LDIFDE export group membership with sAMAccountName

  • Thread starter Thread starter rwh
  • Start date Start date
R

rwh

I need to be able to export group members from an AD group but instead
of returning the CN= value I'd like to get the sAMAccountName value.
Does anyone know if this is possible?
This is what I currently use:

ldifde -f staff.txt -d "cn=Staff,ou=User Groups,dc=domain,dc=edu" -l
member -s server1

I know the -l member is what is giving me the members CN= value, but is
there a way to get that members sAMAccountName as well.?
 
I need to be able to export group members from an AD group but instead
of returning the CN= value I'd like to get the sAMAccountName value.
Does anyone know if this is possible?
This is what I currently use:

ldifde -f staff.txt -d "cn=Staff,ou=User Groups,dc=domain,dc=edu" -l
member -s server1

I know the -l member is what is giving me the members CN= value, but is
there a way to get that members sAMAccountName as well.?
Click to expand...

If you didn't actually need this in ldif format you could just use csvde
and remove the columns in the output that you don't want. Just FYI.
 
Do you have an example of this? I need to export all members of a group
for their sAMAccountName.
 
Do you have an example of this? I need to export all members of a group
for their sAMAccountName.
Click to expand...

Hi,

There's no way to get what you want from ldifde or csvde because the group
object only has distinguished names of members, not sAMAccountNames. I would
suggest running a VBScript program that dumps out member names and redirect
the output to a text file. For example:

======================
Option Explicit

' Declare all variables.
Dim objGroup, objMember

' Bind to the group object.
Set objGroup = GetObject("LDAP://cn=Staff,ou=User Groups,dc=domain,dc=edu")

' Use the Members method to enumerate direct members of the group.
' For each member, display the NT name.
For Each objMember In objGroup.Members
Wscript.Echo objMember.sAMAccountName
Next
========================

You can run this at a command prompt with the cscript host and redirct the
output to a text file. If the VBScript program is in a file called
ListGroup.vbs, the command would be similar to:

cscript //nologo ListGroup.vbs > Group.txt

This will not reveal nested group membership. It also does not show anyone
that has this group designated as their "Primary" group, but that should not
be a problem.
 
You can't get it in a single pass LDAP dump. The member attribute only has the
DN, not the sAMAccountName stored. You would need to either do multiple passes,
I.E. Get the DNs and then query each DN for the sAMAccountName or you need to
use base level queries with attribute Scoping which you can't do from the
current suite of command line tools (i.e. you would have to write something)

Note that if you have a group with 3000 members, option 1 means that you need to
do one query to get the membership and 3000 queries to get the SAM names. You
will feel a speed hit.
 
Back
Top