I thought I'd comment on a few changes I'd make in your query. Since
objectClass maps to the objectCategory before executing your query, you might
want to change objectClass=Computer to objectCategory=Computer which eliminates
a translation step in your query.
Also, your condition for the distinguishedName would only return records if
Disabled is part of the OU path so I'll assume you're dealing with an OU where
disabled computer objects are moved prior to deletion. I'm not sure if this is
what you want, but you are querying the entire domain from the RootDSE. It may
be more efficient to search the specific sub OU in the domain rather than try
to filter the record set for the entire domain based on a partial string in the
DN. There's no need to query the entire domain if all the objects you're
concerned about are in a specific OU.
Off the top of my head, here is how I would recommend modifying your filter to
query AD for non-server computer objects that are enabled. I use the UAC to
sort enabled/disabled objects, which may be more reliable than a string in the
DN if you are looking for their particular status. For me, I have to search
our disabled OU for objects that got enabled but not moved back to their
production OU. If you're searching for disabled objects, remove the bang
before the UAC parameter. I assume you will set the value of $subOUdn to the
first level sub OU name you want to search. If the OU is further down in the
tree you'll need to adapt this to account for the full path. I also prefer cn
to displayName b/c I never need the $ at the end of the computer name.
$subOUdn="OU=Disabled Computers,".$dc;
OR
$subOUdn="OU=Columbus,OU=Kiosks,OU= Disabled Computers,".$dc;
query_ldap("<LDAP://".$subOUdn.">;
(&( objectCategory
=Computer)(!operatingSystem=*server*)(!userAccountControl:1.2.840.113556.1.4.803:=2));
cn,distinguishedName;subtree",$objects);
Hope some of this helps.
Regards,
Glenn
From: [email protected]
[mailto:[email protected]] On Behalf Of A F
Sent: Thursday, June 30, 2011 11:06 PM
To: Steven Manross; [email protected]
Subject: Re: Listing computers from a specific OU
Steven,
I found a work around by filter on all computers
">;(&(objectclass=Computer)
and then do a print for all computers except if ( $dn =~ m!*Disabled
Computers*!i );
________________________________
From: Steven Manross <[email protected]>
To: A F <[email protected]>; [email protected]
Sent: Tue, June 28, 2011 11:05:38 PM
Subject: RE: Listing computers from a specific OU
So,
I have seen this exact behavior in my test domain with the below script.
distinguishedname is probably a bad field to be using for this.
...where distinguishedname is something like this:
CN=COMPUTER14 Disabled,OU=Some OU,OU=Test Accounts,OU=Computer
Accounts,OU=SomeOU,DC=domainname
,DC=com
You could use cn instead of distinguishedname in your search (for a DN
like above) since cn is the last part of the distinguished name
(cn=COMPUTER14 Disabled)...
query_ldap("<LDAP://" . $dc .
">;(&(objectclass=Computer)(cn=*Disabled*)
);displayname,distinguishedname;subtree",$objects);
This won't work if you are trying to find an OU name that has the word
"Disabled" in it.
However, I didn't have an example of a distinguished name that you
wanted to test for, so I can't cover all the scenarios. If this isn't
what you were looking for, give us an example of the dns you are trying
to match.
HTH
Steven
________________________________
From: A F [mailto:[email protected]<mailto:[email protected]>]
Sent: Tuesday, June 28, 2011 9:48 PM
To: Steven Manross;
[email protected]<mailto:[email protected]>
Subject: Listing computers from a specific OU
Hi All,
I have this code from Steven that I've modified to get the
number of all computer in a specific ou ( OU=History,OU=Disabled
Computers) but I am getting 0.
This is the filter I am using
(&(objectclass=Computer)(Distinguishedname=*Disabled*)). There are
about 500 computers in that OU.
How can I get a record count from that OU?
use Win32::OLE;
my $RootDSE = Win32::OLE->GetObject("LDAP://RootDSE");
$dc = $RootDSE->Get("DnsHostName");
print "$dc\n";
query_ldap("<LDAP://" . $dc .
">;(&(objectclass=Computer)(Distinguishedname=*Disabled*)
);displayname,distinguishedname;subtree",$objects);
print "recordcount = ".$objects->{RecordCount}."\n";
sub query_ldap {
my $ldap_query = $_[0];
my $error_num;
my $error_name;
my $RS;
my $Conn = Win32::OLE->new("ADODB.Connection");
if (Win32::OLE->LastError() != 0) {
print "Failed creating ADODB.Connection object
(".Win32::OLE->LastError().")\n -> $ldap_query\n";
return 0;
}
$Conn->{'Provider'} = "ADsDSOObject";
if (Win32::OLE->LastError() != 0) {
print "Failed setting ADODB.Command Provider
(".Win32::OLE->LastError().")\n -> $ldap_query\n";
return 0;
}
#$Conn->{Open} = "Perl Active Directory Query";
$Conn->{Open} = "Active Directory Provider";
my $Cmd = Win32::OLE->new("ADODB.Command");
$Cmd->{ActiveConnection} = $Conn;
if (Win32::OLE->LastError() != 0) {
print "Failed creating ADODB.Command object
(".Win32::OLE->LastError().")\n -> $ldap_query\n";
return 0;
}
$Cmd->{CommandText} = $ldap_query;
$Cmd->{ActiveConnection} = $Conn;
$Cmd->{Properties}->{"Page Size"} = 500;
$RS = $Cmd->Execute();
if (Win32::OLE->LastError() != 0) {
print "Failed Executing ADODB Command object
(".Win32::OLE->LastError().")\nExecuting ADODB Command ->
$ldap_query\n";
return 0;
} else {
$_[1] = $RS;
return 1;
}
}
_______________________________________________
Perl-Win32-Admin mailing list
[email protected]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
