RE: [ActiveDir] OldCmp question

[joe]

Usually I see folks add in an ID type or use the employeetype attributes.   They are all acceptable. The service naming I have seen odd issues with where a service id has to be a certain value. Stupid apps I realize but they do exist... :o)   -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm      From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Monday, May 15, 2006 5:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OldCmp question Hi Russ   Just out of idle curiosity, I would be interested to know why you decided to extend the schema to flag all service accounts.  I’ve seen organisations use a specific naming convention to identify service accounts before, but never adding a new attribute.   Tony   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Tuesday, 16 May 2006 8:38 a.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OldCmp question   I ended up using oldcmp -report -age 120 -users -f "(&(objectcategory=person)(objectclass=user)(!(ourAttribute=TRUE)))" And it seemed to work.   Thanks   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, May 15, 2006 2:50 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OldCmp question -af "(!(ourProperty=TRUE))"   It would be more efficient and faster for the query to actually set all of the non-service accounts to FALSE so then you can do   -af "(ourProperty=FALSE)"     NOT filters aren't the greatest for efficiency plus you can get false positives because an account that you can't see the ourProperty value on due to security will be reported even if it has ourProperty set to TRUE.        joe   -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm        From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Monday, May 15, 2006 3:32 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OldCmp question I've created a new boolean schema property to flag all of our service accounts in our AD domain.   I've gone through and set the boolean to "TRUE" to all the service accounts.   Now I want to use oldcmp to go through and find all the ones that aren't "TRUE" and meet other criteria.  I've determined I can do an -af ourProperty=TRUE and show the accounts that are service accounts, but I want any that are NOT service accounts.  I tried -af ourProperty=" " and "" and -af ourProperty="<not set>" and nothing seems to work.  Any ideas?   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.