Hi, Joe,
I’ve been using these 2 excellent utilities to manage users both in our AD domain and our legacy Novell eDirectory tree.
Recently I needed to move disabled accounts without our ‘KEEP’ flag set into a Leavers OU and came up with the 2 commands below:
adfind -h novserver -ssl -sslignoresrvcert -simple -b o=merpol -f "(&(objectclass=user)(!(generationqualifier=KEEP))(logindisabled=TRUE))" cn fullname -u cn=ldapuser,o=isdept -up password -adcsv > c:\tmp\move2leavers.csv
admod -h novserver -ssl -simple -move o=leavers -u cn=ldapuser,o=isdept -up password < c:\tmp\move2leavers.csv
I managed to do all this in 1 command by piping the output of the adfind command with the –adcsv switch into the admod command but I wanted to record the accounts moved so that I could add them to a cumulative log – hence the intermediate move2leavers.csv file. Was this the best way of achieving this or could I have used the one-liner and somehow recorded the accounts going through the pipeline?
Hi Frank,
Sorry for slow response. I was working for Hewlett Packard Enterprise last year and working way too much. I left them and have a normal job now so I am slowly catching up on joeware email and updating tools.
So anyway, there is nothing builtin that will do what you want here. AdMod does have a -log switch but that is for my debugging mostly. However, that being said, you can use a command line tool called TEE which you would insert in the pipeline and it could output the pipeline to a file while simultaneously shipping it to the next binary in the pipeline.
You can actually do this with a quick perl script as well. See attached 7zip file, you will have to rename it to .7z. I made a really quick and dirty perl script that can do it.
[Sat 04/22/2017 13:29:25.87]
E:\DEV\perl\tee>adfind -h k16tst.test.loc -f name=norm* -dsq | jwtee.pl output.txt | admod -h k16tst.test.loc description::"normal user"
AdMod V01.18.00cpp Joe Richards (joe@joeware.net) March 2012
DN Count: 3
Using server: K16TST-DC2.k16tst.test.loc:389
Directory: Windows Server 2008 R2
Modifying specified objects…
DN: CN=Norm User 3,OU=Users,OU=TestOU,DC=k16tst,DC=test,DC=loc…
DN: CN=Norm User1,OU=Users,OU=TestOU,DC=k16tst,DC=test,DC=loc…
DN: CN=Norm User2,OU=Users,OU=TestOU,DC=k16tst,DC=test,DC=loc…
The command completed successfully
[Sat 04/22/2017 13:34:22.66]
E:\DEV\perl\tee>type output.txt
"CN=Norm User 3,OU=Users,OU=TestOU,DC=k16tst,DC=test,DC=loc"
"CN=Norm User1,OU=Users,OU=TestOU,DC=k16tst,DC=test,DC=loc"
"CN=Norm User2,OU=Users,OU=TestOU,DC=k16tst,DC=test,DC=loc"
[Sat 04/22/2017 13:34:26.07]
If you don’t like compressed files, here is the code in clear text
my $filename=shift;
open OFH,">$filename" or die("ERROR: Couldn’t open filename – $filename: $!\n");
while (<stdin>)
{
print OFH $_;
print $_;
}
close OFH;
Cheers and again sorry for the slow response.
joe
