AdFind V01.25.00 has been posted. Also note the perl
script below is now included in the adfind zip file too.
There was another pair of options I forgot to mention
previously. This is something I have handled through perl scripts for some time
and in a couple of non-published joeware tools which is the ability to exclude
certain objects using a search string from being output. This is something
people have been asking for but probably not understanding they have been asking
for it. The most popular use I expect is
You have the structure
RootOU
Subou1
Subou2
Subou3
Subou4
Subou...
Subou100
And you want to search across all of that but exclude
output from Subou4 and Subou76. Normally this would mean you have to formulate
98 subtree queries and a single one level query and run them all to display
the info and just the info you want displayed. This is non-intuitive to most
people because it is a lot of work. So now with this new -excldn option, I can
instead use a single query
adfind -b ou=rootou,blahblahblah -f somefilter -excldn
"ou=subou4,;ou=subou76,"
Note that the results from those OUs will still be involved
in the search and will still be returned to ADFIND (i.e. network traffic) but
will not be outputed by adfind. This is for the people who don't care about the
network traffic aspect as much as having to run 99 separate queries and slapping
the results together.
There is an option that goes with that called -excldndelim
which lets you specify the delimiter used in the string you specify in -excldn
to mark off multiple strings for searching.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, December 09, 2004 11:27 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADFIND CSV Output
That was Robbie's area... :o)
Oh another new option in ADFIND I forgot to mention is
secure alternate authentication. It has had simple bind for alt creds for a long
time. Now I am working on the secure bind. I am stuck on one piece with
authenticating DNs securely that ~Eric is looking into for me. UPNs (this is
undocumented from what I see) and domain\userid (documented) is no
problem. I.E. How do you send a DN into SEC_WINNT_AUTH_IDENTITY for
authenticating. Specifying creds is MUCH easier in the simple bind than with the
authenticated bind. No wonder people are doing insecure crap, MS seems to
encourage it.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Wednesday, December 08, 2004 9:58 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADFIND CSV Output
where is that perl to vbscript converter?
:-P
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, December 08, 2004 9:41 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] ADFIND CSV Output
I previously
promised a script to convert adfind output to CSV format. This is until I get
ADFIND so that it natively outputs CSV which will occur in Version 2.0.0 at some
point in the future. I have been looking over the code and adding things to it
and should be releasing V1.25.0 in the next week. The updates
are
1. Added alias for sddc (Security Descriptor DeCode)
switch for Dean called sddl.
2. Changed sddc to not insert
ntsecuritydescriptor to the list of attribs to retrieve if a specific attrib
list is specified
3. Added ability to specify PORT on hostname string
like host:port (e.g. localhost:3000). This is primarily for ADAM as I got sick
of doing /p portnumber. :)
4. Host specified as . is changed to localhost....
Again for ADAM. (e.g. -h .:8000)
5. Fixed a small bug in elapsed time
routine that would show -.001 if time elapsed was really
small.
6. Fixed a leak in the elapsed time
routine
7. Added -samdc which is SAM DeCode. This decodes some
of the SAM attributes such as userAccountControl, sAMAccountType, groupType
to english strings.
8. Added -kerbenc which implements
LDAP_OPT_ENCRYPT. This encrypts the traffic if kerberos bind is done (default
cred connection).
9. Added -maxe which is Max Entries.
You can specify the maximum number of entries to return so say you want a
sampling of computers you can do something like adfind -gc -b -f
objectcategory=computer -maxe 10 and it will return only the first 10
computers it finds.
10. I am in the process of adding the
ability to read the filter from a text file in case you have a filter that is so
large it won't fit on the command line.
Maybe more stuff if I think of something and
can slap it in there.
Anyway, here is the script for taking an ADFIND dump text file and
outputting it in CSV output. I will post this on the website probably when
I post the new ADFIND.
