Today I ran into an issue where a syncing tool blew up because it encountered an object that had multiple values in an attribute that “normally” has a single value in it and it didn’t know how to properly sync that object. Well obviously whomever set up the syncing tool kind of made a mistake because the attribute in AD was multivalued so there was always a chance this would happen so they should have accounted for it in the configuration of the syncing tool. But they didn’t and so I had to go figure out what was going on. Looking at it I quickly realized the problem and was able to point out that an object had multiple values for destinationIndicator and the company standard was to only have a single value. So this raised the question for me, are there any other objects out there in the same boat? I.E. They had multiple values for that attribute and would eventually cause me pain in the syncing tool…
So the generic question was, how do I quickly ascertain which objects had multiple values for a given attribute… Initially I thought, this will be a bit of a pain, I will have to output all objects with that attribute populated and then parse the attribute out with a script… Then I thought… Well I don’t actually care about the various values, just whether or not there are multiple values at all… Then a flash of EUREKA! AdFind to the rescue… (again).
Side Bar: I love when I come up with new ways to use my utilities that I never thought of before. It just encourages me more and more to have flexibility at the core of the utilities because I never know what I or someone else may end up doing with them.
I realized that all I had to do was be able to pick out objects that had multiple values for a single attribute so I typed up a command line like
adfind -h domainname -default -f “&(objectcategory=person)(destinationindicator=*)” destinationindicator -csv
and then added one simple switch that made all the difference in my ability to quickly scan through and find multiple values…
-csvmvdelim ####
So the whole command looked like
adfind -h domainname -default -f “&(objectcategory=person)(destinationindicator=*)” destinationindicator -csv -csvmvdelim ####
Now you may be sitting there thinking… “Well how the heck does that help anything???”. It doesn’t by itself, but when you combine that with grep or find or findstr or whatever and you pipe the output of that command into one of those search tools looking for the string #### it will only output those lines of the CSV output that match… I.E. Objects with multiple values for that attribute. So in its entirety it looks like
adfind -h domainname -default -f “&(objectcategory=person)(destinationindicator=*)” destinationindicator -csv -csvmvdelim #### | grep ####
I don’t know about anyone else but I just think that is pretty cool. 🙂
joe
Yes, pretty cool workaround, congrats Joe !
Like you I hate to have to script for such simple tasks, there’s nothing like a one liner …
Talking of one liners, I experimented a bit with last adfind version and the new stdin piping thing. I’m wondering if you could implement in adfind the reading of the special header added by the -adcsv switch ? Being forced to add -h or -simple twice gets on my nerves 😉
Anyway thanks again for terrific tools.
Marc