Data.Get.AD
Top  Previous  Next


Fills the [Data] section with data from Active Directory, Exchange 2000 or 2003 server or Exchange 5.5 server

Tip: use the ADvalue function to extract a single value for an object.

Tip: if you need to access a remote server in an untrusted domain, Use LogonAs before Data.Get.AD, see below example.

Requirements (only applies when command used for Exchange 5.5 properties)
·Exchange 5.5 server with Exchange SP4 or later  
·ADSI2.5  

Category
Data section

Script section
All

Data.Get.AD Source, SourcePath, ObjectType, IncludeSubContainers, ListOfProperties [,Add]

Source
Options: Container | Group  
·Container - extract all objects in a container (OU)  
·Group - extract all members of a group (Notice: primary group members are not returned.)  

SourcePath
Full AD path to container or group  

ObjectType
Options: User | Group | Computer | Contact  
·User - get user properties  
·Group - get group properties  
·Computer - get computer properties  
·Contact - get contact properties  

IncludeSubContainers [This parameter is ignored if Source = Group]
Options: Yes | No  
·Yes - objects in subcontainers should be included  
·No - objects in subcontainers should not be included  

ListOfProperties
List of properties and destination columns, Format: ADpropertyName§Column§[ADpropertyName§Column§].  
 
The easiest way to find out correct property names for accounts is probably to use SetupExplorer, see How to display all existing properties for one account.  
 
"Data.Get.AD" also returns these none-standard AD properties -  
·Container = container of the object  
·ADpath = full AD path to object (use with AD commands such as AD.Account.SetProperty)  
·ADpathContainer = full AD path to object container  
·primaryGroup = Name of primary group, requires ADsSecurity.dll (primaryGroupID = group RID, does not require extra dll)  
·Account flags  
Flag
Description
AccountDisabled
"Disabled" if account is disabled or "Enabled" if account is enabled
HomedirReq
"Homedir required" if home directory is required, else "-"
[Locked]
[Not supported]
PWNotReq
"PW not requrired" if no password is required, else "-"
[PWCantChange]
[Not supported]
PWReversibleEncryption
"PW reversible" if "store password using reversible encryption" enabled, else "-"
DuplicateAccount
"Duplicate", if account is for user whose primary account is in another domain, else "-"
NormalAccount
"Normal", if default account type that represents a typical user, else "-"
PWNeverExpires
"PW never expires" if password will not expire on this account, else "-"
SmartCardRequired
"Smartcard required" if smart card is required for interactive logon, else "-"
TrustedForDelegation
"Trusted for delegation", if (service) account is trusted for Kerberos delegation, else "-"
NotDelegated
"Not delegated", if security context of user will not be delegated to a service, else "-"
DESencryption

"DES key only", if restricted to use only DES encryption types for keys, else "-"
DontRequireKerberosPreauth

"Don't require preauth" if account does not require Kerberos preauthentication for logon, else "-"
PWMustChange
"Yes", "No (number of days left)" or "Never" ("Never" same as PWNeverExpires)
EnabledForDelegation
"Enabled for delegation" if account is enabled for delegation, else "-"
PWAge
Password age in days
 

Add [Optional parameter]
Options: Add |  
·Add - Add data at the end of the [Data] section instead of replacing the entire [Data] section. This is useful when more than one Data.Get.AD command is used to get data from more than one container.  

Important notice
Please make sure that none of the extracted properties contains the character used as delimiter in the [Data] section. Example: if the display name contains a comma and BatchSettings.Delimiter is comma, commands after Data.Get.AD will misread data from the [Data] section.

Examples
1) Container example - Fill the [Data] section with user properties from the "students" OU of domain "d2.acme.com", specific server "edu8.d2.acme.com", include data in subcontainers. Put container of the object in column 1, CN in column 2, samAccountName in column 3, first name in column 4, Initials in column 5 and last name in column 6.

[Init_Batch_Begin] 
Data.Get.AD Container,edu8.d2.acme.com/dc=com/dc=acme/dc=d2/ou=students, User, Yes, container§1§CN§2§samAccountName§3§givenNAme§4§Initials§5§sn§6§ 
[Init_Batch_End]

2) Container example - Fill the [Data] section with all group names in the "users" container

[Init_Batch_Begin]
Data.Get.AD Container,edu8.d2.acme.com/dc=com/dc=acme/dc=d2/cn=users, Group, Yes, CN§2§
[Init_Batch_End]

3) Container example - Fill the [Data] section with all computer names of domain "d2.acme.com"

[Init_Batch_Begin]
Data.Get.AD Container,dc=com/dc=acme/dc=d2, Computer, Yes, CN§1§
[Init_Batch_End]

4) Group example - Fill the [Data] section with properties for all user members of the group "MyGroup" in the OU "MyOu"

[Init_Batch_Begin]
Data.Get.AD Group,dc=com/dc=acme/dc=d2/Ou=MyOu/cn=MyGroup , User, Yes, CN§2§samAccountName§3§givenName§4§Initials§5§sn§6§
[Init_Batch_End]

5) Exchange 5.5 example - Fill the [Data] section with properties from container o=y/ou=D30/cn=Recipients on Exchange 5.5 server \\EDU2830.

[Init_Batch_Begin]
Data.Get.AD Container, EDU2830/o=y/ou=D30/cn=Recipients, User, Yes, ADpath§1§nickname§2§cn§3§mail§4§OtherMailbox§5§
[Init_Batch_End]

6) LogonAs example - get data from a server in a remote and untrusted domain

[Init_Batch_Begin] 
LogonAs \\192.168.2.226, d41\Administrator, password
Data.Get.AD Container, 192.168.2.226/dc=com/dc=acme/dc=d41, User, Yes, container§1§CN§2§   
LogOff \\192.168.2.226   
[Init_Batch_End]

If you try to get data from a remote server without being logged on to the remote domain you will get the error "An operations error occurred". LogonAs solves this problem.

Full examples
·Set a property for all accounts in one single OU or group  
·Move all accounts that are member of a certain group to the same OU  
·Manage accounts by WhenChanged, WhenCreated and LastLogon