Dump of user accounts

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Is there a utility/command that anyone knows of for getting a dump of all the
user accounts and date created in a W2K domain? We need this for auditing
purposes.

Thanks
5 answers Last reply
More about dump user accounts
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Ldifde


    Ldifde
    Creates, modifies, and deletes directory objects on computers running
    Windows Server 2003 operating systems or Windows XP Professional. You can
    also use Ldifde to extend the schema, export Active Directory user and group
    information to other applications or services, and populate Active Directory
    with data from other directory services.

    Syntax
    ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j
    Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l
    LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
    UserDistinguishedName Password] [-b UserName Domain Password] [-?]

    Parameters
    -i
    Specifies import mode. If not specified, the default mode is export.
    -f FileName
    Identifies the import or export file name.
    -s ServerName
    Specifies the domain controller to perform the import or export operation.
    By default, Ldifde will run on the domain controller on which Ldifde is
    installed.
    -c String1 String2
    Replaces all occurrences of String1 with String2. This is generally used
    when importing data from one domain to another and the distinguished name of
    the export domain (String1) needs to be replaced with that of the import
    domain (String2).
    -v
    Sets verbose mode.
    -j Path
    Sets the log file location. The default is the current path.
    -t PortNumber
    Specifies a LDAP port number. The default LDAP port is 389. The global
    catalog port is 3268.
    -d BaseDN
    Sets the distinguished name of the search base for data export.
    -r LDAPFilter
    Creates a LDAP search filter for data export. For example, to export all
    users with a particular surname, you can use the following filter -r
    (and(objectClass=User)(sn=Surname))
    -p Scope
    Sets the search scope. Search scope options are Base, OneLevel, or
    SubTree.
    -l LDAPAttributeList
    Sets the list of attributes to return in the results of an export query.
    If this parameter is omitted, all attributes are returned.
    -o LDAPAttributeList
    Sets the list of attributes to omit from the results of an export query.
    This is typically used when exporting objects from Active Directory and then
    importing them into another LDAP-compliant directory. If attributes are not
    supported by another directory, you can omit the attributes from the result
    set using this option.
    -g
    Omits paged searches.
    -m
    Omits attributes that only apply to Active Directory objects such as the
    ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.
    -n
    Omits export of binary values.
    -k
    Ignores errors during the import operation and continues processing. The
    following is a complete list of ignored errors:
    a.. object is already a member of the group
    b.. object class violation (meaning the specified object class does not
    exist), if the object being imported has no other attributes
    c.. object already exists
    d.. constraint violation
    e.. attribute or value already exists
    f.. no such object
    -a UserDistinguishedName Password
    Sets the command to run using the supplied UserDistinguishedName and
    Password. By default, the command will run using the credentials of the user
    currently logged on to the network.
    -b UserName Domain Password
    Sets the command to run using the supplied UserName Domain Password. By
    default, the command will run using the credentials of the user currently
    logged on to the network.
    -?
    Displays the command menu.
    Remarks
    a.. When creating the import file to use with the Ldifde command, use a
    changeType value to define the type of changes the import file will contain.
    The following changeType values are available: Value Description
    add Specifies that new content is contained in the import file.
    modify Specifies that existing content has been modified in the
    import file.
    delete Specifies that content has been deleted in the import file.

    The following is an example of an LDIF import file format using the add
    value.

    DN: CN=SampleUser,DC=DomainName

    changetype: add

    CN: SampleUser

    description: DescriptionOfFile

    objectClass: User

    sAMAccountName: SampleUser

    Examples
    To retrieve only the distinguished name, common name, first name, surname,
    and telephone number of the returned objects, type:

    -l DistinguishedName, CN, GivenName, SN, Telephone

    To omit the object GUID, type:

    -o whenCreated, whenChanged, objectGUID

    Formatting legend
    Format Meaning
    Italic Information that the user must supply
    Bold Elements that the user must type exactly as shown
    Ellipsis (...) Parameter that can be repeated several times in a
    command line
    Between brackets ([]) Optional items
    Between braces ({}); choices separated by pipe (|). Example:
    {even|odd} Set of choices from which the user must choose only one
    Courier font Code or program output


    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Zman" <Zman@discussions.microsoft.com> wrote in message
    news:1B2CD3AA-8A73-472A-B312-7E5472A64357@microsoft.com...
    > Is there a utility/command that anyone knows of for getting a dump of all
    the
    > user accounts and date created in a W2K domain? We need this for auditing
    > purposes.
    >
    > Thanks
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Thanks, but will this work on a W2K server? There are no W2003 servers in
    the environment.

