Filtering LDIFDE export

[Guest]

Cary, if you're out there I know you can nail this one.

I am trying to get an export of all users who are a member
of a specific distribution list so that I can edit
their 'physicalDeliveryOfficeName' value.

If I export the whole OU (so I can see all attributes), I
can see that there is an entry similar to this one:

memberOf: CN=All
Australia,OU=Groups,OU=PacAsia,DC=mycompany,DC=com

Here's what I tried, but nothing happened.
ldifde -f pacasia.ldf -d "ou=PacAsia,dc=mycompany,dc=com" -
p subtree -r ("member
Of: CN=All
Australia,ou=Groups,ou=PacAsia,DC=mycompan,dc=com") -
l "physicalDeliveryOfficeName"

 

[Cary Shultz [A.D. MVP]]

Anonymous,

It looks like the filter is incorrect. Assuming that the Distribution Group
is called 'All Asia' and is residing in the sub-OU Groups in the OU PacAsia,
here is what I might suggest:

c:\>ldifde -f AllAsia.ldf -s servername.mycompany.com -t 389 -d
"OU=Groups,OU=PacAsia,DC=mycompany,DC=com" -p subtree -r
"(objectClass=group)" -l "dn,mail,groupType,member"

This should result in the output file 'AllAsia.ldf' which contains only
group objects ( meaning, no user account, computer accounts, contacts,
etc. ) that reside in the sub-OU Groups in the OU PacAsia. Furthermore, the
output file will have only the following attributes: the Distinguished name
of the group, the e-mail address, the groupType and the members. Clearly,
the member attribute is what you want. I included both the e-mail address
( mail ) and groupType as additional pieces of information. The groupType
will show up with a value of 2 if it is a Global Distribution Group, with a
value of 4 if it is a Local Distribution Group or with a value of 8 if it is
a Universal Distribution Group.

You would just need to copy and paste the member values ( nicely shown in
the DN: cn=Cary Shultz,OU=xxx,DC=mycompany,DC=com format that you will
need ).

From there I think that you know what to do:

DN: CN=Cary Shultz,OU=xxx,DC=mycompany,DC=com
changeType: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Sydney ( or whatever )
-

DN: CN=Anon User,OU=xxx,DC=mycompany,DC=com
changeType: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Sydney
-

Since everything under the first line ( DN: CN=.....DC=com ) will be the
same ( is that a correct assumption? ) you can simply copy and paste the
second, third and fourth lines to each DN ( aka user ). This should really
speed things up for you.

This is still potentially a lot of manual work. There has to be a better
way!

HTH,

Cary

 

[Joe Murphy]

Thanks Cary.

Looks like I can't just ask LDIFDE to give me a list of users in a certain
group directly? I have to do this two step process?

And why port 389?

I'll give this a shot and see how I do. Thanks!

 

[phillip pino]

Short story first... find UltraEdit on cnet.com...now the long stor
about this APP.

I was introduced to a tool called UltraEdit about a year ago. Since
am still learning how to script with ADSI, UltraEdit has been a Go
send in making thousands of changes to Ldp file.

What you would do is create your export through LDIFDE. After that
open the LDP file in UltraEdit. Create a macro in the app whic
records your key strokes. Then have it replay that macro to make al
those changes in a blink of an eye. Once you play with it for a bit..
it gets easy.

I.E. - in the exported ldp file. you are left with

DN: CN=Anon User,OU=xxx,DC=mycompany,DC=com
changeType: add
physicalDeliveryOfficeName: Manila
-

Since UltraEdit is a "dumb" app, it does EXACTLY what you tell it t
do. I would in the case above. Start recoding your macro. At th
beginning of the file, start by doing a search for the word "add.
replace it with "modify." add a return. Type "replace
physicalDeliveryOfficeName." Find Manila. Replace with Sydney. Sto
recording your macro. This will give you the result below.

DN: CN=Anon User,OU=xxx,DC=mycompany,DC=com
changeType: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Sydney
-

Great. Now what do I do. Well. By making that tedious cange once. yo
can replay that macro to the end of your document. so if you have 50
entries that need to be changd... you can do it all in about 2
seconds...literally.. I know I've done it. Then you can make th
change.

Word of advice.... I would cut your LDP import to a couple entries.
see if it works.... then do the rest. no need to mess up 500 entries.

You can download Ultraedit to try for for free from CNET.com

*Anonymous,
From there I think that you know what to do:

DN: CN=Cary Shultz,OU=xxx,DC=mycompany,DC=com
changeType: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Sydney ( or whatever )
-

DN: CN=Anon User,OU=xxx,DC=mycompany,DC=com
changeType: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Sydney
-

Since everything under the first line ( DN: CN=.....DC=com ) will b
the
same ( is that a correct assumption? ) you can simply copy and past
the
second, third and fourth lines to each DN ( aka user ). This shoul
really
speed things up for you.

