Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Exporting AD user info (advanced)
Exporting AD user info (advanced) [message #160670] Thu, 03 September 2009 17:45 Go to next message
Eldingo  is currently offline Eldingo  United States
Messages: 69
Registered: July 2009
Member
Hello All:

Can someone please help me how to export all the AD user information
including the security settings, like exact object location within the
directory. Thanks for your help!

Ciao
Re: Exporting AD user info (advanced) [message #160671 is a reply to message #160670] Thu, 03 September 2009 18:58 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
any of these should help you accomplish what you need...
http://technet.microsoft.com/en-us/library/bb727091.aspx

hth
Marcin

"Eldingo" <eldingo@dingo.net> wrote in message
news:%23IZVuCPLKHA.4316@TK2MSFTNGP04.phx.gbl...
> Hello All:
>
> Can someone please help me how to export all the AD user information
> including the security settings, like exact object location within the
> directory. Thanks for your help!
>
> Ciao
>
Re: Exporting AD user info (advanced) [message #160672 is a reply to message #160670] Thu, 03 September 2009 19:00 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Eldingo" <eldingo@dingo.net> wrote in message
news:%23IZVuCPLKHA.4316@TK2MSFTNGP04.phx.gbl...
> Hello All:
>
> Can someone please help me how to export all the AD user information
> including the security settings, like exact object location within the
> directory. Thanks for your help!
>
> Ciao

There are several command line utilities that can be used to export
attribute values for all users. For example dsquery and dsget can be used.
Or Joe Richards' free adfind utility. See this link:

http://www.joeware.net/freetools/tools/adfind/index.htm

A VBScript program can be used to document users. I have an example linked
here that exports the values of some attributes for all users to a comma
delimited file:

http://www.rlmueller.net/DocumentUsers.htm

This is just an example, but can be modified to document any attributes you
like. I also have an example VBScript program that documents all of the
attributes of any specified object in AD (such as a specified user) linked
here:

http://www.rlmueller.net/Document%20Attributes.htm

The distinguishedName attribute specifies where in the hierarchy of AD the
object resides. All of my examples document the value of that attribute. I'm
not sure what you mean by security settings, but the userAccountControl
attribute is a flag attribute that indicates such settings as whether or not
a password is required, or if the account is disabled. Permissions should be
assigned by making the user the member of groups, so you might want to
document group membership. An example of a VBScript program that documents
user group memberships is linked here:

http://www.rlmueller.net/List%20User%20Groups.htm

Finally, if you want to document the permissions assigned directly to the
user object, you must document the ACE's (Access Control Entries) within the
DACL (Discretionary Access Control List) of the user's security descriptor.
I have an example VBScript program for that linked here:

http://www.rlmueller.net/DACL.htm

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: Exporting AD user info (advanced) [message #160673 is a reply to message #160672] Thu, 03 September 2009 19:25 Go to previous messageGo to next message
Eldingo  is currently offline Eldingo  United States
Messages: 69
Registered: July 2009
Member
Marcin and Richard, thanks so much for your help I will try your solutions.


