RE: [ActiveDir] ADFIND CSV Output

[Creamer, Mark]

Title: RE: [ActiveDir] OT: Virtual Server 2005

Man, this has the potential of getting dangerously close to that hygiene discussion a while back   <mc> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, December 09, 2004 1:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADFIND CSV Output   LOL.   I must say up front though that I subscribe to the Bill Clinton style of being president. I will do a good job in office but my personal life is my business. If I want to staple antlers on the heads of squirrels and tie them to a little red sleigh and have them pull my Guinea Pig dressed in a Red Coat and hat around the yard in the snow I don't want any lip...  <eg>   If everyone can live with those terms, I accept being president.     joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Thursday, December 09, 2004 1:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADFIND CSV Output joe for president   <mc> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Thursday, December 09, 2004 11:59 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADFIND CSV Output   Regardless of which on the perl-to-vbscript -- this script rocks! I've already used it 3 times. VERY handy.   thanks.   m   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, December 09, 2004 11:27 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADFIND CSV Output That was Robbie's area... :o)   Oh another new option in ADFIND I forgot to mention is secure alternate authentication. It has had simple bind for alt creds for a long time. Now I am working on the secure bind. I am stuck on one piece with authenticating DNs securely that ~Eric is looking into for me. UPNs (this is undocumented from what I see) and domain\userid (documented) is no problem. I.E. How do you send a DN into SEC_WINNT_AUTH_IDENTITY for authenticating. Specifying creds is MUCH easier in the simple bind than with the authenticated bind. No wonder people are doing insecure crap, MS seems to encourage it.     joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, December 08, 2004 9:58 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADFIND CSV Output where is that perl to vbscript converter? :-P   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, December 08, 2004 9:41 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADFIND CSV Output I  previously promised a script to convert adfind output to CSV format. This is until I get ADFIND so that it natively outputs CSV which will occur in Version 2.0.0 at some point in the future. I have been looking over the code and adding things to it and should be releasing V1.25.0 in the next week. The updates are   1. Added alias for sddc (Security Descriptor DeCode) switch for Dean called sddl. 2. Changed sddc to not insert ntsecuritydescriptor to the list of attribs to retrieve if a specific attrib list is specified 3. Added ability to specify PORT on hostname string like host:port (e.g. localhost:3000). This is primarily for ADAM as I got sick of doing /p portnumber. :) 4. Host specified as . is changed to localhost.... Again for ADAM. (e.g. -h .:8000) 5. Fixed a small bug in elapsed time routine that would show -.001 if time elapsed was really small.  6. Fixed a leak in the elapsed time routine 7. Added -samdc which is SAM DeCode. This decodes some of the SAM attributes such as userAccountControl, sAMAccountType, groupType to english strings. 8. Added -kerbenc which implements LDAP_OPT_ENCRYPT. This encrypts the traffic if kerberos bind is done (default cred connection). 9. Added  -maxe which is Max Entries. You can specify the maximum number of entries to return so say you want a sampling of computers you can do something like adfind -gc -b -f objectcategory=computer -maxe 10  and it will return only the first 10 computers it finds. 10. I am in the process of adding the ability to read the filter from a text file in case you have a filter that is so large it won't fit on the command line.   Maybe more stuff if I think of something and can slap it in there.       Anyway, here is the script for taking an ADFIND dump text file and outputting it in CSV output. I will post this on the website probably when I post the new ADFIND.      