G
Guest
how do i identify multiple accounts owen by the same user in AD? Thanks for
your help in advance.
your help in advance.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
I am not quite sure what you are asking, but in order to find similar
accounts in AD, each account must have one attribute on all account with the
same value. Then you can do an LDAP search on the user class with the
attribute equal to the like value. If the accounts do not have an attribute
with the same values, you will have a hard time finding them...
HTH
Ozone
accounts in AD, each account must have one attribute on all account with the
same value. Then you can do an LDAP search on the user class with the
attribute equal to the like value. If the accounts do not have an attribute
with the same values, you will have a hard time finding them...
HTH
Ozone
C
Cary Shultz [A.D. MVP]
What exactly do you mean by this?
--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
A
Anuj K Srivastava
I think he mean that if a user's name is Tom Alter and if he is having more
then one login account like TomAlt , Tom, or tom.alter, then how can we find
that how many login account Tom Alter have.
I think that was the question....
Is there any solutions.
--
Thanks N Regards
__________________________
Anuj Kumar Srivastava
Jr. System Administrator
Electrobug Technology, Gurgaon
(e-mail address removed)
then one login account like TomAlt , Tom, or tom.alter, then how can we find
that how many login account Tom Alter have.
I think that was the question....
Is there any solutions.
--
Thanks N Regards
__________________________
Anuj Kumar Srivastava
Jr. System Administrator
Electrobug Technology, Gurgaon
(e-mail address removed)
A
Ace Fekay [MVP]
In
A logn alias is an attribute of a user account. Each account can only have
one alias for the UPN and one for the legacy logon. Therefore, I can't see
how there can be multiple logon accounts other than the alias. This can be
viewed by looking at the user's properties in ADUC.
Now if there are multiple accounts created for one user, then you would need
to look at the user account properties to see what their logon alias is. You
can script this as well.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
Anuj K Srivastava said:I think he mean that if a user's name is Tom Alter and if he is
having more then one login account like TomAlt , Tom, or tom.alter,
then how can we find that how many login account Tom Alter have.
I think that was the question....
Is there any solutions.
A logn alias is an attribute of a user account. Each account can only have
one alias for the UPN and one for the legacy logon. Therefore, I can't see
how there can be multiple logon accounts other than the alias. This can be
viewed by looking at the user's properties in ADUC.
Now if there are multiple accounts created for one user, then you would need
to look at the user account properties to see what their logon alias is. You
can script this as well.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
G
Guest
Thank you for your responses and assistance. What is happening is sometimes
we may have one user requesting to have another logon name for a special
event- perhaps for marketing at a trade show as an example. Where I am not
the one creating another account because I would try to think of a way to
identify that account. Maybe that is what I need to do is talk to my manager
about having a process in place to point back to the oringal user one way or
something like that. what is the best practice?
Thanks again.
we may have one user requesting to have another logon name for a special
event- perhaps for marketing at a trade show as an example. Where I am not
the one creating another account because I would try to think of a way to
identify that account. Maybe that is what I need to do is talk to my manager
about having a process in place to point back to the oringal user one way or
something like that. what is the best practice?
Thanks again.
A
Ace Fekay [MVP]
In
Interesting scenario. I have never come across this one yet. I would
probably have some sort of manual process in place to keep track of it, or
maybe make the user display name as John Doe 1, John Doe 2, etc.
If the user needs access to their original account, you can give them
permissions on their home folders, and any other folders as well. For
Exchange, you can give the user Send As and Receive As for the mailbox so
they can acces it.
I hope that helps.
Ace
g000se said:Thank you for your responses and assistance. What is happening is
sometimes we may have one user requesting to have another logon name
for a special event- perhaps for marketing at a trade show as an
example. Where I am not the one creating another account because I
would try to think of a way to identify that account. Maybe that is
what I need to do is talk to my manager about having a process in
place to point back to the oringal user one way or something like
that. what is the best practice?
Thanks again.
Interesting scenario. I have never come across this one yet. I would
probably have some sort of manual process in place to keep track of it, or
maybe make the user display name as John Doe 1, John Doe 2, etc.
