If I had to guess I would say because in NT4 computer accounts were actually user accounts as well. They were simply postfixed with a $ to hide them from the user manager tool. However you could manipulate them in the same way that you could user accounts programmatically.
When it comes down to it, computer accounts and user accounts are both resource accounts (ditto trust accounts). They are a way for some resource to authenticate, might as well be handled the same as there is less code to write and less troubleshooting. I would love to see server and computer account broken out separately myself for identification and ACLing. Anyway, when you do an objectclass search, it goes against all objectclasses of an object which is multivalued as Tony indicated. You really shouldn't use objectclass by itself in a search unless you are looking for everything which is objectclass=*. It should only be used to refine your search such as &(objectcategory=person)(objectclass=user). Unfortunately to filter out the computers you have to add one of two things (!objectclass=computer) Or (!samaccountname=*$) If you have a single domain implementation then the first is probably the better way to go. If you have trusts and such, then you have to use the second or start mucking with samaccounttypes. This is because all trusts have a user account as well... joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Friday, November 21, 2003 8:04 AM To: [EMAIL PROTECTED] That begs the inevitable question of "Why?" I'm guessing it is to support the concept of a computer account, but I'd still love to know the official reason. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Tony Murray [mailto:[EMAIL PROTECTED] > Sent: Friday, November 21, 2003 3:14 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Export of users includes computer accounts. > > > The reason for the unexpected result from your first search filter is > because the object class "computer" is a sub class of the "user" > object class. So when you search using the objectClass=user filter > the search will include any sub-classes of "user". If you look at the > attributes of a computer object using, for example, LDP, you will see > something like this. > > objectClass: top; person; organizationalPerson; user; computer; > > The "computer" object class has some attributes of its own, but also > inherits all the attributes from the "user" object class. This means > that you could (if you wanted to) assign, for example, emloyeeID and > telephoneNumber attribute values for a computer object. > > Tony > > ---------- Original Message ---------------------------------- > From: "Mike Newell" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Thu, 20 Nov 2003 15:34:45 -0800 > > That did it! > > Thanks Hunter, > Mike > > > -----Original Message----- > From: Coleman, Hunter [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 20, 2003 3:29 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Export of users includes computer accounts. > > Change your filter to something like > "(&(objectClass=user)(objectCategory=person))" and give it a go. > > Hunter > > -----Original Message----- > From: Mike Newell [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 20, 2003 4:16 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Export of users includes computer accounts. > > Hey all, > I'm looking to export users to import into another forest as contacts. > I run the command below to export users from my Windows 2000 AD. > > CSVDE -f contacts.csv -r "(&(objectClass=user))" -l > "objectClass,displayName,DN,mailNickname,proxyAddress,targetAd > dress,mail > " > > It exports all of the user info but it also includes the Computer > accounts in the export. Anyone know why this export command would > include Computer accounts? More curious as to what I'm doing wrong > more than anything. > > Thanks, > Mike. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