    "Paul Bergson" wrote:

    > Ldifde
    >
    >
    > Ldifde
    > Creates, modifies, and deletes directory objects on computers running
    > Windows Server 2003 operating systems or Windows XP Professional. You can
    > also use Ldifde to extend the schema, export Active Directory user and group
    > information to other applications or services, and populate Active Directory
    > with data from other directory services.
    >
    > Syntax
    > ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j
    > Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l
    > LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
    > UserDistinguishedName Password] [-b UserName Domain Password] [-?]
    >
    > Parameters
    > -i
    > Specifies import mode. If not specified, the default mode is export.
    > -f FileName
    > Identifies the import or export file name.
    > -s ServerName
    > Specifies the domain controller to perform the import or export operation.
    > By default, Ldifde will run on the domain controller on which Ldifde is
    > installed.
    > -c String1 String2
    > Replaces all occurrences of String1 with String2. This is generally used
    > when importing data from one domain to another and the distinguished name of
    > the export domain (String1) needs to be replaced with that of the import
    > domain (String2).
    > -v
    > Sets verbose mode.
    > -j Path
    > Sets the log file location. The default is the current path.
    > -t PortNumber
    > Specifies a LDAP port number. The default LDAP port is 389. The global
    > catalog port is 3268.
    > -d BaseDN
    > Sets the distinguished name of the search base for data export.
    > -r LDAPFilter
    > Creates a LDAP search filter for data export. For example, to export all
    > users with a particular surname, you can use the following filter -r
    > (and(objectClass=User)(sn=Surname))
    > -p Scope
    > Sets the search scope. Search scope options are Base, OneLevel, or
    > SubTree.
    > -l LDAPAttributeList
    > Sets the list of attributes to return in the results of an export query.
    > If this parameter is omitted, all attributes are returned.
    > -o LDAPAttributeList
    > Sets the list of attributes to omit from the results of an export query.
    > This is typically used when exporting objects from Active Directory and then
    > importing them into another LDAP-compliant directory. If attributes are not
    > supported by another directory, you can omit the attributes from the result
    > set using this option.
    > -g
    > Omits paged searches.
    > -m
    > Omits attributes that only apply to Active Directory objects such as the
    > ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.
    > -n
    > Omits export of binary values.
    > -k
    > Ignores errors during the import operation and continues processing. The
    > following is a complete list of ignored errors:
    > a.. object is already a member of the group
    > b.. object class violation (meaning the specified object class does not
    > exist), if the object being imported has no other attributes
    > c.. object already exists
    > d.. constraint violation
    > e.. attribute or value already exists
    > f.. no such object
    > -a UserDistinguishedName Password
    > Sets the command to run using the supplied UserDistinguishedName and
    > Password. By default, the command will run using the credentials of the user
    > currently logged on to the network.
    > -b UserName Domain Password
    > Sets the command to run using the supplied UserName Domain Password. By
    > default, the command will run using the credentials of the user currently
    > logged on to the network.
    > -?
    > Displays the command menu.
    > Remarks
    > a.. When creating the import file to use with the Ldifde command, use a
    > changeType value to define the type of changes the import file will contain.
    > The following changeType values are available: Value Description
    > add Specifies that new content is contained in the import file.
    > modify Specifies that existing content has been modified in the
    > import file.
    > delete Specifies that content has been deleted in the import file.
    >
    > The following is an example of an LDIF import file format using the add
    > value.
    >
    > DN: CN=SampleUser,DC=DomainName
    >
    > changetype: add
    >
    > CN: SampleUser
    >
    > description: DescriptionOfFile
    >
    > objectClass: User
    >
    > sAMAccountName: SampleUser
    >
    > Examples
    > To retrieve only the distinguished name, common name, first name, surname,
    > and telephone number of the returned objects, type:
    >
    > -l DistinguishedName, CN, GivenName, SN, Telephone
    >
    > To omit the object GUID, type:
    >
    > -o whenCreated, whenChanged, objectGUID
    >
    > Formatting legend
    > Format Meaning
    > Italic Information that the user must supply
    > Bold Elements that the user must type exactly as shown
    > Ellipsis (...) Parameter that can be repeated several times in a
    > command line
    > Between brackets ([]) Optional items
    > Between braces ({}); choices separated by pipe (|). Example:
    > {even|odd} Set of choices from which the user must choose only one
    > Courier font Code or program output
    >
    >
    > --
    >
    > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    > "Zman" <Zman@discussions.microsoft.com> wrote in message
    > news:1B2CD3AA-8A73-472A-B312-7E5472A64357@microsoft.com...
    > > Is there a utility/command that anyone knows of for getting a dump of all
    > the
    > > user accounts and date created in a W2K domain? We need this for auditing
    > > purposes.
    > >
    > > Thanks
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    http://support.microsoft.com/kb/q237677/

