Re: Get attributes of user list from AD

<> wrote in message
news:ff2376bd-5110-472c-a8b6-...
>I have managed to generate a text file of the SAMIDs of users whose
> attributes I need to get, one line per user.
> I need to query Active Directory for the corresponding attributes
> (telephone, email, department...) and generate a report for further
> processing.
> What's the best way of getting this data generated in a batch file?
> I am trying to use DSQUERY USER and DSGET USER commands, but I am not
> clear how to limit DSQUERY to the supplied list of users.

Sorry, I don't know how to make any of the command line utilities read a
text file of sAMAccountName's, even adfind. It's easier for me to code a
VBScript program for this than to figure out the syntax to make a command
line tool do it. For example:
===========
Option Explicit

Dim objFSO, strFile, objFile
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strUserDN, objUser

Const ForReading = 1
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Specify input file of user NT names.
strFile = "c:\scripts\usernames.txt"

' Determine DNS name of domain from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

' Open text file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)

' Read file one line at a time.
Do Until objFile.AtEndOfStream
strName = Trim(objFile.ReadLine)
' Skip blank lines.
If (strName <> "") Then
' Use Set method to specify NT format of user name.
' Trap error if user not found.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strName
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "User " & strName & " not found."
Else
On Error GoTo 0
' Use the Get method to retrieve DN of user object.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Bind to the user object.
Set objUser = GetObject("LDAP://" & strUserDN)
' Retrieve attribute values and output in comma delimited line.
Wscript.Echo """" & objUser.sAMAccountName & """,""" _
& objUser.mail & """,""" _
& objUser.department & """"
End If
End If
Loop

' Clean up.
objFile.Close
=========
You only need to modify the line that specifies the text file of user NT
names. As with most administrative scripts, this one is designed to be run
at a command prompt using cscript. The output can be redirected to a text
file. In this case it creates a comma delimited file that can be read into a
spreadsheet. For example, if the VBScript program is saved in the file
GetUsers.vbs, the command to create the text file report.csv would be:

cscript //nologo GetUsers.vbs > report.txt

You must be in the folder where the file GetUsers.vbs is saved, otherwise
you must specify the full path to the command. The file report.txt is
created in the current folder. I hope this helps.

The program above uses the NameTranslate object to convert the NT names
(sAMAccountName values) into the Distinguished Names required by the LDAP
provider. Once you bind to the user object you can retrieve any attribute
values desired. In case any of the values has embedded commas, I enclose
them in quotes. Any quote characters in a quoted string must be doubled. The
string """" will echo a single double quote character, for example. The
string """,""" becomes ",".

I retrieved the "mail" attribute, which is single valued, for email address
(as displayed on "General" tab of ADUC). If you have Exchange you need to
retrieve the proxyAddresses attribute, but that attribute is multi-valued.
You could enumerate all of the values in the collection and output them as
one string (perhaps delimited by semicolons), or you could attempt to
determine the default value and only output that. Either option would
require a bit more code. Reply if you need this.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Would this be a text file with the value of the displayName attribute
(corresponding to the "Display Name" field on the "General" tab of ADUC), or
the value of the cn (Common Name) attribute (referred to as the "Name" field
in ADUC)? In either case you would need to use ADO in a VBScript program to
query AD for the user objects. The displayName is not required, so it could
be blank. In both cases there can be more than one user that has the value
(cn need only be unique in the container or OU). For more on using ADO see
this link:

http://www.rlmueller.net/ADOSearchTips.htm

For example, if you have a text file of Common Names:
==============
Option Explicit

Dim objFSO, strFile, objFile
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName
Dim strMail, arrDesc, strItem, strDesc

Const ForReading = 1

' Specify input file of user NT names.
strFile = "c:\scripts\usernames.txt"

' Open text file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName,mail,department"

' Read file one line at a time.
Do Until objFile.AtEndOfStream
strName = Trim(objFile.ReadLine)
' Skip blank lines.
If (strName <> "") Then
' Filter on user objects with given Common Name.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(cn=" & strName & "))"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes &
";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strName = adoRecordset.Fields("sAMAccountName").Value
strMail = adoRecordset.Fields("mail").Value
arrDesc = adoRecordset.Fields("description").Value
If IsNull(arrDesc) Then
strDesc = ""
Else
For Each strItem in arrDesc
strDesc = strItem
Next
End If
Wscript.Echo """" & strName & """,""" _
& strMail & """,""" _
& strDesc & """"
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
End If
Loop

' Clean up.
objFile.Close
adoRecordset.Close
adoConnection.Close
===========
Note that the description attribute is actually multi-valued (even though
there is never more than one value), so ADO returns the value as an array.
You can easily add other attributes if they are single valued strings. The
above was thrown together quickly, but should work.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

<> wrote in message
news:72af6805-5671-4790-9484-...
My immediate need was met with the coomand line tools:

For /F %i in (users.txt) do dsquery user -name %i | dsget user -dn -
desc -tel -email | find "CN" >> c:\results.txt

However I agree this has limitations, so I might need to bone up on
the scripting.

