Odd, I used the OLE to get all of the user objects from AD (recursively), and get over
24,000 users returned in seven minutes... not too slow for me.
###################################################################################
###################################################################################
use Win32::OLE;
use Win32::OLE::Enum qw/in with/;
@g_users = ();
$g_domain = "domainNameHere";
&EnumOUsForUsers("LDAP://".$g_domain."/CN=Users,DC=".$g_domain.",DC=net";);
&EnumOUsForUsers("LDAP://".$g_domain."/OU=User Accounts,DC=".$g_domain.",DC=net");
###################################################################################
###################################################################################
sub EnumOUsForUsers{
###############################################################################
### Recursively enumerates a given ldap DN and all child OU's for users
accounts
###
### arguments (1): an ADSI path to the OU
### return: nothing
### requires: all users are stored in the globally defined @g_users array
###
### usage:
### my $g_users = ();
### &EnumOUsForUsers("LDAP://ubsw/CN=Users,DC=ubsw,DC=net";);
###
###############################################################################
my $start = shift;
### local array for each group list
my @userList;
### connect to the DN
write_log("Connecting to LDAP DN: $start") if $debug;
my $ou = Win32::OLE->GetObject( $start );
### check for error
if ( "Win32::OLE" ne ref $ou )
{
my $numericValue = 0 + Win32::OLE->LastError();
my $stringValue = Win32::OLE->LastError();
write_log("ERROR: Number: $numericValue, Value: $stringValue");
}
write_log("Successfully connecting to LDAP DN: $start") if $debug;
### define a filter so that we only look for user class objects
$ou->{Filter} = [ 'user' ];
my $userCount = 0;
### loop through the collection and place the accounts in an array
foreach my $item (in $ou)
{
$item->{Name} =~ /^CN=(.*)$/;
my $account = $item->{sAMAccountName};
#print "User: $1\n";
#print "\tsAMAccountName: $account\n";
push( @userList, $account );
$userCount++;
}
### add the array to the global array
@g_users = ( @g_users, @userList );
### stats for debugging
$userListSize = @userList;
$g_userListSize = @g_users;
write_log("userList array size: $userListSize g_users array size:
$g_userListSize") if $debug;
### define a filter so that we only look for organizationalUnit class objects
$ou->{Filter} = [ 'organizationalUnit' ];
### recurse
foreach my $item (in $ou)
{
my $DN = $start;
$DN =~ s/\/\/$g_domain\//\/\/$g_domain\/$item->{Name}\, /;
write_log("new DN to search: $DN") if $debug;
&EnumOUsForUsers( $DN );
}
}
-----Original Message-----
From: Giddings, Bret [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 22, 2002 4:48 AM
To: Hornyak, Douglas; [EMAIL PROTECTED]
Subject: RE: Win2K User Collection
I have pretty much given up on Win32::OLE for reading AD as its too slow. I
now use ldifde to export data and perl/Win32::OLE to create, process and
update. The only problem with this approach is that you can't enumerate
groups with more than 1000 members - although you can usually get round this
by enumerating the memberOf attribute on users - assuming your users aren't
a member of more than 1000 groups. Attached is a module written to run
ldifde and enumerate your choice of OU/attributes along with a simple
example program.
Bret
--
Bret Giddings, Systems Manager, Computing Service, University of Essex
Tel: (01206) 872577 Email: [EMAIL PROTECTED] Fax: (01206) 860585
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 21 August 2002 21:22
To: [EMAIL PROTECTED]
Subject: RE: Win2K User Collection
I had attempted to use it in a recursive ACL collection subroutine. It
refuses to release memory, which becomes a problem on large file systems. I
posted a few times to this list before giving up on it. The only solutions
were a) call Win32::Perms from a separate program - guaranteed memory
release or b) use something else.
a) ended up being too big of a performance killer...
-----Original Message-----
From: Timothy Johnson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 21, 2002 4:14 PM
To: Hornyak, Douglas; [EMAIL PROTECTED]
Subject: RE: Win2K User Collection
My only beef with Win32::Perms so far is that the recurse method could stand
to be rewritten to work more intuitively.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 21, 2002 7:40 PM
To: [EMAIL PROTECTED]
Subject: RE: Win2K User Collection
I have his book, and I'm not buying the second one unless he fixes the
memory leak in Win32::Perms
hint, hint
;-)
-----Original Message-----
From: Timothy Johnson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 21, 2002 1:33 PM
To: 'Steven Manross'; Hornyak, Douglas;
[EMAIL PROTECTED]
Subject: RE: Win2K User Collection
And don't forget to pick up a copy of dave roth's Win32 Perl Administrator's
Handbook (I'm not sure if I got the name exactly right, check out
http://www.roth.net)
-----Original Message-----
From: Steven Manross [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 21, 2002 7:24 PM
To: '[EMAIL PROTECTED]';
[EMAIL PROTECTED]
Subject: RE: Win2K User Collection
Win32::OLE..
There are tons of examples to search through on Activestate's mailing list
archive site.
Check it out!
http://aspn.activestate.com/ASPN/Mail/
Steven
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 21, 2002 10:05 AM
To: [EMAIL PROTECTED]
Subject: Win2K User Collection
I have an NT4 script which uses Win32::AdminMisc::GetUsers but when I point
it to AD it only grabs users from the default OUs (Builtin and Users). My
organization has moved them, as most have...
Before I go either trying each module or writing ldap queries, can anybody
tell me which modules allow user collection from AD?
Thanks.
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
Visit our website at http://www.ubswarburg.com
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
Visit our website at http://www.ubswarburg.com
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
Visit our website at http://www.ubswarburg.com
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
