Re: Search many objects in a large AD space
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 17 Nov 2007 08:40:16 -0600
ned wrote:
I have a big list (about 80000) of users and I need to retrieve some info
like their address, office etc.
In addition to that my AD space (windows 2003) is big and very ramificated
(multi-domain forest, nested OUs).
There is no way of knowing in what OU each of the users can be found and I
need to bind to the users object by using their first and last as the
samid is not provided, all I have is just First,Last for each user.
What is the fastest technique to do this?
I think I should avoid trying to recursively list all OUs and for each of
them list all USER objects and then extract properties for matching
First,Last ?
Pearhaps I should use the CreateObject("ADODB.Connection") and do a query
instead of GetObject(LDAP etc...) ?
Or perhaps bind to the flat NT-like namespace using GetObject(WinNT: etc?)
The WinNT provider is slower. The exposed namespace is flat, but it still
must deal with the hierarchy of AD under the covers. An ADO query should be
best. Use the Global Catalog by specifying the GC: moniker in the base of
the search. See this link for details:
http://www.rlmueller.net/ADOSearchTips.htm
Using the syntax in the link above, you can specify the search base with
code similar to:
==========
Set objRootDSE = GetObject("LDAP://RootDSE";)
strRootDomain = objRootDSE.Get("rootDomainNamingContext")
strBase = "<GC://" & strRootDomain & ">"
===========
You can only retrieve attributes replicated to the GC, but the most
important, like distinguishedName, are. The filter you use depends on how
the values are populated in your AD. If the Common Name of the users is in
the form "Last, First", then you can use:
===========
strName = "Smith\, Jim"
strFilter = "(&(objectCategory=person)(objectClass=user)(cn=" strName & "))"
==========
Note that commas in Common Names must be escaped with the backslash escape
character. If you only know the values assigned to the first and last name
fields in ADUC (the values of the givenName and sn attributes), the filter
can be:
==========
strFirst = "Jim"
strLast = "Smith"
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(givenName=" & strFirst & ")(sn=" & strLast & "))
==========
Note that you need to account for the three possible results: The search
results in a recordset with no rows, one row, or more than one row (more
than one user). What you have does not uniquely identify the user. There
could be several users with the same first and last names, or even the same
Common Name (as long as they are in different OU/Containers). I hope this
helps.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- References:
- Search many objects in a large AD space
- From: ned
- Search many objects in a large AD space
- Prev by Date: Re: Simple "clean" with VBScript
- Next by Date: Re: Com Interface names
- Previous by thread: Search many objects in a large AD space
- Index(es):
Relevant Pages
|
