Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Active Directory export array missing certain users -DirectorySearcher, CSVDE works
134 views
Skip to first unread message
Curt Loesch
May 10, 2013, 2:35:33 PM5/10/13
to
Wondering if anyone could assist me with a script I'm working on. I've decided to be a big boy and stop using Command Prompt so instead of using the csvde utility I wrote a ps1 script seen below...
THIS RETURNS 1001 RECORDS
-------------
# Searches for all active user accounts in Active Directory and outputs any attribute
#
# --Outputs to test.txt file
# --Any active directory attribute can be displayed. Change variables in For Loop to change output.
# --UserAccountControl filter removes disabled accounts
# --CBL - last modified 5-10-2013
$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"LDAP://DC=domain,DC=local")
$Search.filter = "(&(objectclass=user)(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
Foreach($result in $Search.Findall()){
$user = $result.GetDirectoryEntry()
$name = $user.cn
$dept = $user.extensionAttribute2
"$name`t$dept" | Out-File c:\users.txt -append
}
--------------
I thought it was working great until I noticed there was a discrepancy between the output of this script and the output of csvde through good old Command Prompt...
THIS RETURNS 1190 RECORDS
--------------
csvde -r "(&(objectclass=user)(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -f users.csv -l CN,extensionAttribute2
--------------
I've tried running on a different machine with domain admin permissions, checking ADSI Edit for account property differences, and changing my filter to include all user accounts. The same 189 accounts do not show up in the PowerShell script output each time.
Any ideas?
THIS RETURNS 1001 RECORDS
-------------
# Searches for all active user accounts in Active Directory and outputs any attribute
#
# --Outputs to test.txt file
# --Any active directory attribute can be displayed. Change variables in For Loop to change output.
# --UserAccountControl filter removes disabled accounts
# --CBL - last modified 5-10-2013
$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"LDAP://DC=domain,DC=local")
$Search.filter = "(&(objectclass=user)(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
Foreach($result in $Search.Findall()){
$user = $result.GetDirectoryEntry()
$name = $user.cn
$dept = $user.extensionAttribute2
"$name`t$dept" | Out-File c:\users.txt -append
}
--------------
I thought it was working great until I noticed there was a discrepancy between the output of this script and the output of csvde through good old Command Prompt...
THIS RETURNS 1190 RECORDS
--------------
csvde -r "(&(objectclass=user)(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -f users.csv -l CN,extensionAttribute2
--------------
I've tried running on a different machine with domain admin permissions, checking ADSI Edit for account property differences, and changing my filter to include all user accounts. The same 189 accounts do not show up in the PowerShell script output each time.
Any ideas?
David Trimboli
May 13, 2013, 10:01:48 AM5/13/13
to
On 5/10/2013 2:35 PM, Curt Loesch wrote:
> I've tried running on a different machine with domain admin
> permissions, checking ADSI Edit for account property differences,
> and changing my filter to include all user accounts. The same 189
> accounts do not show up in the PowerShell script output each time.
The default policy of Active Directory is to limit queries to 1000
> I've tried running on a different machine with domain admin
> permissions, checking ADSI Edit for account property differences,
> and changing my filter to include all user accounts. The same 189
> accounts do not show up in the PowerShell script output each time.
results. <http://support.microsoft.com/kb/315071>, MaxPageSize property
Here's an example of someone changing the number of returned items in a
PowerShell script:
<http://serverfault.com/questions/177957/get-user-home-directories-recursively-in-powershell>
This page also shows the use of the Active Directory module, which gives
you new cmdlets to work more easily with AD.
--
David Trimboli
http://www.trimboli.name/
Curt Loesch
May 13, 2013, 4:29:34 PM5/13/13
to
Curt
0 new messages