Yes, seven minutes isn't too bad. However, using Win32::OLE to enumerate groups and their members is extremely processor and time intensive. By switching from Win32::OLE for reading *and* writing to ldifde for reading and Win32::OLE for writing, I now have my DB -> directory synchronization down from over 40 minutes to less than 2 minutes. This to my mind is a worthwhile speedup! Of course, it would probably be even quicker to export the data using ldifde, parse using perl and write ldifde import files for the changes ... sometimes adopting the unix approach on windows can yield benefits.
Bret -- Bret Giddings, Systems Manager, Computing Service, University of Essex Tel: (01206) 872577 Email: [EMAIL PROTECTED] Fax: (01206) 860585 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 22 August 2002 13:16 To: Giddings, Bret; [EMAIL PROTECTED] Subject: RE: Win2K User Collection Odd, I used the OLE to get all of the user objects from AD (recursively), and get over 24,000 users returned in seven minutes... not too slow for me. ############################################################################ ####### ############################################################################ ####### use Win32::OLE; use Win32::OLE::Enum qw/in with/; @g_users = (); $g_domain = "domainNameHere"; &EnumOUsForUsers("LDAP://".$g_domain."/CN=Users,DC=".$g_domain.",DC=net";); &EnumOUsForUsers("LDAP://".$g_domain."/OU=User Accounts,DC=".$g_domain.",DC=net"); ############################################################################ ####### ############################################################################ ####### sub EnumOUsForUsers{ ############################################################################ ### ### Recursively enumerates a given ldap DN and all child OU's for users accounts ### ### arguments (1): an ADSI path to the OU ### return: nothing ### requires: all users are stored in the globally defined @g_users array ### ### usage: ### my $g_users = (); ### &EnumOUsForUsers("LDAP://ubsw/CN=Users,DC=ubsw,DC=net";); ### ############################################################################ ### my $start = shift; ### local array for each group list my @userList; ### connect to the DN write_log("Connecting to LDAP DN: $start") if $debug; my $ou = Win32::OLE->GetObject( $start ); ### check for error if ( "Win32::OLE" ne ref $ou ) { my $numericValue = 0 + Win32::OLE->LastError(); my $stringValue = Win32::OLE->LastError(); write_log("ERROR: Number: $numericValue, Value: $stringValue"); } write_log("Successfully connecting to LDAP DN: $start") if $debug; ### define a filter so that we only look for user class objects $ou->{Filter} = [ 'user' ]; my $userCount = 0; ### loop through the collection and place the accounts in an array foreach my $item (in $ou) { $item->{Name} =~ /^CN=(.*)$/; my $account = $item->{sAMAccountName}; #print "User: $1\n"; #print "\tsAMAccountName: $account\n"; push( @userList, $account ); $userCount++; } ### add the array to the global array @g_users = ( @g_users, @userList ); ### stats for debugging $userListSize = @userList; $g_userListSize = @g_users; write_log("userList array size: $userListSize g_users array size: $g_userListSize") if $debug; ### define a filter so that we only look for organizationalUnit class objects $ou->{Filter} = [ 'organizationalUnit' ]; ### recurse foreach my $item (in $ou) { my $DN = $start; $DN =~ s/\/\/$g_domain\//\/\/$g_domain\/$item->{Name}\, /; write_log("new DN to search: $DN") if $debug; &EnumOUsForUsers( $DN ); } } -----Original Message----- From: Giddings, Bret [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 22, 2002 4:48 AM To: Hornyak, Douglas; [EMAIL PROTECTED] Subject: RE: Win2K User Collection I have pretty much given up on Win32::OLE for reading AD as its too slow. I now use ldifde to export data and perl/Win32::OLE to create, process and update. The only problem with this approach is that you can't enumerate groups with more than 1000 members - although you can usually get round this by enumerating the memberOf attribute on users - assuming your users aren't a member of more than 1000 groups. Attached is a module written to run ldifde and enumerate your choice of OU/attributes along with a simple example program. Bret -- Bret Giddings, Systems Manager, Computing Service, University of Essex Tel: (01206) 872577 Email: [EMAIL PROTECTED] Fax: (01206) 860585 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 21 August 2002 21:22 To: [EMAIL PROTECTED] Subject: RE: Win2K User Collection I had attempted to use it in a recursive ACL collection subroutine. It refuses to release memory, which becomes a problem on large file systems. I posted a few times to this list before giving up on it. The only solutions were a) call Win32::Perms from a separate program - guaranteed memory release or b) use something else. a) ended up being too big of a performance killer... -----Original Message----- From: Timothy Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 4:14 PM To: Hornyak, Douglas; [EMAIL PROTECTED] Subject: RE: Win2K User Collection My only beef with Win32::Perms so far is that the recurse method could stand to be rewritten to work more intuitively. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 7:40 PM To: [EMAIL PROTECTED] Subject: RE: Win2K User Collection I have his book, and I'm not buying the second one unless he fixes the memory leak in Win32::Perms hint, hint ;-) -----Original Message----- From: Timothy Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 1:33 PM To: 'Steven Manross'; Hornyak, Douglas; [EMAIL PROTECTED] Subject: RE: Win2K User Collection And don't forget to pick up a copy of dave roth's Win32 Perl Administrator's Handbook (I'm not sure if I got the name exactly right, check out http://www.roth.net) -----Original Message----- From: Steven Manross [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 7:24 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: Win2K User Collection Win32::OLE.. There are tons of examples to search through on Activestate's mailing list archive site. Check it out! http://aspn.activestate.com/ASPN/Mail/ Steven -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 10:05 AM To: [EMAIL PROTECTED] Subject: Win2K User Collection I have an NT4 script which uses Win32::AdminMisc::GetUsers but when I point it to AD it only grabs users from the default OUs (Builtin and Users). My organization has moved them, as most have... Before I go either trying each module or writing ldap queries, can anybody tell me which modules allow user collection from AD? Thanks. _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
