尝试使用调用 AdFind 的批处理脚本开始:http: //www.joeware.net/freetools/tools/adfind/
这样做的目的是用于 SPLA 报告,其中包含以 SPLA_ 开头的任何安全组的首选输出列表用户信息。
我已经弄清楚了 AdFind 所需的命令,但我无法通过单行命令获得我的首选输出。
以下是我正在使用的命令:
最接近首选输出的命令,仅缺少 DN 作为标头:
C:\AdFind>adfind -b "dc=exampleDC,dc=local" -f "CN=SPLA_*" member -list |
adfind name mail -nodn -csv
"name","mail"
"UserA","usera@example.com"
"UserB","userb@example.com"
"UserA","usera@example.com"
成员后删除所有内容不包括第二次通话中的用户信息:
C:\AdFind>adfind -b "dc=exampleDC,dc=local" -f "CN=SPLA_*" member
dn:CN=SPLA_Microsoft Office Std,OU=Security Groups,OU=MyBusiness,DC=ExampleDC,DC=local
>member: CN=UserA Acct,CN=Users,DC=ExampleDC,DC=local
>member: CN=UserB Acct,CN=Users,DC=ExampleDC,DC=local
dn:CN=SPLA_Remote Desktop Users,OU=Security Groups,OU=MyBusiness,DC=ExampleDC,DC=local
>member: CN=UserA Acct,CN=Users,DC=ExampleDC,DC=local
-list 删除以“dn:”开头的行 在第二个 AdFind 调用时,从第一个命令中断中仅删除“-list”。
C:\AdFind>adfind -b "dc=ExampleDC,dc=local" -f "CN=SPLA_*" member -list
CN=UserA,CN=Users,DC=ExampleDC,DC=local
CN=UserB,CN=Users,DC=ExampleDC,DC=local
CN=UserA,CN=Users,DC=ExampleDC,DC=local
首选输出的行以“dn:”开头,其中包含来自该组中每个配置文件的第二次调用的详细用户信息。
关于它如何工作的想法:
运行第一次调用:adfind -b "dc=exampleDC,dc=local" -f "CN=SPLA_*" member
保存以“dn:”开头的行
将剩余传递给 AdFind 以获取详细的用户信息:adfind name mail -nodn
输出(或类似的东西)这会比 XML 更好吗?
dn:CN=SPLA_Microsoft Office Std,OU=Security Groups,OU=MyBusiness,DC=ExampleDC,DC=local
"name","mail"
"UserA","usera@example.com"
"UserB","userb@example.com"
dn:CN=SPLA_Remote Desktop Users,OU=Security Groups,OU=MyBusiness,DC=ExampleDC,DC=local
"name","mail"
"UserA","usera@example.com"
我知道这是将 CSV 与标准输出混合。像这样的东西也可以:
"cn", "name", "mail"
"SPLA_Microsoft Office Std", "UserA", "usera@example.com"
"SPLA_Microsoft Office Std", "UserB", "userb@example.com"
"CN=SPLA_Remote Desktop Users", "UserA", "usera@example.com"
最终我想把这个输出放在 MySQL 数据库中。
我现在正在为此研究“TYPE”命令,但没有真正的脚本经验。
adfind -b "dc=exampleDC,dc=local" -f "CN=SPLA_*" member
type寻找“dn:”并将“CN = SPLA_GROUP”保存为变量?以形式发送 adfind 用户列表:CN=UserA Acct,CN=Users,DC=ExampleDC,DC=local
以某种方式将“CN = SPLA_GROUP”附加到第二次调用的用户信息
编辑:对不起,很长的帖子。更多信息更好然后更少?: ) 从:http ://somerandomcompany.wordpress.com/category/batch-file/ 非常接近,但认为有些东西坏了......
@ECHO OFF
SETLOCAL
IF "%1" EQU "" (
ECHO.
ECHO ERROR!
ECHO Parameter required ^
ECHO.
ECHO Usage: SPLA-Export.bat ^
ECHO.
GOTO :EOF
)
REM CHANGE THIS LINE TO MATCH YOUR DOMAIN
SET BASEDN="dc=WindRiverFinancial,dc=local"
SET CMDLINE=ADFIND -b %BASEDN% -f "cn=%1*" -nodn cn
%CMDLINE% >%1-GETGROUPS.txt 2>NUL
IF EXIST %1-GETGROUPS.txt (
FIND /I "0 Objects returned" %1-GETGROUPS.txt
IF ERRORLEVEL 1 (
GOTO START_SEARCH
) ELSE (
ECHO ERROR: Could not query Active Directory for groups with %1*
GOTO END
)
) ELSE (
ECHO ERROR: Could not query Active Directory for groups with %1*
GOTO END
)
:START_SEARCH
FOR /F "usebackq tokens=1*" %%A IN (`type %1-GETGROUPS.txt ^| FIND /I ">cn:"`) DO (
SET GRP_OBJ=%%B
CALL :GET_MEMBERS %%B
)
FOR /F "tokens=1,2 delims=:" %%A in ("%TIME%") DO (
SET MYTIME=%%A:%%B
)
GOTO END
:GET_MEMBERS
SET FLT_QRY_OBJ="msExchDynamicDLFilter:"
SET FLT_DN_OBJ="msExchDynamicDLBaseDN:"
SET FLT_QRY_CMD=ADFIND -b %BASEDN% -f "cn=%GRP_OBJ%"
REM GET QUERY STRING
%FLT_QRY_CMD% > %1-ADINFO.txt 2>NUL
FOR /F "usebackq tokens=1*" %%A IN (`type %1-ADINFO.txt ^| FIND /I %FLT_QRY_OBJ%`) DO (
SET QRY_STR="%%B"
)
REM GET QUERY BASE DN
FOR /F "usebackq tokens=1*" %%A IN (`type %1-ADINFO.txt ^| FIND /I %FLT_DN_OBJ%`) DO (
SET QRY_DN="%%B"
)
ECHO Running the following query:
ECHO ------------------------------------------------
ECHO CN: %GRP_OBJ%
ECHO DN: %QRY_DN%
ECHO QS: %QRY_STR%
ECHO.
IF EXIST "%GRP_OBJ%.csv" (
DEL /Q "%GRP_OBJ%.csv"
)
ECHO Creating export file...
ADFIND -b -csv %QRY_DN% -f %QRY_STR% sn givenName mail title physicalDeliveryOfficeName employeeID -nodn >"%GRP_OBJ%.csv" 2>NUL
ECHO Done.
ECHO.
ECHO.
IF NOT EXIST "%GRP_OBJ%.csv" (
ECHO Could not create "%GRP_OBJ%.csv"
ECHO.
ECHO Press any key to continue or Ctrl-C to quit...
PAUSE >NUL 2>NUL
)
REM PAUSE
GOTO :EOF
:END
DEL /Q %1-GETGROUPS.txt >NUL 2>NUL
DEL /Q %1-BODY.TXT >NUL 2>NUL
DEL /Q %1-ADINFO.txt >NUL 2>NUL
ENDLOCAL