    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Zman" <Zman@discussions.microsoft.com> wrote in message
    news:1B2CD3AA-8A73-472A-B312-7E5472A64357@microsoft.com...
    > Is there a utility/command that anyone knows of for getting a dump of all
    the
    > user accounts and date created in a W2K domain? We need this for auditing
    > purposes.
    >
    > Thanks
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Yes. Both are LDAP servers and both support LDIFDE.exe,

    It is in the System32 directory of both servers.

    --
    Herb Martin


    "Zman" <Zman@discussions.microsoft.com> wrote in message
    news:F7451968-7931-42D7-89A6-E170444F484D@microsoft.com...
    > Thanks, but will this work on a W2K server? There are no W2003 servers in
    > the environment.
    >
    > "Paul Bergson" wrote:
    >
    > > Ldifde
    > >
    > >
    > > Ldifde
    > > Creates, modifies, and deletes directory objects on computers running
    > > Windows Server 2003 operating systems or Windows XP Professional. You
    can
    > > also use Ldifde to extend the schema, export Active Directory user and
    group
    > > information to other applications or services, and populate Active
    Directory
    > > with data from other directory services.
    > >
    > > Syntax
    > > ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j
    > > Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l
    > > LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
    > > UserDistinguishedName Password] [-b UserName Domain Password] [-?]
    > >
    > > Parameters
    > > -i
    > > Specifies import mode. If not specified, the default mode is export.
    > > -f FileName
    > > Identifies the import or export file name.
    > > -s ServerName
    > > Specifies the domain controller to perform the import or export
    operation.
    > > By default, Ldifde will run on the domain controller on which Ldifde is
    > > installed.
    > > -c String1 String2
    > > Replaces all occurrences of String1 with String2. This is generally
    used
    > > when importing data from one domain to another and the distinguished
    name of
    > > the export domain (String1) needs to be replaced with that of the import
    > > domain (String2).
    > > -v
    > > Sets verbose mode.
    > > -j Path
    > > Sets the log file location. The default is the current path.
    > > -t PortNumber
    > > Specifies a LDAP port number. The default LDAP port is 389. The global
    > > catalog port is 3268.
    > > -d BaseDN
    > > Sets the distinguished name of the search base for data export.
    > > -r LDAPFilter
    > > Creates a LDAP search filter for data export. For example, to export
    all
    > > users with a particular surname, you can use the following filter -r
    > > (and(objectClass=User)(sn=Surname))
    > > -p Scope
    > > Sets the search scope. Search scope options are Base, OneLevel, or
    > > SubTree.
    > > -l LDAPAttributeList
    > > Sets the list of attributes to return in the results of an export
    query.
    > > If this parameter is omitted, all attributes are returned.
    > > -o LDAPAttributeList
    > > Sets the list of attributes to omit from the results of an export
    query.
    > > This is typically used when exporting objects from Active Directory and
    then
    > > importing them into another LDAP-compliant directory. If attributes are
    not
    > > supported by another directory, you can omit the attributes from the
    result
    > > set using this option.
    > > -g
    > > Omits paged searches.
    > > -m
    > > Omits attributes that only apply to Active Directory objects such as
    the
    > > ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.
    > > -n
    > > Omits export of binary values.
    > > -k
    > > Ignores errors during the import operation and continues processing.
    The
    > > following is a complete list of ignored errors:
    > > a.. object is already a member of the group
    > > b.. object class violation (meaning the specified object class does
    not
    > > exist), if the object being imported has no other attributes
    > > c.. object already exists
    > > d.. constraint violation
    > > e.. attribute or value already exists
    > > f.. no such object
    > > -a UserDistinguishedName Password
    > > Sets the command to run using the supplied UserDistinguishedName and
    > > Password. By default, the command will run using the credentials of the
    user
    > > currently logged on to the network.
    > > -b UserName Domain Password
    > > Sets the command to run using the supplied UserName Domain Password.
    By
    > > default, the command will run using the credentials of the user
    currently
    > > logged on to the network.
    > > -?
    > > Displays the command menu.
    > > Remarks
    > > a.. When creating the import file to use with the Ldifde command, use
    a
    > > changeType value to define the type of changes the import file will
    contain.
    > > The following changeType values are available: Value Description
    > > add Specifies that new content is contained in the import file.
    > > modify Specifies that existing content has been modified in the
    > > import file.
    > > delete Specifies that content has been deleted in the import
    file.
    > >
    > > The following is an example of an LDIF import file format using the add
    > > value.
    > >
    > > DN: CN=SampleUser,DC=DomainName
    > >
    > > changetype: add
    > >
    > > CN: SampleUser
    > >
    > > description: DescriptionOfFile
    > >
    > > objectClass: User
    > >
    > > sAMAccountName: SampleUser
    > >
    > > Examples
    > > To retrieve only the distinguished name, common name, first name,
    surname,
    > > and telephone number of the returned objects, type:
    > >
    > > -l DistinguishedName, CN, GivenName, SN, Telephone
    > >
    > > To omit the object GUID, type:
    > >
    > > -o whenCreated, whenChanged, objectGUID
    > >
    > > Formatting legend
    > > Format Meaning
    > > Italic Information that the user must supply
    > > Bold Elements that the user must type exactly as shown
    > > Ellipsis (...) Parameter that can be repeated several times in a
    > > command line
    > > Between brackets ([]) Optional items
    > > Between braces ({}); choices separated by pipe (|). Example:
    > > {even|odd} Set of choices from which the user must choose only one
    > > Courier font Code or program output
    > >
    > >
    > > --
    > >
    > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > >
    > > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    > >
    > >
    > >
    > > "Zman" <Zman@discussions.microsoft.com> wrote in message
    > > news:1B2CD3AA-8A73-472A-B312-7E5472A64357@microsoft.com...
    > > > Is there a utility/command that anyone knows of for getting a dump of
    all
    > > the
    > > > user accounts and date created in a W2K domain? We need this for
    auditing
    > > > purposes.
    > > >
    > > > Thanks
    > >
    > >
    > >
  5. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    The problem with LDIFDE is it'll give you too much output ;-)