joe   SCRIPT: adcsv.pl     #**************************************************************************************** #* ADCSV.PL                                                                             * #*======================================================================================* #* Author : [EMAIL PROTECTED]                                                             * #* Version: V01.00.00                                                                   * #* Modification History:                                                                * #*    V01.00.00   2004.12.08  joe    Original Version                                   * #*--------------------------------------------------------------------------------------* #* This reads an ADFIND dump and CSVs it.                                               * #*--------------------------------------------------------------------------------------* #* Notes:                                                                               * #**************************************************************************************** #****************************************************************************************   #**************************************************************************************** #* Definitions:                                                                         * #*--------------------------------------------------------------------------------------* #*    $TRUE         : Define True for testing.                                          * #*    $FALSE        : Define False for testing.                                         * #*    $YES          : Define Yes for testing.                                           * #*    $NO           : Define No for testing.                                            * #*    $SCRIPTPATH   : Path to script.                                                   * #**************************************************************************************** $TRUE=1; $FALSE=0; $YES=1; $NO=0; ($SCRIPTPATH)=($0=~/(^.*)\\.*$/);   $csvdelim=";"; $mvdelim=";";       # # Display header # print "\nADCSV V01.00.00pl  Joe Richards ([EMAIL PROTECTED])  December 2004\n\n";   $update=0; $help=0; $infile=""; $outfile="";   map {      if (/\/infile:(.+)/i) {$infile=$1};      if (/\/outfile:(.+)/i) {$outfile=$1};      if (/\/csvdelim:(.+)/i) {$csvdelim=$1};      if (/\/mvdelim:(.+)/i) {$mvdelim=$1};      if (/\/(help|h|\?)/i) {$help=1};     } @ARGV;   if ($help) {DisplayUsage()}; if (!$infile) {DisplayUsage()};   if (!$outfile) {$outfile=$infile.".txt"};   # # # Extract attribs and insert into a hash # # $dncnt=0; $valcnt=0; %attribs=(); print "Extracting fields from input file $infile...\n"; open IFH,"<$infile" or die("ERR: Couldn't open infile ($infile):$!\n"); foreach $this (<IFH>)  {   $dncnt++ if $this=~/^dn:/;   next unless $this=~/^>(.+?): /;   $attribs{$1}=1;   $valcnt++;  }   @attriblist=sort keys %attribs; [EMAIL PROTECTED]; #map {print "$_\n"} @attriblist;   print "DN Count: $dncnt\n"; print "Unique Attribute Count: $attribcnt\n"; print "Values Count: $valcnt\n";   # # # Extract objects and slap them into CSV format output # # print "Parsing out objects and writing file $outfile\n"; open OFH,">$outfile"  or die("ERR: Couldn't open outfile ($outfile):$!\n"); OutputHeader([EMAIL PROTECTED]); $curdn=""; %obj=(); map {$obj{$_}=""} @attriblist; seek(IFH,0,0); foreach $this (<IFH>)  {   next unless $this=~/^(dn:|>)/;   if ($this=~/^dn:(.+)/)    {     print ".";     $newdn=$1;     if ($curdn)      { # Have an object in storage       OutputObj($curdn,\%obj);       %obj=();       map {$obj{$_}=""} @attriblist;      }     $curdn=$newdn;     next;    }   chomp $this;   ($attrib,$value)=($this=~/^>(.+?): (.+)$/);   if ($obj{$attrib}=~/\S/)    { # multivalue - think quick...     $obj{$attrib}.=$mvdelim.$value;    }   else {$obj{$attrib}=$value};  } if ($newdn) {OutputObj($curdn,\%obj)};   close IFH; close OFH;   print "\n\nThe command completed successfully.\n\n"; exit;   sub OutputHeader  {   my $h=shift;   print OFH "DN".$csvdelim;   map {print OFH "$_".$csvdelim} @$h;   print OFH "\n";  }   sub OutputObj  {   my $dn=shift;   my $a=shift;   print OFH "\"$dn\"$csvdelim";   map {print OFH "\"$$a{$_}\"$csvdelim"} sort keys %$a;   print OFH "\n";  }   sub DisplayUsage  {   print "  Usage: adcsv /infile:input_file [switches]\n\n";   print "    [switches]\n";   print "       outfile xxxx    File to output CSV to\n";   print "       csvdelim x      Delimiter to use for separation of attributes (;)\n";   print "       mvdelim x       Delimiter to use for separation of MV attribs (;)\n";   print "\n\n";   exit;  }