joe
SCRIPT: adcsv.pl
#****************************************************************************************
#* ADCSV.PL *
#*======================================================================================*
#* Author : [EMAIL PROTECTED] *
#* Version: V01.00.00 *
#* Modification History: *
#* V01.00.00 2004.12.08 joe Original Version *
#*--------------------------------------------------------------------------------------*
#* This reads an ADFIND dump and CSVs it. *
#*--------------------------------------------------------------------------------------*
#* Notes: *
#****************************************************************************************
#****************************************************************************************
#* ADCSV.PL *
#*======================================================================================*
#* Author : [EMAIL PROTECTED] *
#* Version: V01.00.00 *
#* Modification History: *
#* V01.00.00 2004.12.08 joe Original Version *
#*--------------------------------------------------------------------------------------*
#* This reads an ADFIND dump and CSVs it. *
#*--------------------------------------------------------------------------------------*
#* Notes: *
#****************************************************************************************
#****************************************************************************************
#****************************************************************************************
#* Definitions: *
#*--------------------------------------------------------------------------------------*
#* $TRUE : Define True for testing. *
#* $FALSE : Define False for testing. *
#* $YES : Define Yes for testing. *
#* $NO : Define No for testing. *
#* $SCRIPTPATH : Path to script. *
#****************************************************************************************
$TRUE=1;
$FALSE=0;
$YES=1;
$NO=0;
($SCRIPTPATH)=($0=~/(^.*)\\.*$/);
$csvdelim=";";
$mvdelim=";";
$mvdelim=";";
#
# Display header
#
print "\nADCSV V01.00.00pl Joe Richards ([EMAIL PROTECTED]) December 2004\n\n";
# Display header
#
print "\nADCSV V01.00.00pl Joe Richards ([EMAIL PROTECTED]) December 2004\n\n";
$update=0;
$help=0;
$infile="";
$outfile="";
$help=0;
$infile="";
$outfile="";
map {
if (/\/infile:(.+)/i) {$infile=$1};
if (/\/outfile:(.+)/i) {$outfile=$1};
if (/\/csvdelim:(.+)/i) {$csvdelim=$1};
if (/\/mvdelim:(.+)/i) {$mvdelim=$1};
if (/\/(help|h|\?)/i) {$help=1};
} @ARGV;
if ($help) {DisplayUsage()};
if (!$infile) {DisplayUsage()};
if (!$infile) {DisplayUsage()};
if (!$outfile)
{$outfile=$infile.".txt"};
#
#
# Extract attribs and insert into a hash
#
#
$dncnt=0;
$valcnt=0;
%attribs=();
print "Extracting fields from input file $infile...\n";
open IFH,"<$infile" or die("ERR: Couldn't open infile ($infile):$!\n");
foreach $this (<IFH>)
{
$dncnt++ if $this=~/^dn:/;
next unless $this=~/^>(.+?): /;
$attribs{$1}=1;
$valcnt++;
}
#
# Extract attribs and insert into a hash
#
#
$dncnt=0;
$valcnt=0;
%attribs=();
print "Extracting fields from input file $infile...\n";
open IFH,"<$infile" or die("ERR: Couldn't open infile ($infile):$!\n");
foreach $this (<IFH>)
{
$dncnt++ if $this=~/^dn:/;
next unless $this=~/^>(.+?): /;
$attribs{$1}=1;
$valcnt++;
}
print "DN Count: $dncnt\n";
print "Unique Attribute Count: $attribcnt\n";
print "Values Count: $valcnt\n";
print "Unique Attribute Count: $attribcnt\n";
print "Values Count: $valcnt\n";
#
#
# Extract objects and slap them into CSV format output
#
#
print "Parsing out objects and writing file $outfile\n";
open OFH,">$outfile" or die("ERR: Couldn't open outfile ($outfile):$!\n");
OutputHeader([EMAIL PROTECTED]);
$curdn="";
%obj=();
map {$obj{$_}=""} @attriblist;
seek(IFH,0,0);
foreach $this (<IFH>)
{
next unless $this=~/^(dn:|>)/;
if ($this=~/^dn:(.+)/)
{
print ".";
$newdn=$1;
if ($curdn)
{ # Have an object in storage
OutputObj($curdn,\%obj);
%obj=();
map {$obj{$_}=""} @attriblist;
}
$curdn=$newdn;
next;
}
chomp $this;
($attrib,$value)=($this=~/^>(.+?): (.+)$/);
if ($obj{$attrib}=~/\S/)
{ # multivalue - think quick...
$obj{$attrib}.=$mvdelim.$value;
}
else {$obj{$attrib}=$value};
}
if ($newdn) {OutputObj($curdn,\%obj)};
close IFH;
close OFH;
close OFH;
print "\n\nThe command completed
successfully.\n\n";
exit;
exit;
sub OutputHeader
{
my $h=shift;
print OFH "DN".$csvdelim;
map {print OFH "$_".$csvdelim} @$h;
print OFH "\n";
}
sub OutputObj
{
my $dn=shift;
my $a=shift;
print OFH "\"$dn\"$csvdelim";
map {print OFH "\"$$a{$_}\"$csvdelim"} sort keys %$a;
print OFH "\n";
}
{
my $dn=shift;
my $a=shift;
print OFH "\"$dn\"$csvdelim";
map {print OFH "\"$$a{$_}\"$csvdelim"} sort keys %$a;
print OFH "\n";
}
sub DisplayUsage
{
print " Usage: adcsv /infile:input_file [switches]\n\n";
print " [switches]\n";
print " outfile xxxx File to output CSV to\n";
print " csvdelim x Delimiter to use for separation of attributes (;)\n";
print " mvdelim x Delimiter to use for separation of MV attribs (;)\n";
print "\n\n";
exit;
}
