Active Directory Puzzler

[tazdev]

Is there a command line program for LDAP that will extract the User's full name if the user ID is provided?

I wrote a profile backup program that also records @username and with over 200 people it would be nice to be able to know their names instead of the user ID.

[DaveF]

Would the per-user long name be exposed as a "macro" or variable for an SMS app or to Group Policy adminstration?

I've never worked with AD, but the way that I handled this on a Novell LAN was to use a simple ZENWorks app to write the long name NetWare variable to a string registry value named "USERNAME" at:

HKEY_CURRENT_USER\Environment

...which would then be available as an environment variable afterward, usable by any number of things, even command line apps.

[saracoth]

Is there a command line program for LDAP that will extract the User's full name if the user ID is provided?

I wrote a profile backup program that also records @username and with over 200 people it would be nice to be able to know their names instead of the user ID.

<{POST_SNAPBACK}>

I hope you're using Windows Server 2003. It apparently comes with a lot of AD commands that 2000 doesn't. Microsoft recommends you not use those utilities on a 2000 machine, too, so.... If you aren't using 2000, this won't help a bit

http://www.microsoft.com/resources/documen..._line_tools.asp

But if you have them, your problem's already solved. In this case you'd want a combination of dsquery and dsget, piping output from the former to the input of the latter.

For instance, to get every user's info you can use RunWait(@ComSpec & " /c dsquery user | dsget user -samid -fn -ln")

If you wanted to pipe that into a textfile, of course, RunWait(@ComSpec & " /c dsquery user | dsget user -samid -fn -ln > C:\ADUsers.txt") or something.

Since the example above gives every user, and you might just want one at a time, just add a -samid <loginname> for the dsquery portion. For example:

RunWait(@ComSpec & " /c dsquery user -samid " & $samID & " | dsget user -fn -ln > > C:\ADUsers.txt") where $samID is the login name of the user.

You can get a long list of parameters for each ds* utility with /?

You can run this from a non-domain controller and it still works, according to http://blogs.spipp.net/kaisa/archive/2005/01/07/195.aspx

[saracoth]

Well, I hate the "you can't do it if" kinds of answers in life, so I did some more research.... The Windows Server 2000 Support Tools include ldp.exe, which allows you to "Perform LDAP operations against Active Directory." There's also an ldp.doc file in the archive, which may even have good instructions. From other reading I'm not sure if it's a GUI or not.

However, the overview of a book said it could tell you how to "Administer Active Directory through command-line tools provided with the Windows 2000 Support Tools and the Windows 2000 Resource Kit," so there must be something in there if not ldp.exe

Also, big props to AutoIt -- I forgot to mention I used it to make my last post, by causing my school lab computer connect to my home dialup's listening RealVNC viewer so I could test the ds* commands

[RocTx]

Try using the following commands found in the Resource Kit.

LDIFDE or CSVDE. You can "Google" for the parameters.

RocTx

[tazdev]

Don't have LDIFDE or CSVDE but I do have dsget. For XP PC's it works great. I am going to test it on a Windows 2000 pc.

When put in the command returns

display

userlastname, firstname

dsget succeeded.

Simply run a comspec of the line with @username and push it to c:\temp\temp.txt

next line in script will read line 2 and put that in a variable. Now I have @username and $var2 and can put them into some documentation for record keeping.

[tazdev]

To compile the below will require you have dsget.exe in C:\I386\

Also I am assuming you are running Windows 2000 or XP on a network with Active Directory. Some other areas you will have to customize are in the @ComSpec line with the flags for DSGET.EXE

; $ouarea = Area of AD the user account is located if you have multiple areas like Sales and Techs
; command line program is 
; dsget.exe user -display cn=username,ou=users,ou=areaofuserssection,dc=domain name,dc=domain extension
; 
Func GetUserFullName(); Get the user's full name. Now will only work on a Windows 2000 or XP machine. Not tested on NT or 98
    FileInstall("c:\i386\dsget.exe", "c:\dsget.exe")
    $dsgettext = "C:\deleteme.txt"
    Runwait(@comspec & " /c " & "c:\dsget.exe user -display cn=" & @Username & ",ou=users,ou=" & $ouarea & ",dc=(domain),dc=(domain ext)>" & $dsgettext, "", @SW_HIDE)
    FileDelete("c:\dsget.exe")
    FileOpen($dsgettext,0)
    $userfullname = FileReadLine($dsgettext, 2)
    FileDelete($dsgettext)
    return $userfullname
EndFunc

Edited February 4, 2005 by tazdev

[mc1226]

You can also use a Win32 porting of OpenLDAP command line tools like

LDAPSEARCH

This tools operate with every LDAP server (AD,eDirectory,iPlanet,OpenLDAP and so..) and are OS indipendent (same utility on Win32,Lnx,Solaris and so on ..)

Novell has in developers area a W32 porting of OpenLDAP with libraries and command line tools

Novell C LDAP Libraries

Vincenzo