My very next problem cannot be solved with the command line tools - to
retrieve the user details for a given list of Display Names! (as in
Outlook).

DSquery is unable to handle this

Sriram

On Jan 22, 11:25 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@ameritech.nospam.net> wrote:
> <srira...@hotmail.com> wrote in message
>
> news:ff2376bd-5110-472c-a8b6-...
>
> >I have managed to generate a text file of the SAMIDs of users whose
> > attributes I need to get, one line per user.
> > I need to query Active Directory for the corresponding attributes
> > (telephone, email, department...) and generate a report for further
> > processing.
> > What's the best way of getting this data generated in a batch file?
> > I am trying to use DSQUERY USER and DSGET USER commands, but I am not
> > clear how to limit DSQUERY to the supplied list of users.
>
> Sorry, I don't know how to make any of the command line utilities read a
> text file of sAMAccountName's, even adfind. It's easier for me to code a
> VBScript program for this than to figure out the syntax to make a command
> line tool do it. For example:
> ===========
> Option Explicit
>
> Dim objFSO, strFile, objFile
> Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
> Dim strUserDN, objUser
>
> Const ForReading = 1
> ' Constants for the NameTranslate object.
> Const ADS_NAME_INITTYPE_GC = 3
> Const ADS_NAME_TYPE_NT4 = 3
> Const ADS_NAME_TYPE_1779 = 1
>
> ' Specify input file of user NT names.
> strFile = "c:\scripts\usernames.txt"
>
> ' Determine DNS name of domain from RootDSE.
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("defaultNamingContext")
>
> ' Use the NameTranslate object to find the NetBIOS domain name from the
> ' DNS domain name.
> Set objTrans = CreateObject("NameTranslate")
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
> objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
> strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
> ' Remove trailing backslash.
> strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
>
> ' Open text file for read access.
> Set objFSO = CreateObject("Scripting.FileSystemObject")
> Set objFile = objFSO.OpenTextFile(strFile, ForReading)
>
> ' Read file one line at a time.
> Do Until objFile.AtEndOfStream
> strName = Trim(objFile.ReadLine)
> ' Skip blank lines.
> If (strName <> "") Then
> ' Use Set method to specify NT format of user name.
> ' Trap error if user not found.
> On Error Resume Next
> objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strName
> If (Err.Number <> 0) Then
> On Error GoTo 0
> Wscript.Echo "User " & strName & " not found."
> Else
> On Error GoTo 0
> ' Use the Get method to retrieve DN of user object.
> strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
> ' Bind to the user object.
> Set objUser = GetObject("LDAP://" & strUserDN)
> ' Retrieve attribute values and output in comma delimited line.
> Wscript.Echo """" & objUser.sAMAccountName & """,""" _
> & objUser.mail & """,""" _
> & objUser.department & """"
> End If
> End If
> Loop
>
> ' Clean up.
> objFile.Close
> =========
> You only need to modify the line that specifies the text file of user NT
> names. As with most administrative scripts, this one is designed to be run
> at a command prompt using cscript. The output can be redirected to a text
> file. In this case it creates a comma delimited file that can be read into
> a
> spreadsheet. For example, if the VBScript program is saved in the file
> GetUsers.vbs, the command to create the text file report.csv would be:
>
> cscript //nologo GetUsers.vbs > report.txt
>
> You must be in the folder where the file GetUsers.vbs is saved, otherwise
> you must specify the full path to the command. The file report.txt is
> created in the current folder. I hope this helps.
>
> The program above uses the NameTranslate object to convert the NT names
> (sAMAccountName values) into the Distinguished Names required by the LDAP
> provider. Once you bind to the user object you can retrieve any attribute
> values desired. In case any of the values has embedded commas, I enclose
> them in quotes. Any quote characters in a quoted string must be doubled.
> The
> string """" will echo a single double quote character, for example. The
> string """,""" becomes ",".
>
> I retrieved the "mail" attribute, which is single valued, for email
> address
> (as displayed on "General" tab of ADUC). If you have Exchange you need to
> retrieve the proxyAddresses attribute, but that attribute is multi-valued.
> You could enumerate all of the values in the collection and output them as
> one string (perhaps delimited by semicolons), or you could attempt to
> determine the default value and only output that. Either option would
> require a bit more code. Reply if you need this.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab -http://www.rlmueller.net
> --