RE: [ActiveDir] ldifde and/or csdve

[Joe]

Title: Message

adfind does a simple ldap search and asks for any objects that have smtp:* as one of the values for proxyaddresses attribute and then returns ALL values in that attribute. This means you will get x400 addresses and whatever else you have in there back in the adfind return set. However the perl script then tears out those specific values with email addresses via the regex (/.+: *([EMAIL PROTECTED])/). Note if there is some proxyaddress that could have an <some value>@<some value> in it then we would need to modify the regex a little to be more specific to SMTP. I am not familiar with anything else that would go into that attribute though like that that wouldn't be an smtp mail address.   Also I just realized that if you have something other than exchange you may want to use the following AD search filter   "|(mail=*)(proxyaddresses=SMTP:*)"   instead of   "&(mail=*)(proxyaddresses=SMTP:*)"     That makes it an OR instead of an AND. Exchange populates both locations but I could see where possibly some other mail system that wants to use AD wouldn't. So basically the original filter is sending a request to the domain controller saying give me all objects that have the mail attribute set AND smtp:* as any of the values of proxyaddresses. adfind doesn't see anything that doesn't match that. The second filter says give me all objects that have the mail attribute set OR smtp:* as any of the values of proxyaddresses. On my domains with Exchange installed I get the same response either way. But again, another mailsystem may be different.     joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of marcus Sent: Saturday, January 10, 2004 10:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ldifde and/or csdve I’m going to find out real soon if it meets requirements or not.  J  Thanks for taking the time, Joe.  Basically we’re trying to create blacklists and whitelists for email filters based on email address to make sure user of x company does not have email parsed through various stages.   One question… does adfind actually pull each value from the proxyAddresses field and match up to the parameter you’ve specified (e.g. the SMTP:*)… ?  Thanks again!   -m   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Saturday, January 10, 2004 7:31 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ldifde and/or csdve   I will probably get dunned for the use of perl (except by Robbie and Richard) but....   If this is a one off thing, i.e. not a regular process and you just want to grab some data here is a quick and dirty solution. This is a joeware whip it up on the spot special for you.... no charge. :op     __START SCRIPT__ `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail proxyaddresses >tempfile.txt`; open fh,"<tempfile.txt"; %uniqueemail=(); %ciuniqueemail=(); foreach $thisline (<fh>)  {   if ($thisline=~/.+: *([EMAIL PROTECTED])/)    {     $uniqueemail{$1}=1;     $ciuniqueemail{lc($1)}=1;    }  }   print "\n\nUnique Email Addresses\n" map {print "$_\n"} sort keys %uniqueemail;   print "\n\nCase Insensitive Unique Email Addresses\n" map {print "$_\n"} sort keys %ciuniqueemail; __END SCRIPT__     It uses adfind (www.joeware.net on the free win32 tools page) to query a global catalog to get all of the objects with either mail attribute populated OR SMTP starting one of the values in proxyaddresses and also retrieves those attributes. It sends this to a file both because I don't know how big your forest is and your memory in your pc is. If you have something smaller for a forest or a big box you can pull straight into memory with   @output=`adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail proxyaddresses`;     Also the base is nothing which means search the entire directory, if you wanted a single domain you could set -b parameter to some value like dc=child1,dc=domain,dc=com.     It also will give you two hashes of unique IDs. One is case sensitive, one is case insensitive. Shouldn't matter and I personally would do everything case insensitive but not sure exactly what you are looking for so did it both ways. If you want case insensitive, kill any line with uniqueemail in it and leave the lines with ciuniqueemail in it.   ex:   __START SCRIPT__ `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail proxyaddresses >tempfile.txt`; open fh,"<tempfile.txt"; %ciuniqueemail=(); foreach $thisline (<fh>) { if ($thisline=~/.+: *([EMAIL PROTECTED])/) {$ciuniqueemail{lc($1)}=1}}; print "\n\nCase Insensitive Unique Email Addresses\n" map {print "$_\n"} sort keys %ciuniqueemail; __END SCRIPT__     Oh one quick thing, I hate it when I don't easily see what a regular _expression_ is doing so the regex above ($thisline=~/.+: *([EMAIL PROTECTED])/) breaks down like this   $thisline=~/.+: *(.+)/   $thisline=~           Take the $thisline variable and run a match against it.... /.+: *([EMAIL PROTECTED])/        This is the match. Match any line that has a : and an @ sign in it. On a match take the info following the : or a : with a trailing space and save it.    This will match any of the following lines:   >mail: [EMAIL PROTECTED] >proxyaddresses: SMTP:[EMAIL PROTECTED] >proxyaddresses: smtp:[EMAIL PROTECTED]   and save the email address piece in the variable $1.       If you need to match up the dn to the email addresses this gets more involved but is still pretty easy. The following script will create a semi colon delimited list with the DN as the first field and all other fields email addresses for the specified dn.      __START SCRIPT__ `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail proxyaddresses >tempfile.txt`; open fh,"<tempfile.txt"; %ciuniqueemail=(); foreach $thisline (<fh>)  {   if ($thisline=~/dn:(.+)/) {$cdn=lc($1)};   if ($thisline=~/.+: *([EMAIL PROTECTED])/) {$ciuniqueemail{$cdn}{lc($1)}=1;  }   print "\n\nCase Insensitive Unique Email Addresses\n" foreach $dn (sort keys $ciuniqueemail)  {   print "$dn;";   map {print "$_;"} sort keys %{$ciuniqueemail{$dn}};   print "\n";  } __END SCRIPT__     want to match to display names or whatever else instead? Simply add the field to the search and change the line picking out the current "key". I really like dn as that is guaranteed unique in a forest, anything else and you need to scope your search better to avoid non-unique hits which would skew the output incorrectly.       Does that meet the requirements?         joe         From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 09, 2004 2:20 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ldifde and/or csdve Im hoping someone on here might be able to help me.  I have a request to create a file that contains all my users smtp addresses.  Im running in an AD windows 2000 environment.  I need to ensure that the list contains all addresses for each person.  I.e. in some cases the same person might have three different smtp addresses for whatever reason.  Ive done some csdve commands such as:   Csvde -f GAlSync.csv -d "OU=Contacts,OU=whatever,DC=CORP,DC=companyname,DC=com   Which generates me a csv with the data in it but the cleanup to get to just the smtp addy's will be almost unbearable.  Does anyone happen to know a better way to get just those smtp addy's out of there?   Thanks,   Travis