I figured the basic rationale was as you described - its an authenticatable[1] object, and it makes sense to derive them from the same base class. Seems strange to me that they didn't make a base class that supports authentication and derive Users, Computers and Trust object types from that.
Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. [1] I love making up words > -----Original Message----- > From: Joe [mailto:[EMAIL PROTECTED] > Sent: Saturday, November 22, 2003 10:46 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Export of users includes computer accounts. > > > If I had to guess I would say because in NT4 computer > accounts were actually > user accounts as well. They were simply postfixed with a $ to > hide them from > the user manager tool. However you could manipulate them in > the same way > that you could user accounts programmatically. > > When it comes down to it, computer accounts and user accounts are both > resource accounts (ditto trust accounts). They are a way for > some resource > to authenticate, might as well be handled the same as there > is less code to > write and less troubleshooting. > > I would love to see server and computer account broken out > separately myself > for identification and ACLing. > > Anyway, when you do an objectclass search, it goes against > all objectclasses > of an object which is multivalued as Tony indicated. You > really shouldn't > use objectclass by itself in a search unless you are looking > for everything > which is objectclass=*. It should only be used to refine your > search such as > > > &(objectcategory=person)(objectclass=user). > > Unfortunately to filter out the computers you have to add one > of two things > > (!objectclass=computer) > > Or > > (!samaccountname=*$) > > > If you have a single domain implementation then the first is > probably the > better way to go. If you have trusts and such, then you have > to use the > second or start mucking with samaccounttypes. This is because > all trusts > have a user account as well... > > joe > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Friday, November 21, 2003 8:04 AM > To: [EMAIL PROTECTED] > > That begs the inevitable question of "Why?" > > I'm guessing it is to support the concept of a computer > account, but I'd > still love to know the official reason. > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Tony Murray [mailto:[EMAIL PROTECTED] > > Sent: Friday, November 21, 2003 3:14 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Export of users includes computer accounts. > > > > > > The reason for the unexpected result from your first search > filter is > > because the object class "computer" is a sub class of the "user" > > object class. So when you search using the > objectClass=user filter > > the search will include any sub-classes of "user". If you > look at the > > attributes of a computer object using, for example, LDP, > you will see > > something like this. > > > > objectClass: top; person; organizationalPerson; user; computer; > > > > The "computer" object class has some attributes of its own, > but also > > inherits all the attributes from the "user" object class. > This means > > that you could (if you wanted to) assign, for example, > emloyeeID and > > telephoneNumber attribute values for a computer object. > > > > Tony > > > > ---------- Original Message ---------------------------------- > > From: "Mike Newell" <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > Date: Thu, 20 Nov 2003 15:34:45 -0800 > > > > That did it! > > > > Thanks Hunter, > > Mike > > > > > > -----Original Message----- > > From: Coleman, Hunter [mailto:[EMAIL PROTECTED] > > Sent: Thursday, November 20, 2003 3:29 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] Export of users includes computer accounts. > > > > Change your filter to something like > > "(&(objectClass=user)(objectCategory=person))" and give it a go. > > > > Hunter > > > > -----Original Message----- > > From: Mike Newell [mailto:[EMAIL PROTECTED] > > Sent: Thursday, November 20, 2003 4:16 PM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Export of users includes computer accounts. > > > > Hey all, > > I'm looking to export users to import into another forest > as contacts. > > I run the command below to export users from my Windows 2000 AD. > > > > CSVDE -f contacts.csv -r "(&(objectClass=user))" -l > > "objectClass,displayName,DN,mailNickname,proxyAddress,targetAd > > dress,mail > > " > > > > It exports all of the user info but it also includes the Computer > > accounts in the export. Anyone know why this export command would > > include Computer accounts? More curious as to what I'm doing wrong > > more than anything. > > > > Thanks, > > Mike. > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
