subject:"RE\: \[ActiveDir\] Can LDP be used to create email report of all use rs in AD\?"

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

2004-05-27 Thread joe

As I read through this whole thread there was a couple of other things I
noticed if you don't mind if I ramble for a bit...


Objectcategory=user doesn't exist, that will be converted to
objectcategory=person, see below on what that will do for you.

ObjectClass=user is even worse. What happens with that is that it becomes an
object by object comparison through the entire search scope. So for instance
doing this on a small test domain with like 280 users in it and a couple of
machine accounts and a couple of groups the STATS control shows me it had to
chase through 3562 objects to return 280. Your mileage will vary but I don't
expect it would get much better than that. 

There is a way to help with this last issue, index objectclass
(searchFlags=9). Test in your lab but the growth of the DIT shouldn't be
much, I have seen 10% in the past. All of the crappy objectclass queries
only coming through will perform better. I think MS probably made a mistake
in not indexing objectclass out of the box. But that is simply my opinion.
The nice thing in doing that simple thing is that anyone that comes at you
with an app with crappy objectclass based ldap filters cough cough, they
will not impact AD as hard. I just wish there was as simple a solution for
finding all group memberships across a forest. 

  joe



 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, May 26, 2004 2:25 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all use
rs in AD?

Hi Al. :o)



&(objectcategory=person)(objectclass=user) is a good filter though it
wouldn't catch inetorgpersons. Slightly better may be
&(objectcategory=person)(samaccountname=*) if you have contact objects or
you have inetorgpersons you want to catch as well as user objects. If you
have no contacts and no inetorgpersons, either of those filters should
perform the same. 

Just doing objectcategory=person will get you objectclasses:

dn:CN=Organizational-Person,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=Contact,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=User,CN=Schema,CN=Configuration,DC=joe,DC=com


So let's put it this way, say you have 100k users and 200k contacts in your
directory. If you just do 

Objectcategory=person

You will get back 300k objects.

If you do

(&(objectcategory=person)(objectclass=user))

You will get back 100k objects though it would have to chase through 300k
objects (assuming objectclass has not been indexed in that forest).


If you do 

(&(objectcategory=person)(objectclass=samaccountname=*))

You will get back 100k objects and will only chase through 100k objects.


If you add inetorgperson into the mix, you will catch them on the first
filter and the third, but not the second. So if your mix was 100k users,
200k contacts, 50k inetorgpersons you would see


First filter
350k objects returned

Second filter
100k objects returned, 350k objects checked


Third filter 

150k objects returned, 150k objects checked.



Now to just get the ones with an email address you add in email=* but note
that that may not necessarily be people with Exchange mailboxes... That you
would need to go after something like home MDB. Note that mail is indexed so
that is a nice attribute to use. Home MDB I don't believe is. 

On the script that was posted (I think by Tom), it would be just as
efficient as you say if there was only a single container BUT ALSO if it
only contained user objects. If there were for instance many computer or
group objects in the same container it would bog down chasing through those.





  joe



 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, May 26, 2004 11:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all use
rs in AD?

The -l params is a nice touch but curious why you want to find objectClass
objects.  That's an inefficient query IIRC.  Plus, if you return each person
in the directory (you should start at a higher node to supply an answer to
his request which is to find ALL users in the domain;  if he had them in one
OU or container, he could use that script that as posted quite easily
wihtout much mod.)you're potentially bringing back way more than he wanted,
which again is inefficient right?  
It's a best practice to narrow the search as much as possible prior to
execution to prevent overloading the dc with query traffic.  ObjectClass is
not usually recommended nor is both user and person (they're redundant
mostly)in the same query.   Correct me if I'm wrong though.  I hate to be
wrong thinking I'm right ;)

Narrow it down to just users in the domain that have mail attributes and
return the mail and proxyaddres

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

2004-05-26 Thread Mulnick, Al

Hi Joe. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, May 26, 2004 2:25 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all use
rs in AD?

Hi Al. :o)

&(objectcategory=person)(objectclass=user) is a good filter though it
wouldn't catch inetorgpersons. Slightly better may be
&(objectcategory=person)(samaccountname=*) if you have contact objects or
you have inetorgpersons you want to catch as well as user objects. If you
have no contacts and no inetorgpersons, either of those filters should
perform the same. 

Just doing objectcategory=person will get you objectclasses:

dn:CN=Organizational-Person,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=Contact,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=User,CN=Schema,CN=Configuration,DC=joe,DC=com

So let's put it this way, say you have 100k users and 200k contacts in your
directory. If you just do 

Objectcategory=person

You will get back 300k objects.