If the user needs access to their original account, you can give them
permissions on their home folders, and any other folders as well. For
Exchange, you can give the user Send As and Receive As for the mailbox so
they can acces it.
I hope that helps.
Ace
G
Guest
is there a utility or command I could run to give me the info? maybe I am
stretching here.
stretching here.
K
kj
You might consider using the "Organizational" fields already in AD noteably
Manager - Direct Reports. If appropriate for your organization it would
provide a linkage to the owner of the accounts(Manager) and the accounts
owned (Direct Reports).
Of course if you are already using this, it might cause more problems than
it solves.
Manager - Direct Reports. If appropriate for your organization it would
provide a linkage to the owner of the accounts(Manager) and the accounts
owned (Direct Reports).
Of course if you are already using this, it might cause more problems than
it solves.
A
Ace Fekay [MVP]
In
Not really, other than a script you can find at either Microsoft's Technet
Script Center, or at http://cwashington.netreach.net. I once found a script
there that will enumerate all users and what groups they belong to and put
it into a CSV file. There are hundreds of scripts there. I can't find one
specific for printing out the Display Names, unless you can take a look for
one. Unfortunately, I'm not a scripter, and would probably suggest to post
to the VBScript newsgroups for more help on this one, unless someone replies
to this post.
You can probably also use CSVDE (part of Windows server) and just export all
users and just the displayname attribute. You can try this:
I just tested this below and it worked for me to get just the diplay name
put into a file called output.txt on C: drive:
csvde -d "ou=TheOUNameWhereTheUsersExist,dc=domain,dc=com" -r
"(objectClass=user)" -l displayName -m -f c:\output.txt
Ace
g000se said:is there a utility or command I could run to give me the info? maybe
I am stretching here.
Not really, other than a script you can find at either Microsoft's Technet
Script Center, or at http://cwashington.netreach.net. I once found a script
there that will enumerate all users and what groups they belong to and put
it into a CSV file. There are hundreds of scripts there. I can't find one
specific for printing out the Display Names, unless you can take a look for
one. Unfortunately, I'm not a scripter, and would probably suggest to post
to the VBScript newsgroups for more help on this one, unless someone replies
to this post.
You can probably also use CSVDE (part of Windows server) and just export all
users and just the displayname attribute. You can try this:
I just tested this below and it worked for me to get just the diplay name
put into a file called output.txt on C: drive:
csvde -d "ou=TheOUNameWhereTheUsersExist,dc=domain,dc=com" -r
"(objectClass=user)" -l displayName -m -f c:\output.txt
Ace
G
Guest
how do I execute CSVDE? Is this item located in system resource kit? The
syntax you provided sounds like I have to use the schema or ldap or maybe I
am in left field. Thanks for you help and patience Ace.
syntax you provided sounds like I have to use the schema or ldap or maybe I
am in left field. Thanks for you help and patience Ace.
G
Guest
Kj, that sounds like a good idea moving forward.
A
Ace Fekay [MVP]
In
g000se, it's part of Windows, no resource kit needed. You can just type it
in as it looks. Replace the "domain" and the "com" with whatever your domain
name is. As I said, I tested that specific line with a test domain I had
running the other nite and works nicely. It created a file called
c:\output.txt (as the last part of the command shows).
csvde -d "ou=TheOUNameWhereTheUsersExist,dc=domain,dc=com" -r
"(objectClass=user)" -l displayName -m -f c:\output.txt
If you like, post your domain name and I'll customize it for you.
Ace
g000se said:how do I execute CSVDE? Is this item located in system resource kit?
The syntax you provided sounds like I have to use the schema or ldap
or maybe I am in left field. Thanks for you help and patience Ace.
g000se, it's part of Windows, no resource kit needed. You can just type it
in as it looks. Replace the "domain" and the "com" with whatever your domain
name is. As I said, I tested that specific line with a test domain I had
running the other nite and works nicely. It created a file called
c:\output.txt (as the last part of the command shows).
csvde -d "ou=TheOUNameWhereTheUsersExist,dc=domain,dc=com" -r
"(objectClass=user)" -l displayName -m -f c:\output.txt
If you like, post your domain name and I'll customize it for you.
Ace