Steve,
You might want to take a look at ldifde or csvde or the newer ds tools.
With ldifde you can enter the following line at a command prompt and you
will be given an .ldf file which will contain only what you want:
c:\>ldifde -f users.ldf -s yourDC.yourdomain.com -t 389 -d
"DC=yourdomain,DC=com" -p subtree -r
"(&(objectCategory=person)(objectClass=user))"
This will create an .ldf file called 'users.ldf' located at c:\ and will
take all of the user accounts ( including some that you might not want, such
as Administrator and the like. To avoid this simply enter the -m switch
before the initial -f switch ) from your entire domain. It is going to bind
to the Domain Controller specified by the -s switch and will use the port
specified by the -t switch ( please note that both the -s and -t switches
are optional. If you do not specify them ldifde will default to the DC on
which you are running it and to port 389, the default ldap port ). The -d
switch tells ldifde where to start/what to include ( in layman's terms ).
The -d switch tells it to include the entire domain ( signified by the
"DC=yourdomain,DC=com". If you wanted only a specific OU, for example, you
would have entered -d "OU=yourOU,DC=yourdomain,DC=com" ). Finally, the -r
switch is the filter that ldifde uses. Since you wanted only the user
accounts and nothing else you use the -r
"(&(objectCategory=person)(objectClass=user))" filter. Had you wanted only
the computer accounts then you would use the filter -r
"(&(objectCategory=computer)(objectClass=user))". If you wanted only your
group accounts then you would enter the filter -r "(objectClass=group)".
Using csvde can give you the same results only that information can be taken
to an excel spreadsheet. If you prefer that rather than the .ldf files (
BTW - open the .ldf files with Notepad ) then csvde is your friend.
The newer ds tools are really neat. I have not played with them too much
but have recently taken a look t them and they are pretty neat.
HTH,
Cary