This is still potentially a lot of manual work. There has to be
better
way!

HTH,

Cary

[/QUOTE]


-
phillip pin

 

[phillip pino]

I don't think you need to specify port 389 since that i believe it'
default port for ldap search with LDIFDE. Did you receive an erroe
when you ran your search? the one thiang that I noticed your string i
the the space between "memberOf: CN=" Try removing the space so tha
it reads "memberOf:CN=" Specifying a server helps in the case you wan
to look at the directory copy on a particular server. if you don'
specify, then the default is to use the closest GC for the domain yo
are logged into. But it doesn't hurt. However, I would bet that th
space is screwing up your search.

ldifde -f pacasia.ldf -d "ou=PacAsia,dc=mycompany,dc=com" -p subtree -
("memberOf:CN=All Australia,ou=Groups,ou=PacAsia,DC=mycompan,dc=com"
-l "physicalDeliveryOfficeName"

The above is your string minus the extra space. the export file wil
give you the DN and the physicalDeliveryOfficeName.


wrote:

*Cary, if you're out there I know you can nail this one.

I am trying to get an export of all users who are a member
of a specific distribution list so that I can edit
their 'physicalDeliveryOfficeName' value.

If I export the whole OU (so I can see all attributes), I
can see that there is an entry similar to this one:

memberOf: CN=All
Australia,OU=Groups,OU=PacAsia,DC=mycompany,DC=com

Here's what I tried, but nothing happened.
ldifde -f pacasia.ldf -d "ou=PacAsia,dc=mycompany,dc=com" -
p subtree -r ("member
Of: CN=All
Australia,ou=Groups,ou=PacAsia,DC=mycompan,dc=com") -
l "physicalDeliveryOfficeName"

-
phillip pin

 

[Cary Shultz [A.D. MVP]]

Joe,

Yes, you can. And that is what you are doing! However, I do not think
that you can ask for the membership in that specific group. You have to
first query for all of the groups located in that sub-OU and then look for
that particular group. I am not aware of any other way.

As to port 389; that is the default port for ldap. Unless you have set
things up differently then you would be using this port. Remember, I
include the -s servername.domain.com switch and the -t 389 switch in my
'commands'. This is not really necessary. ldifde will default to the
machine on which you are running the command as well as to port 389. If you
choose to not include the -s and the -t switch in your command syntax you
will be fine!

Version 2 of ADModify is supposed to allow for group filtering ( so you
would be able to query just the membership of a group and use ADModify to
make that 'Office' field change based on a particular group's membership.

HTH,

Cary

 

[Cary Shultz [A.D. MVP]]

Phillip,

You are absolutely correct. I do not need to specify the -t switch as
ldifde will default to the default ldap port of 389. Additionally, I do not
need to specify -s servername.domain.com either ( assuming that I want to
run ldifde one the same machine to which I want ldifde to bind ). I do that
so that I am in the practice of doing it. However, I mention it here so
that people can become more familiar with the syntax of ldifde as well as
the concepts behind it.

His problem - I believe - is the search parameter 'input' is not valid. I
am not aware of being able to enter simply -r "(memberOf: blah blah blah)".
Also, the " need to be outside the ( and the ) in this case. Typically, one
would enter -r "(&(objectCategory=person)(objectClass=user))" or -r
"(&(objectCategory=computer)(objectClass=user))" or -r
(&(objectCategory=person)(msExchHomeServerName=*))" or something to that
affect following the -r switch.

I am not sure that I understand your comment about "I would bet that the
space is screwing up your search". Is there a maximum number of characters
that can be entered of which I am not aware? I am always learning
something!

Anyway, thank you for bringing these points to our attention. it is always
good to have another pair of eyes look at something!

Cary

 

[Cary Shultz [A.D. MVP]]

Phillip,

I might just take a look at it. However, with ldifde / csvde being 'native'
to WIN2000 and the new ds tools that come with WIN2003 ( can be used in a
WIN2000 SP3+ environment on a WIN XP system ) I am not sure why I would want
to get involved with something else. Throw in ADModify and things look to
be pretty covered!

I will still take a look, however.

Thank you for bringing this tool to our attention. It is always a good
thing to have more toys!

Cary

Short story first... find UltraEdit on cnet.com...now the long story
about this APP.

I was introduced to a tool called UltraEdit about a year ago. Since I
am still learning how to script with ADSI, UltraEdit has been a God
send in making thousands of changes to Ldp file.

What you would do is create your export through LDIFDE. After that,
open the LDP file in UltraEdit. Create a macro in the app which
records your key strokes. Then have it replay that macro to make all
those changes in a blink of an eye. Once you play with it for a bit...
it gets easy.