"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:O8PsfsPLKHA.3708@TK2MSFTNGP02.phx.gbl...
>
> "Eldingo" <eldingo@dingo.net> wrote in message
> news:%23IZVuCPLKHA.4316@TK2MSFTNGP04.phx.gbl...
>> Hello All:
>>
>> Can someone please help me how to export all the AD user information
>> including the security settings, like exact object location within the
>> directory. Thanks for your help!
>>
>> Ciao
>
> There are several command line utilities that can be used to export
> attribute values for all users. For example dsquery and dsget can be used.
> Or Joe Richards' free adfind utility. See this link:
>
> http://www.joeware.net/freetools/tools/adfind/index.htm
>
> A VBScript program can be used to document users. I have an example linked
> here that exports the values of some attributes for all users to a comma
> delimited file:
>
> http://www.rlmueller.net/DocumentUsers.htm
>
> This is just an example, but can be modified to document any attributes
> you like. I also have an example VBScript program that documents all of
> the attributes of any specified object in AD (such as a specified user)
> linked here:
>
> http://www.rlmueller.net/Document%20Attributes.htm
>
> The distinguishedName attribute specifies where in the hierarchy of AD the
> object resides. All of my examples document the value of that attribute.
> I'm not sure what you mean by security settings, but the
> userAccountControl attribute is a flag attribute that indicates such
> settings as whether or not a password is required, or if the account is
> disabled. Permissions should be assigned by making the user the member of
> groups, so you might want to document group membership. An example of a
> VBScript program that documents user group memberships is linked here:
>
> http://www.rlmueller.net/List%20User%20Groups.htm
>
> Finally, if you want to document the permissions assigned directly to the
> user object, you must document the ACE's (Access Control Entries) within
> the DACL (Discretionary Access Control List) of the user's security
> descriptor. I have an example VBScript program for that linked here:
>
> http://www.rlmueller.net/DACL.htm
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
Re: Exporting AD user info (advanced) [message #160690 is a reply to message #160673] Fri, 04 September 2009 10:21 Go to previous message
j r brewin  is currently offline j r brewin  United Kingdom
Messages: 2
Registered: September 2009
Junior Member
On 4 Sep, 02:25, "Eldingo" <eldi...@dingo.net> wrote:
> Marcin and Richard, thanks so much for your help I will try your solutions.
>
> "Richard Mueller [MVP]" <rlmueller-nos...@ameritech.nospam.net> wrote in
> messagenews:O8PsfsPLKHA.3708@TK2MSFTNGP02.phx.gbl...
>
>
>
>
>
> > "Eldingo" <eldi...@dingo.net> wrote in message
> >news:%23IZVuCPLKHA.4316@TK2MSFTNGP04.phx.gbl...
> >> Hello All:
>
> >> Can someone please help me how to export all the AD user information
> >> including the security settings, like exact object location within the
> >> directory. Thanks for your help!
>
> >> Ciao
>
> > There are several command line utilities that can be used to export
> > attribute values for all users. For example dsquery and dsget can be used.
> > Or Joe Richards' free adfind utility. See this link:
>
> >http://www.joeware.net/freetools/tools/adfind/index.htm
>
> > A VBScript program can be used to document users. I have an example linked
> > here that exports the values of some attributes for all users to a comma
> > delimited file:
>
> >http://www.rlmueller.net/DocumentUsers.htm
>
> > This is just an example, but can be modified to document any attributes
> > you like. I also have an example VBScript program that documents all of
> > the attributes of any specified object in AD (such as a specified user)
> > linked here:
>
> >http://www.rlmueller.net/Document%20Attributes.htm
>
> > The distinguishedName attribute specifies where in the hierarchy of AD the
> > object resides. All of my examples document the value of that attribute.
> > I'm not sure what you mean by security settings, but the
> > userAccountControl attribute is a flag attribute that indicates such
> > settings as whether or not a password is required, or if the account is
> > disabled. Permissions should be assigned by making the user the member of
> > groups, so you might want to document group membership. An example of a
> > VBScript program that documents user group memberships is linked here:
>
> >http://www.rlmueller.net/List%20User%20Groups.htm
>
> > Finally, if you want to document the permissions assigned directly to the
> > user object, you must document the ACE's (Access Control Entries) within
> > the DACL (Discretionary Access Control List) of the user's security
> > descriptor. I have an example VBScript program for that linked here:
>
> >http://www.rlmueller.net/DACL.htm
>
> > --
> > Richard Mueller
> > MVP Directory Services
> > Hilltop Lab -http://www.rlmueller.net
> > --- Hide quoted text -
>
> - Show quoted text -


as richard stated, the 'ds' command line tools will do exactly what
you need, albeit you may re-format afterwards.

regards,

j r brewin
Previous Topic:AD-ADAM Sync Error Public Folders
Next Topic:Is there a way to isolate a DC from allowing password changes?
Goto Forum:
  


Current Time: Tue Jan 16 04:03:15 MST 2018

Total time taken to generate the page: 0.07376 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software