If you do

(&(objectcategory=person)(objectclass=user))

You will get back 100k objects though it would have to chase through 300k
objects (assuming objectclass has not been indexed in that forest).

If you do 

(&(objectcategory=person)(objectclass=samaccountname=*))

You will get back 100k objects and will only chase through 100k objects.

If you add inetorgperson into the mix, you will catch them on the first
filter and the third, but not the second. So if your mix was 100k users,
200k contacts, 50k inetorgpersons you would see

First filter
350k objects returned

Second filter
100k objects returned, 350k objects checked

Third filter 

150k objects returned, 150k objects checked.

Now to just get the ones with an email address you add in email=* but note
that that may not necessarily be people with Exchange mailboxes... That you
would need to go after something like home MDB. Note that mail is indexed so
that is a nice attribute to use. Home MDB I don't believe is. 

On the script that was posted (I think by Tom), it would be just as
efficient as you say if there was only a single container BUT ALSO if it
only contained user objects. If there were for instance many computer or
group objects in the same container it would bog down chasing through those.

  joe

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, May 26, 2004 11:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all use
rs in AD?

The -l params is a nice touch but curious why you want to find objectClass
objects.  That's an inefficient query IIRC.  Plus, if you return each person
in the directory (you should start at a higher node to supply an answer to
his request which is to find ALL users in the domain;  if he had them in one
OU or container, he could use that script that as posted quite easily
wihtout much mod.)you're potentially bringing back way more than he wanted,
which again is inefficient right?  
It's a best practice to narrow the search as much as possible prior to
execution to prevent overloading the dc with query traffic.  ObjectClass is
not usually recommended nor is both user and person (they're redundant
mostly)in the same query.   Correct me if I'm wrong though.  I hate to be
wrong thinking I'm right ;)

Narrow it down to just users in the domain that have mail attributes and
return the mail and proxyaddresses attributes (forgot about the list of
attributes to post before in my haste to rush off to other things).

Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A
Sent: Wednesday, May 26, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

csvde -f outfile.txt -d "cn=users,dc=yourdomain,dc=com" -r
"(&(objectclass=user)(objectcategory=person))" -l mail,proxyaddresses

Replace the "cn=users,dc=yourdomain,dc=com" with the place you want to start
the search, or leave out the -r altogether if you want to do the whole
domain naming context of the current domain.  You indicated they have only
one address, so you could leave off the proxyaddresses part as well.

HTH
Dave

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Grantham, Caron
Sent: Wednesday, May 26, 2004 9:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

They only have one address, I'm trying to figure out the correct syntax for
a CSVDE export, do you know?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Wednesday, May 26, 2004 9:45 A

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

2004-05-26 Thread joe

Hi Al. :o)



&(objectcategory=person)(objectclass=user) is a good filter though it
wouldn't catch inetorgpersons. Slightly better may be
&(objectcategory=person)(samaccountname=*) if you have contact objects or
you have inetorgpersons you want to catch as well as user objects. If you
have no contacts and no inetorgpersons, either of those filters should
perform the same. 

Just doing objectcategory=person will get you objectclasses:

dn:CN=Organizational-Person,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=Contact,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=joe,DC=com
dn:CN=User,CN=Schema,CN=Configuration,DC=joe,DC=com


So let's put it this way, say you have 100k users and 200k contacts in your
directory. If you just do 

Objectcategory=person

You will get back 300k objects.

If you do

(&(objectcategory=person)(objectclass=user))

You will get back 100k objects though it would have to chase through 300k
objects (assuming objectclass has not been indexed in that forest).


If you do 

(&(objectcategory=person)(objectclass=samaccountname=*))

You will get back 100k objects and will only chase through 100k objects.


If you add inetorgperson into the mix, you will catch them on the first
filter and the third, but not the second. So if your mix was 100k users,
200k contacts, 50k inetorgpersons you would see


First filter
350k objects returned

Second filter
100k objects returned, 350k objects checked


Third filter 

150k objects returned, 150k objects checked.



Now to just get the ones with an email address you add in email=* but note
that that may not necessarily be people with Exchange mailboxes... That you
would need to go after something like home MDB. Note that mail is indexed so
that is a nice attribute to use. Home MDB I don't believe is. 

On the script that was posted (I think by Tom), it would be just as
efficient as you say if there was only a single container BUT ALSO if it
only contained user objects. If there were for instance many computer or
group objects in the same container it would bog down chasing through those.





  joe



 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, May 26, 2004 11:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all use
rs in AD?