I.E. - in the exported ldp file. you are left with

DN: CN=Anon User,OU=xxx,DC=mycompany,DC=com
changeType: add
physicalDeliveryOfficeName: Manila
-

Since UltraEdit is a "dumb" app, it does EXACTLY what you tell it to
do. I would in the case above. Start recoding your macro. At the
beginning of the file, start by doing a search for the word "add."
replace it with "modify." add a return. Type "replace:
physicalDeliveryOfficeName." Find Manila. Replace with Sydney. Stop
recording your macro. This will give you the result below.

DN: CN=Anon User,OU=xxx,DC=mycompany,DC=com
changeType: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Sydney
-

Great. Now what do I do. Well. By making that tedious cange once. you
can replay that macro to the end of your document. so if you have 500
entries that need to be changd... you can do it all in about 20
seconds...literally.. I know I've done it. Then you can make the
change.

Word of advice.... I would cut your LDP import to a couple entries.
see if it works.... then do the rest. no need to mess up 500 entries.

You can download Ultraedit to try for for free from CNET.com

*

[/QUOTE]

 

[Cary Shultz [A.D. MVP]]

Phillip,

Looked at UltraEdit 32. Why do I want to pay $35.00 to do something that I
can do for free in NotePad? If I am going to purchase this program for
editing .ldf files only then I think not! Now, having said that, I will say
that it *looks* like it could be very useful for other things!

The example that you give is something that you can do in Notepad in about
five seconds. All you do is use Edit | Replace and then select 'Replace
All'......

I will say that I did not download the application to use it. I simply went
to cnet.com and looked at the screenshot and from that determined that I do
not need it - for editing .ldf files ( since this is the context of this
post ). It may be very good for other things, but it is not necessary IMHO
for editing .ldf files. Notepad does that just fine by itself.

Is there some feature of UE 32 that allows us to do something that Notepad
can not do? Possibly, replace only the first xx number of entries. So, if
I had an .ldf file containing information for 200 users and I needed to
replace their Address ( streetAddress, l, st and postalCode ) but of those
200 users 75 went to one location and the other 125 went to another location
can I stipulate this in UE 32??? That *might* make it more interesting.

Anyway, Phillip - please do not get discouraged. Just because I do not
think that it is not necessary does not mean that others might not find it
useful for this. Please do continue to post your suggestions and thoughts.
We all learn from other's experiences!

Thank you, Phillip, for letting us know about Ultra Edit 32!

Cary

Phillip,

I might just take a look at it. However, with ldifde / csvde being 'native'
to WIN2000 and the new ds tools that come with WIN2003 ( can be used in a
WIN2000 SP3+ environment on a WIN XP system ) I am not sure why I would want
to get involved with something else. Throw in ADModify and things look to
be pretty covered!

I will still take a look, however.

Thank you for bringing this tool to our attention. It is always a good
thing to have more toys!

Cary

[/QUOTE]

 

[phillip pino]

Hey Cary -

I don't remember the cost. When I started using it it was a trial fo
1 month. The diference between notepad and UltaEdit is that wit
UltraEdit it wil "record your keystroke." Of course you could d
individual finds and replaces for each entry, but with this tool if yo
carefully perform your actions on the first entry keeping in mind th
rest of the file, you can compile all of your "finds" and replaces i
one nice macro (which you can save for later use.)

Just a thought.

*Phillip,

Looked at UltraEdit 32. Why do I want to pay $35.00 to do somethin
that I
can do for free in NotePad? If I am going to purchase this progra
for
editing .ldf files only then I think not! Now, having said that,
will say
that it *looks* like it could be very useful for other things!

The example that you give is something that you can do in Notepad i
about
five seconds. All you do is use Edit | Replace and then selec
'Replace
All'......

I will say that I did not download the application to use it.
simply went
to cnet.com and looked at the screenshot and from that determine
that I do
not need it - for editing .ldf files ( since this is the context o
this
post ). It may be very good for other things, but it is no
necessary IMHO
for editing .ldf files. Notepad does that just fine by itself.

Is there some feature of UE 32 that allows us to do something tha
Notepad
can not do? Possibly, replace only the first xx number of entries.
So, if
I had an .ldf file containing information for 200 users and I neede
to
replace their Address ( streetAddress, l, st and postalCode ) but o
those
200 users 75 went to one location and the other 125 went to anothe
location
can I stipulate this in UE 32??? That *might* make it mor
interesting.

Anyway, Phillip - please do not get discouraged. Just because I d
not
think that it is not necessary does not mean that others might no
find it
useful for this. Please do continue to post your suggestions an
thoughts.
We all learn from other's experiences!

Thank you, Phillip, for letting us know about Ultra Edit 32!

Cary

-
phillip pin