Wow!!
Thanks very much for your help Brent. After your response, some coments
that come to mind... maybe you or other LDIFDE experts out there could give me
some experiences..
How could I have LDFDE OUTPUT the (for example,
sAMAccountName,givenName) and then use it as INPUT into the search you
comented below in another LDIFDE command. In the form of a LOOP.
such that the process would be as follows:
a) Output the sAMAccountName, Surname, givenName to console
or text file.. -->
b) and next have LDIFDE input that information and search
the GC(3268) for a duplicate in a loop until all users in the forest have been
processed.
This
would run in a "for loop" until all users in the forest have been completed....(
the results would then go to a text file).
I know
how to export attribute information from Active Directory using LDIFDE (part
a)... what I don't know is how to make it read it in a LOOP until EOF and have
it as INPUT into another LDIFDE search.
Or
something like that...
Any
ideas from anyone out there would be greatly appreciated.
Juan Carlos
-----Mensaje original-----You will need to know what values you are trying to find. For example, people with duplicate surnames and givenNames or duplicate sAMAccountNames in a forest can be determined by using ldifde. The syntax can be a little tricky to the uninitiated but it is similar to ldapsearch in the unix world. For example, if you know the name of the user Foo Bar with givenName Foo and surname Bar and you wanted to search the forest for all users with that surname and givenName combination and have the output directed to your console window, then you would issue the command:
De: Brent Westmoreland [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 03 de junio de 2004 17:31
Para: [EMAIL PROTECTED]
Asunto: Re: [ActiveDir] In search for dupl�cate accounts
Ldifde -f con -r "(&(objectCategory=person)(surname=Bar)(givenName=Foo))" -t 3268 -d "dc=forest,dc=corp" -l "surname, givenName"
Lets step through the syntax
Ldifde = c:\windows\system32\ldifde.exe if this executable isn't on your workstation, you should be able to get it off of your win2k DC.
-f con = the -f switch specifies the output file of the command and con is console. So in essence you will be issuing the ldifde command and directing the output back to your cmd window. You could also specify a filename if you wanted to dump it into a text file.
-r = The -r switch indicates the search filter, here you specify the key=value pairs to search for in the directory. You can & the values; meaning that you can search for (key=value) and (differentkey=differentvalue). You can | the values meaning you can search for (key=value) or (differentkey=differentValue). You can also ! The values meaning that you search for (key=value) but not (differentKey=differentValue). Search filtering is an art as much as a science and several on this list can provide a great deal of input on using efficient filters if you are looking to retrieve specific entries.
-t = 3268 specifies the port number to contact, because you want to specify all users in the forest it is best to contact your global catalog.
-d = The searchbase, again if you want to search for all users in the forest you will need to specify the root DC entry of the forest.
-l = the -l switch limits the output returned, without limiting the output of each entry you might return a lot of information that would be useless. For example if you are looking for duplicate surname and givenName combinations, then you probably wouldn't want to return the exchangeMTA.
You can get more help by typing ldifde /?
I use it quite often to track down duplicates with great success... Hope it works for you.
Brent
From: "Sanz de Le�n, Juan Carlos" <[EMAIL PROTECTED]>
Reply-To: <[EMAIL PROTECTED]>
Date: Thu, 3 Jun 2004 16:50:17 +0200
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: [ActiveDir] In search for dupl�cate accounts
Greetings gurus,
Does anyone know of a tool or script that will search the FOREST for duplicate W2k ACCOUNTS ? We have a forest with about 45 W2K domains... And duplicates are becoming a problem.
Has anyone ever try to search for duplicates at the forest Level rather than domain level?
Any tricks to what I want to accomplish.
Thanks in advance,
JCS
Sent using the Microsoft Entourage 2004 for Mac Test Drive.