The -l params is a nice touch but curious why you want to find objectClass
objects.  That's an inefficient query IIRC.  Plus, if you return each person
in the directory (you should start at a higher node to supply an answer to
his request which is to find ALL users in the domain;  if he had them in one
OU or container, he could use that script that as posted quite easily
wihtout much mod.)you're potentially bringing back way more than he wanted,
which again is inefficient right?  
It's a best practice to narrow the search as much as possible prior to
execution to prevent overloading the dc with query traffic.  ObjectClass is
not usually recommended nor is both user and person (they're redundant
mostly)in the same query.   Correct me if I'm wrong though.  I hate to be
wrong thinking I'm right ;)

Narrow it down to just users in the domain that have mail attributes and
return the mail and proxyaddresses attributes (forgot about the list of
attributes to post before in my haste to rush off to other things).

Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A
Sent: Wednesday, May 26, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

csvde -f outfile.txt -d "cn=users,dc=yourdomain,dc=com" -r
"(&(objectclass=user)(objectcategory=person))" -l mail,proxyaddresses

Replace the "cn=users,dc=yourdomain,dc=com" with the place you want to start
the search, or leave out the -r altogether if you want to do the whole
domain naming context of the current domain.  You indicated they have only
one address, so you could leave off the proxyaddresses part as well.

HTH
Dave

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Grantham, Caron
Sent: Wednesday, May 26, 2004 9:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?


They only have one address, I'm trying to figure out the correct syntax for
a CSVDE export, do you know?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Wednesday, May 26, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

If your users have more than one email address, you will also need to get
the proxyAddresses attribute.

-Original Message-
From:

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

2004-05-26 Thread Mulnick, Al

Thanks for the clarification.  That helps tremendously!

Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A
Sent: Wednesday, May 26, 2004 12:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all use
rs in AD?

Objectcategory is indexed (objectclass is not), so objectcategory=person is
more efficient.  Contacts have an objectcategory of person as well, though,
so if you use only objectcategory=person you get both users and contacts.
By using both in an AND, you get only users.

The part about where to root the search obviously depends on where people
put stuff in their directory, which is why I advised them to change it to
whatever suits them...the "cn=users" part was just an example.

There's a discussion of the objectcategory and objectclass thing at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/decid
ing_what_to_find.asp in case you're interested.  I always used just
objectclass=user until someone pointed this out...

Dave

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al
Sent: Wednesday, May 26, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all use
rs in AD?

The -l params is a nice touch but curious why you want to find objectClass
objects.  That's an inefficient query IIRC.  Plus, if you return each person
in the directory (you should start at a higher node to supply an answer to
his request which is to find ALL users in the domain;  if he had them in one
OU or container, he could use that script that as posted quite easily
wihtout much mod.)you're potentially bringing back way more than he wanted,
which again is inefficient right?  
It's a best practice to narrow the search as much as possible prior to
execution to prevent overloading the dc with query traffic.  ObjectClass is
not usually recommended nor is both user and person (they're redundant
mostly)in the same query.   Correct me if I'm wrong though.  I hate to be
wrong thinking I'm right ;)

Narrow it down to just users in the domain that have mail attributes and
return the mail and proxyaddresses attributes (forgot about the list of
attributes to post before in my haste to rush off to other things).

Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A
Sent: Wednesday, May 26, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

csvde -f outfile.txt -d "cn=users,dc=yourdomain,dc=com" -r
"(&(objectclass=user)(objectcategory=person))" -l mail,proxyaddresses

Replace the "cn=users,dc=yourdomain,dc=com" with the place you want to start
the search, or leave out the -r altogether if you want to do the whole
domain naming context of the current domain.  You indicated they have only
one address, so you could leave off the proxyaddresses part as well.

HTH
Dave

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Grantham, Caron
Sent: Wednesday, May 26, 2004 9:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

They only have one address, I'm trying to figure out the correct syntax for
a CSVDE export, do you know?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Wednesday, May 26, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

If your users have more than one email address, you will also need to get
the proxyAddresses attribute.

-Original Message-
From: Grantham, Caron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 7:35 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Can LDP be used to create email report of all users in
AD?

I'm looking for a way to get an email address report for all user objects in
Active Directory. Any idea on how to do this? I see the mail attribute in
LDP but how can I get just this one field filtered out into a report 

Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.or

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

2004-05-26 Thread Fugleberg, David A

Objectcategory is indexed (objectclass is not), so objectcategory=person is more 
efficient.  Contacts have an objectcategory of person as well, though, so if you use 
only objectcategory=person you get both users and contacts.  By using both in an AND, 
you get only users.