    Use the script here -you'll need to tweak it to write what you want to a
    file; but there's plenty of us here who can help with this if you're not a
    scripter.

    I'd pull distinguishedName and cn.

    -- http://www.rlmueller.net/ADOSearchTips.htm


    --

    Paul Williams

    http://www.msresource.net
    http://forums.msresource.net


    "Herb Martin" <news@LearnQuick.com> wrote in message
    news:%23lCbvoH5EHA.2124@TK2MSFTNGP15.phx.gbl...
    Yes. Both are LDAP servers and both support LDIFDE.exe,

    It is in the System32 directory of both servers.

    --
    Herb Martin


    "Zman" <Zman@discussions.microsoft.com> wrote in message
    news:F7451968-7931-42D7-89A6-E170444F484D@microsoft.com...
    > Thanks, but will this work on a W2K server? There are no W2003 servers in
    > the environment.
    >
    > "Paul Bergson" wrote:
    >
    > > Ldifde
    > >
    > >
    > > Ldifde
    > > Creates, modifies, and deletes directory objects on computers running
    > > Windows Server 2003 operating systems or Windows XP Professional. You
    can
    > > also use Ldifde to extend the schema, export Active Directory user and
    group
    > > information to other applications or services, and populate Active
    Directory
    > > with data from other directory services.
    > >
    > > Syntax
    > > ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v] [-j
    > > Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope] [-l
    > > LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k] [-a
    > > UserDistinguishedName Password] [-b UserName Domain Password] [-?]
    > >
    > > Parameters
    > > -i
    > > Specifies import mode. If not specified, the default mode is export.
    > > -f FileName
    > > Identifies the import or export file name.
    > > -s ServerName
    > > Specifies the domain controller to perform the import or export
    operation.
    > > By default, Ldifde will run on the domain controller on which Ldifde is
    > > installed.
    > > -c String1 String2
    > > Replaces all occurrences of String1 with String2. This is generally
    used
    > > when importing data from one domain to another and the distinguished
    name of
    > > the export domain (String1) needs to be replaced with that of the import
    > > domain (String2).
    > > -v
    > > Sets verbose mode.
    > > -j Path
    > > Sets the log file location. The default is the current path.
    > > -t PortNumber
    > > Specifies a LDAP port number. The default LDAP port is 389. The global
    > > catalog port is 3268.
    > > -d BaseDN
    > > Sets the distinguished name of the search base for data export.
    > > -r LDAPFilter
    > > Creates a LDAP search filter for data export. For example, to export
    all
    > > users with a particular surname, you can use the following filter -r
    > > (and(objectClass=User)(sn=Surname))
    > > -p Scope
    > > Sets the search scope. Search scope options are Base, OneLevel, or
    > > SubTree.
    > > -l LDAPAttributeList
    > > Sets the list of attributes to return in the results of an export
    query.
    > > If this parameter is omitted, all attributes are returned.
    > > -o LDAPAttributeList
    > > Sets the list of attributes to omit from the results of an export
    query.
    > > This is typically used when exporting objects from Active Directory and
    then
    > > importing them into another LDAP-compliant directory. If attributes are
    not
    > > supported by another directory, you can omit the attributes from the
    result
    > > set using this option.
    > > -g
    > > Omits paged searches.
