I was having troubles getting these updates out the door. Not to make an excuse, but I kept getting emails pointing out bugs or new functionality in the OS or cool functionality that I could implement and I kept pushing the release out further and further. Since I am not making any money off of this stuff I didn’t have the normal "ship something to get paid" impetus like normal software companies. ;) However I did get an increasing number of people emailing saying… "Hey… any time joe…" Those didn’t sway me, but then I started hearing "pretty please" and that kicked me into gear.
So here you go. As usual, test well. I have been using them (and updated versions of them right along) now since last fall. Thanks to everyone who has reported any bugs, typos, or offered up ideas on additional things the tools should handle; that feedback has been and always will be very welcome to me.
http://www.joeware.net/freetools/tools/adfind/index.htm
http://www.joeware.net/freetools/tools/admod/index.htm
Please see the web pages for the tools for the info but a quick run down of what has changed:
AdFind/AdMod General
- Fixed a bunch of bugs (especially around CSV stuff)
- Fixed several usage typos
AdFind Specific High Level
- Added dynamic determination of int8 time attributes. This is based on finding key words in the lDAPDisplayName or adminDescription properties.
- Ditto for interval int8 attributes
- Mentioned this previously, but changed -sc adobjcnt so that it add -gc anymore. You can add it in manually if you need it.
- Added a bunch of decodes in the RootDSE and elsewhere for Windows 8 Active Directory and ADAM.
- I know decode some RID specific attributes (like RID pool values, etc)
- Decode msDFSR-Flags which I think some folks will find helpful when converting their FRS to DFSR.
- You can specify a filter value like in -metafilter in the -ameta and -vmeta switches.
- Added new switches for handing of the int8 time attributes: -int8time, -int8time-
- Added cool new switches for messing with parent DN info: -dpdn, -pdn, -pdnu, -pdnq, -pdnuq
- Added new switch for stats for Brian, he didn’t want the filter being printed out when it was massive so -statsnofilter
- Added a new switch for people pushing AdFind CSV output into Excel. It handles some of the DN output differently. This format is completely and utterly and totally incompatible with import back in via AdMod. If people get irked about it, I will yank the switch out versus change it so it can be imported.
- Added -cv switch which will count values on multivalue attributes. I find this is useful for working out how many group members there are etc in a given very large group.
- And a really fun new switch… -exportfile. This switch allows you to export binary attributes to a file. So say you uploaded a pic to Active Directory and you want to retrieve it, you can! I actually was able to upload a copy of AdMod into a random large BLOB attribute with AdMod and then pull it back down from another DC in another location with AdFind. Now this isn’t something I generally recommend, but it is possible… And even more fun, I remember for years many of us would respond to people asking about putting pics into Active Directory that if you do that, you could be opening yourself up for a corporate "Hot or Not" web site. Well you can point AdFind at a branch of AD or the whole AD and tell it to export the pictures to files and it will zip right along and do that for you. If the attribute has the string "photo" in it it will automatically name the files RDN.jpg for you. Note if you are using goofy RDNs that cannot be directly represented in file names there is no help for you right now, it may even look like it worked, but don’t complain if it didn’t. I have to think about how I want to handle that situation.
AdMod Specific High Level
- Brian also found an issue when streaming data into AdMod that happened to be from a unicode file. AdMod should now detect this and tell Brian to go get an ASCII version of the file. 😉
- Added the ability to force recycle of objects in the recycle bin via the -recycle switch (i.e. deleting a deleted object)
- Added a -treenuke switch which was discussed on ActiveDir Org – it bypasses the treedelete max count issue and keeps submitting treedelete LDAP commands until the tree is really gone.
- Added the -policyhints switch for setting passwords. This is more a feature for FIM but useful to be able to test in AdMod.
- Added a new binary import option – importfile## – this is often asked for, it allows you to read in a binary file and jam it into an Active Directory attribute. This is useful for say uploading pics into AD.
Have fun, enjoy, bugs, feedback, comments, etc, you know where to get me at. 😉
joe
Awesome Joe!! Thanks for all the work you put into these tools. The AD community is much better because of adfind/admod.
I am looking to export data into an application, the ideal format for which would include a single row, like -csv, but instead of headers, it would only output a delimited attribute name/value pair. For example, if I were to want a subset of attributes, it could output:
“name”=”object Name”,”displayName”=”object display Name”,”userAccountControl”=”512″, etc.
Is this at all possible to do with ADFind?
Not by itself, you could easily write a couple of lines of perl to wrap adfind to do it.
joe
What Mike said.
Also, I’ll see your “couple lines of perl” and raise you one line of mostly functional for /f. 🙂
for /f “tokens=1-3 delims=~” %i in (‘adfind -f “(objectcategory=person)” name displayname useraccountcontrol -nodn -csv -csvdelim ~ -csvnoq -nocsvheader’) do echo “name”=”%i”,”displayName”=”%j”,”userAccountControl”=”%k”