In my previous article on DN formats (http://blog.joeware.net/2008/05/03/1226/) I talked about the various Base DN shortcut formats available and hinted that AdFind has some shortcuts of its own. To me these are all, well they aren’t even second nature because I use them almost exclusively. I am bringing it up because even people who use AdFind a lot have watched me or my friends use AdFind and see them and say “Wow I had no idea… AdFind is cool.” Indeed. 🙂
The idea behind the shortcut bases was to be able to write generic scripts where I didn’t have to first work out the DNs so submit the AdFind queries. This way I can tell someone, well I need to see what your uPNSuffixes attribute looks like, run this command
adfind -partitions -s base upnsuffixes
and it will work in every forest period. I know there are consultants and support professionals everywhere that love me for that one… It can literally save a 5 minute conversation on how to find that spot in the directory.
So here are the shortcuts currently in the publicly available version of AdFind (V01.37.00) from the usage screen (adfind /??)
-null Use null base.
-root Determine and use root partition for BaseDN.
-config Determine and use configuration partition for BaseDN.
-schema Determine and use schema partition for BaseDN.
-default Determine and use default partition for BaseDN.
-rb xx Relative Base, use with special BaseDN’s above.
So you could specify -default and -rb cn=users.
-forestdns Use ForestDNS NDNC for base.
-domaindns Use DomainDNS NDNC for base.
-dcs Use Domain Controllers container of default domain for base.
-gpo Use System Policies container of default domain for base.
-psocontainer Use PSO Container of default domain for base.
-ldappolicy Use Ldap Query Policies container for base.
-xrights Use Extended Rights container for base.
-partitions Use Partitions container for base.
-sites Use Sites container for base.
-subnets Use Subnets container for base.
-exch Use Exchange Services container for base.
-fsps Use Foreign Security Principals container for base.
Quick descriptions
-null : Null base or Base = “”
-root : DN to the root domain of the forest
-config : DN to the configuration container of the forest
– schema : DN to the schema container of the forest
-default : DN to the default domain for the DC contacted. For ADAM this will select the first App Partition unless a default app partition is defined in ADAM (see msDS-defaultNamingContext).
-rb xx : Now this is a cool little feature that lets you specify a special shortcut base but then prepend some more onto the DN that is used for that. So for example say I want the domain controllers OU of the default domain I would specify -default -rb “OU=Domain Controllers” and AdFind will determine the default domain DN and then prepend “OU=Domain Controllers,” to is to you get the whole DN to the Domain Controllers OU.
-forestdns : DN to the ForestDNS Application Partition
-domaindns : DN to the DomainDNS Application Partition
-dcs : DN to the Domain Controllers OU – so you don’t have to type that long -default -rb “OU=Domain Controllers” mentioned above. 😉
-gpo : DN to the System Policies Container
-psocontainer : DN to the Password Settings Object Container (Windows Server 2008 obviously…)
-ldappolicy : DN to the LDAP Query Policies container in the configuration partition
-xrights : DN to the Extended Rights container in the configuration partition
-partitions : DN to the partitions container in the configuration partition
-sites : DN to the sites container in the configuration partition
-subnets : DN to the subnets container in the configuration partition
-exch : DN to the Exchange container in the configuration partition
-fsps : DN for the Foreign Security Principals container
There is also a special shortcut base I have that doesn’t fit exactly in with the above, that is -gcb. That is the combination of the -gc and -null switches so it sets you up to search the GC at the base of the forest.
Cool right?
