had somehow figured out how to insert the new code... Well it bit me tonight while watching My Name is Earl on the Media Center PC. I had worked out where I needed to further hack the code and opened it up and started slinging code and have been doing so for the last couple of hours though now I have to rewatch Earl because I lost the thread of what was happening. After I stuck in Jerry's attribute sort so that an object will return the attributes in an order sorted by attribute name say >cn: Users >dSCorePropagationData: 20050805040803.0Z >dSCorePropagationData: 20050805040622.0Z >dSCorePropagationData: 20050805032808.0Z >dSCorePropagationData: 20050805031109.0Z >dSCorePropagationData: 16010714223649.0Z >description: Default container for upgraded user accounts >distinguishedName: CN=Users,DC=joe,DC=com >instanceType: 4 >memberOf: CN=MyDL,OU=contacts,DC=joe,DC=com >name: Users >objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=joe,DC=com >objectClass: top >objectClass: container >objectGUID: {48F745DD-7E01-4151-A1EA-C7D16085DAE6} >uSNChanged: 3021990 >uSNCreated: 16365 >whenChanged: 20050805051458.0Z >whenCreated: 20040309041843.0Z instead of the default return order from the server of >objectClass: top >objectClass: container >cn: Users >description: Default container for upgraded user accounts >distinguishedName: CN=Users,DC=joe,DC=com >instanceType: 4 >whenCreated: 20040309041843.0Z >whenChanged: 20050805051458.0Z >uSNCreated: 16365 >memberOf: CN=MyDL,OU=contacts,DC=joe,DC=com >uSNChanged: 3021990 >name: Users >objectGUID: {48F745DD-7E01-4151-A1EA-C7D16085DAE6} >objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=joe,DC=com >dSCorePropagationData: 20050805040803.0Z >dSCorePropagationData: 20050805040622.0Z >dSCorePropagationData: 20050805032808.0Z >dSCorePropagationData: 20050805031109.0Z >dSCorePropagationData: 16010714223649.0Z I decided to add a quick list function which combines -nodn -nolabel and inserts the attribute specified into the -sort or -rsort without having to type the attribute again which I have wanted for some time because I was tired of typing all of that stuff all of the time. I then decided since it was all going too smoothly I should take a shot at CSV output because I really need to crash it good when I am adding new things so I can slap my forehead and think, what in the world do I do this for. Plus the mechanism I had set up to pull off Jerry's option I had architected in such a way that CSV was at least remotely possible theoretically and how dare I not test the theory. This CSV option only works with DN and name if you don't specify specific attributes or it works with the attributes you specify though DN will always be the first column. Amazingly, it seems to be working and it isn't entirely slow. I have to play with it some more and I thought of a couple of other options to try and stick in and break things before I start officially beta testing it. Once I get to that point I may annoy some folks into testing it out for me. If you use adfind a lot and would like to test the new version when I am ready to let someone find the holes, respond to me with this email and why you would like to test it and I will put you in the hat. Oh here is what the csv output looks like at the moment.... F:\Dev\CPP\AdFind>adfind -h 2k3dc01 -default -s one name objectclass whenchanged -csv -sort name "dn","name","objectclass","whenchanged" "CN=Builtin,DC=joe,DC=com","Builtin","top;builtinDomain","20040625234526.0Z" "OU=CleanOU,DC=joe,DC=com","CleanOU","top;organizationalUnit","2005080401461 3.0Z" "CN=Computers,DC=joe,DC=com","Computers","top;container","20040625234526.0Z" "OU=contacts,DC=joe,DC=com","contacts","top;organizationalUnit","20050821222 039.0Z" "OU=Domain Controllers,DC=joe,DC=com","Domain Controllers","top;organizationalUnit","20040625234526.0Z" "OU=Exchange,DC=joe,DC=com","Exchange","top;organizationalUnit","20040625234 707.0Z" "CN=ForeignSecurityPrincipals,DC=joe,DC=com","ForeignSecurityPrincipals","to p;container","20040625234526.0Z" "CN=Infrastructure,DC=joe,DC=com","Infrastructure","top;infrastructureUpdate ","20050613155937.0Z" "CN=LostAndFound,DC=joe,DC=com","LostAndFound","top;lostAndFound","200406252 34526.0Z" "CN=Microsoft Exchange System Objects,DC=joe,DC=com","Microsoft Exchange System Objects","top;container;msExchSystemObjectsContainer","20050330022442.0Z" "CN=NTDS Quotas,DC=joe,DC=com","NTDS Quotas","top;msDS-QuotaContainer","20040625234526.0Z" "CN=Program Data,DC=joe,DC=com","Program Data","top;container","20040625234655.0Z" "OU=Sales,DC=joe,DC=com","Sales","top;organizationalUnit","20050920020829.0Z " "OU=someapp,DC=joe,DC=com","someapp","top;organizationalUnit","2005082405111 4.0Z" "CN=someapp2,DC=joe,DC=com","someapp2","top;person;organizationalPerson;user ","20050824051145.0Z" "CN=System,DC=joe,DC=com","System","top;container","20040625234526.0Z" "OU=TestOU,DC=joe,DC=com","TestOU","top;organizationalUnit","20050715071524. 0Z" "CN=Users,DC=joe,DC=com","Users","top;container","20050805051458.0Z" joe [1] Yes that Jerry, Jerold Schulman, of the reghacks / JSI Inc web site. http://www.jsiinc.com/aboutJSI.htm List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
