I badly need the ability to search

[Methodtsi]

I badly need the ability to search for multiple users in AD at one time. I recently did an audit of our OU within AD and located about 400 possible old accounts. I need the ability to search the entire domain for these accounts to ensure they are not misplaced and typing them in one at a time is not a option because of the time and possibility that I may have to do this globally.

So, how can I do this with AD or is there another way?? I thought about an LDAP query but I cannot get the syntax right. Basically, I have a list of hundreds of usernames to search by. Any ideas?

Thanks in advance,

Method

 

[Methodtsi]

I have also tried Hyena as of this posting and still no luck

 

[MSClusterGuy]

Hyena should be able to export all of the users in AD to a tab delimited text file. If not, download a copy of DameWare NT utilities 30 day eval from

http://www.dameware.com

and you will never open Hyena gagin... DameWare is Hyena on STEROIDS!!
Once you have your text file, open the file in Excel, and click in the upper most left cell and the entire document will be hilighted,
Next click on Data on the toolbar, then filter => autofilter
between using the drop down boxes to filter, and combinations of sort by collumn ascending or descending, you should be able to weed out the never logged on accounts, and accounts with old passwords etc.
Once you have your list of users to be manipulated, use the Net user <username> /comment:&quot;XXX To be deleted XXX&quot; command
and the Net user <username> /active:no
to disable the accounts.
(Note Don't delete them right away, leave them disabled for 30 days and see who starts squawking... it is easier to re-enable an account than re create one)
After 30 days, use the Net user <username> /DELETE /y to remove the accounts all together.

If you are doing multiple accounts, cut the user ID column of cells of the filtered users that you want to manipulate
and paste them to a blank notepad, save it as July10-users.txt

You now have a list of the users in a single row in Notepad.

Next do the following command

for /f %a in (July10-users.txt) do net user %a /<Argument> >> results.log

This will process each of the users in the text file with the net user command consecutively, and dump the results out to a log file.

** Be very careful with the list of users... you could delete all of the users inyour entire domain (in about 5 minutes)if that is what you put into your users.txt file.

I would suggest getting comfortable with using the &quot;Net user&quot; and &quot;for&quot; commands by practicing on some local accounts on a test workstation before letting fly in your production environment...

If you don't like doing this manually, there are tools like &quot;Active Rolls&quot; for AD that do some very handy user Admin tasks, but they are much more expensive than opening a command window.

 

[GiaBetiu]

Maybe there are tools for doing this. Don't forget one thing:
AD has interface for LDAP. So, with andy LDIF application you should be able to interogate the AD.

A simple application for interogate LDAP is &quot;ldifde.exe&quot;.
As you can see in below link, you can specify a search string, conditions, etc.
There is also a csv format tool: &quot;csvde.exe&quot;.

http://support.microsoft.com/defaul...port/kb/articles/Q237/6/77.ASP&NoWebContent=1

http://www.microsoft.com/technet/tr...indowsserver2003/proddocs/entserver/CSVDE.asp

(and there are many other articles about,, just search with google about those keywords).


Gia Betiu
gia@almondeyes.net
Computer Eng. CNE 4, CNE 5, MCSE Win2K
new:

http://www.almondeyes.net

(just started)