The part about where to root the search obviously depends on where people put stuff in 
their directory, which is why I advised them to change it to whatever suits them...the 
"cn=users" part was just an example.

There's a discussion of the objectcategory and objectclass thing at 
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/deciding_what_to_find.asp
 in case you're interested.  I always used just objectclass=user until someone pointed 
this out...

Dave

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al
Sent: Wednesday, May 26, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all
use rs in AD?


The -l params is a nice touch but curious why you want to find objectClass
objects.  That's an inefficient query IIRC.  Plus, if you return each person
in the directory (you should start at a higher node to supply an answer to
his request which is to find ALL users in the domain;  if he had them in one
OU or container, he could use that script that as posted quite easily
wihtout much mod.)you're potentially bringing back way more than he wanted,
which again is inefficient right?  
It's a best practice to narrow the search as much as possible prior to
execution to prevent overloading the dc with query traffic.  ObjectClass is
not usually recommended nor is both user and person (they're redundant
mostly)in the same query.   Correct me if I'm wrong though.  I hate to be
wrong thinking I'm right ;)

Narrow it down to just users in the domain that have mail attributes and
return the mail and proxyaddresses attributes (forgot about the list of
attributes to post before in my haste to rush off to other things).

Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A
Sent: Wednesday, May 26, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

csvde -f outfile.txt -d "cn=users,dc=yourdomain,dc=com" -r
"(&(objectclass=user)(objectcategory=person))" -l mail,proxyaddresses

Replace the "cn=users,dc=yourdomain,dc=com" with the place you want to start
the search, or leave out the -r altogether if you want to do the whole
domain naming context of the current domain.  You indicated they have only
one address, so you could leave off the proxyaddresses part as well.

HTH
Dave

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Grantham, Caron
Sent: Wednesday, May 26, 2004 9:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?


They only have one address, I'm trying to figure out the correct syntax for
a CSVDE export, do you know?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Wednesday, May 26, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

If your users have more than one email address, you will also need to get
the proxyAddresses attribute.

-Original Message-
From: Grantham, Caron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 7:35 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Can LDP be used to create email report of all users in
AD?


I'm looking for a way to get an email address report for all user
objects in Active Directory. Any idea on how to do this? I see the mail
attribute in LDP but how can I get just this one field filtered out into
a report 

Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

2004-05-26 Thread Mulnick, Al

The -l params is a nice touch but curious why you want to find objectClass
objects.  That's an inefficient query IIRC.  Plus, if you return each person
in the directory (you should start at a higher node to supply an answer to
his request which is to find ALL users in the domain;  if he had them in one
OU or container, he could use that script that as posted quite easily
wihtout much mod.)you're potentially bringing back way more than he wanted,
which again is inefficient right?  
It's a best practice to narrow the search as much as possible prior to
execution to prevent overloading the dc with query traffic.  ObjectClass is
not usually recommended nor is both user and person (they're redundant
mostly)in the same query.   Correct me if I'm wrong though.  I hate to be
wrong thinking I'm right ;)

Narrow it down to just users in the domain that have mail attributes and
return the mail and proxyaddresses attributes (forgot about the list of
attributes to post before in my haste to rush off to other things).

Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A
Sent: Wednesday, May 26, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

csvde -f outfile.txt -d "cn=users,dc=yourdomain,dc=com" -r
"(&(objectclass=user)(objectcategory=person))" -l mail,proxyaddresses

Replace the "cn=users,dc=yourdomain,dc=com" with the place you want to start
the search, or leave out the -r altogether if you want to do the whole
domain naming context of the current domain.  You indicated they have only
one address, so you could leave off the proxyaddresses part as well.

HTH
Dave

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Grantham, Caron
Sent: Wednesday, May 26, 2004 9:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?


They only have one address, I'm trying to figure out the correct syntax for
a CSVDE export, do you know?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Wednesday, May 26, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

If your users have more than one email address, you will also need to get
the proxyAddresses attribute.

-Original Message-
From: Grantham, Caron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 7:35 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Can LDP be used to create email report of all users in
AD?


I'm looking for a way to get an email address report for all user
objects in Active Directory. Any idea on how to do this? I see the mail
attribute in LDP but how can I get just this one field filtered out into
a report 

Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

2004-05-26 Thread Fugleberg, David A

Or better yet, combine what Al said and what I said, like this:

Csvde -m -f OUTPUT.CSV -d "dc=domainname,dc=com" -r
"(&(objectclass=User)(objectcategory=person)(mail=*))" -l mail,proxyaddresses

That way you get only the attributes you want, and then only for people who actually 
have mail addresses.  The original note I sent would return a line for every user 
whether they have mail or not, and Al's original would return all attributes for 
anyone with mail.  The combination above should give you what I 'think' you want.

Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al
Sent: Wednesday, May 26, 2004 10:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all
use rs in AD?


Something like 
Example: Export of specific domain with credentials
csvde -m -f OUTPUT.CSV
  -b USERNAME DOMAINNAME *
  -s SERVERNAME
  -d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
  -r "(objectClass=user)"


Csvde -m -f OUTPUT.CSV -d "dc=domainname,dc=com" -r
"(&(objectCategory=User)(mail=*))" should give you the right users.  You
could sub proxyAddresses for mail. 

The command would look like

C:\>csvde -m -f c:\output.csv -s servername(if wanted) -d "dc=domain,dc=com"
-r "(&(objectcategory=user)(proxyaddresses=*))"

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grantham, Caron
Sent: Wednesday, May 26, 2004 10:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

They only have one address, I'm trying to figure out the correct syntax for
a CSVDE export, do you know?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Wednesday, May 26, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

If your users have more than one email address, you will also need to get
the proxyAddresses attribute.

-Original Message-
From: Grantham, Caron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 7:35 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Can LDP be used to create email report of all users in
AD?


I'm looking for a way to get an email address report for all user
objects in Active Directory. Any idea on how to do this? I see the mail
attribute in LDP but how can I get just this one field filtered out into
a report 

Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

2004-05-26 Thread Mulnick, Al

Something like 
Example: Export of specific domain with credentials
csvde -m -f OUTPUT.CSV
  -b USERNAME DOMAINNAME *
  -s SERVERNAME
  -d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
  -r "(objectClass=user)"


Csvde -m -f OUTPUT.CSV -d "dc=domainname,dc=com" -r
"(&(objectCategory=User)(mail=*))" should give you the right users.  You
could sub proxyAddresses for mail. 

The command would look like

C:\>csvde -m -f c:\output.csv -s servername(if wanted) -d "dc=domain,dc=com"
-r "(&(objectcategory=user)(proxyaddresses=*))"

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grantham, Caron
Sent: Wednesday, May 26, 2004 10:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

They only have one address, I'm trying to figure out the correct syntax for
a CSVDE export, do you know?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Wednesday, May 26, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

If your users have more than one email address, you will also need to get
the proxyAddresses attribute.

-Original Message-
From: Grantham, Caron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 7:35 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Can LDP be used to create email report of all users in
AD?


I'm looking for a way to get an email address report for all user
objects in Active Directory. Any idea on how to do this? I see the mail
attribute in LDP but how can I get just this one field filtered out into
a report 

Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

2004-05-26 Thread Mulnick, Al

If you need to cross OU's, you may want to iterate through OU's and for each
OU follow that path.  Might be helpful to spit out some information linking
the addresses to the user's samaccountname or UPN as well, just for linking
the user to the address.

Al

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, May 26, 2004 10:41 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Can LDP be used to create email report of all users
in AD?

i use this-


'Global variables
Dim Container
Dim OutPutFile
Dim FileSystem

'Initialize global variables
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("virtual.txt", True) Set
Container=GetObject("LDAP://ou=ExchUsers,DC=childdomain,DC=parentdomain,DC=r
oot")

'Enumerate Container
EnumerateUsers Container

'Clean up
OutPutFile.Close
Set FileSystem = Nothing
Set Container = Nothing

'Say Finished when your done
WScript.Echo "Finished"
WScript.Quit(0)

'List all Users
Sub EnumerateUsers(Cont)
Dim User

'Go through all Users and select them
For Each User In Cont
Select Case LCase(User.Class)

'If you find Users
Case "user"
  'Select all proxyAddresses
  Dim Alias
  If Not IsEmpty(User.proxyAddresses) Then
For Each Alias in User.proxyAddresses
OutPutFile.WriteLine "alias: " & Alias
'WScript.Echo Alias
  Next
  End If

Case "organizationalunit" , "container"
  EnumerateUsers User

End Select
Next
End Sub


-Original Message-
From: Grantham, Caron [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 10:35 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Can LDP be used to create email report of all users in
AD?



I'm looking for a way to get an email address report for all user objects in
Active Directory. Any idea on how to do this? I see the mail attribute in
LDP but how can I get just this one field filtered out into a report 

Thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

RE: [ActiveDir] Can LDP be used to create email report of all use rs in AD?

9 matches

Site Navigation

Mail list logo

Footer information