    > > -m
    > > Omits attributes that only apply to Active Directory objects such as
    the
    > > ObjectGUID, objectSID, pwdLastSet and samAccountType attributes.
    > > -n
    > > Omits export of binary values.
    > > -k
    > > Ignores errors during the import operation and continues processing.
    The
    > > following is a complete list of ignored errors:
    > > a.. object is already a member of the group
    > > b.. object class violation (meaning the specified object class does
    not
    > > exist), if the object being imported has no other attributes
    > > c.. object already exists
    > > d.. constraint violation
    > > e.. attribute or value already exists
    > > f.. no such object
    > > -a UserDistinguishedName Password
    > > Sets the command to run using the supplied UserDistinguishedName and
    > > Password. By default, the command will run using the credentials of the
    user
    > > currently logged on to the network.
    > > -b UserName Domain Password
    > > Sets the command to run using the supplied UserName Domain Password.
    By
    > > default, the command will run using the credentials of the user
    currently
    > > logged on to the network.
    > > -?
    > > Displays the command menu.
    > > Remarks
    > > a.. When creating the import file to use with the Ldifde command, use
    a
    > > changeType value to define the type of changes the import file will
    contain.
    > > The following changeType values are available: Value Description
    > > add Specifies that new content is contained in the import file.
    > > modify Specifies that existing content has been modified in the
    > > import file.
    > > delete Specifies that content has been deleted in the import
    file.
    > >
    > > The following is an example of an LDIF import file format using the add
    > > value.
    > >
    > > DN: CN=SampleUser,DC=DomainName
    > >
    > > changetype: add
    > >
    > > CN: SampleUser
    > >
    > > description: DescriptionOfFile
    > >
    > > objectClass: User
    > >
    > > sAMAccountName: SampleUser
    > >
    > > Examples
    > > To retrieve only the distinguished name, common name, first name,
    surname,
    > > and telephone number of the returned objects, type:
    > >
    > > -l DistinguishedName, CN, GivenName, SN, Telephone
    > >
    > > To omit the object GUID, type:
    > >
    > > -o whenCreated, whenChanged, objectGUID
    > >
    > > Formatting legend
    > > Format Meaning
    > > Italic Information that the user must supply
    > > Bold Elements that the user must type exactly as shown
    > > Ellipsis (...) Parameter that can be repeated several times in a
    > > command line
    > > Between brackets ([]) Optional items
    > > Between braces ({}); choices separated by pipe (|). Example:
    > > {even|odd} Set of choices from which the user must choose only one
    > > Courier font Code or program output
    > >
    > >
    > > --
    > >
    > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > >
    > > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    > >
    > >
    > >
    > > "Zman" <Zman@discussions.microsoft.com> wrote in message
    > > news:1B2CD3AA-8A73-472A-B312-7E5472A64357@microsoft.com...
    > > > Is there a utility/command that anyone knows of for getting a dump of
    all
    > > the
    > > > user accounts and date created in a W2K domain? We need this for
    auditing
    > > > purposes.
    > > >
    > > > Thanks
    > >
    > >
    > >
Ask a new question

Read More

Active Directory Microsoft User Accounts Command Prompt Windows