Data.Get.AD.Find
Top  Previous  Next


Searches Active Directory and fills the [Data] section with any combination of properties for matching objects

Maximum number of returned rows is 1000.

Tip: if you need to access a remote server in an untrusted domain, Use LogonAs before Data.Get.AD, see below example.

Category
Data section

Script section
All

Data.Get.AD.Find Container, SearchFilter, IncludeSubContainers, ListOfProperties [,Add]

Container
Full AD path to container to search  

SearchFilter
LDAP search filter as defined in RFC 2254  
 
Examples  
SearchFilter
Description
(cn=*)
All objects.
(objectClass=user)
All user objects.
(objectClass=group)
All group objects.
(&(objectClass=user)(cn=steve))
The user object "steve".
(&(objectClass=user)(!(cn=steve)))
All user objects except "steve".
(&(objectClass=user)(givenName=eve*))
All user objects where first name starts with "eve".
(&(objectClass=user)(sn=*son*))
All user objects where last name contains "son".
(&(objectClass=user)(|(sn=s*)(sn=b*)))
All user objects where last name starts with "s" or "b".
(&(objectClass=user)(email=*))
All users with an email attribute.
(&(objectClass=user)(!(telephonenumber=*)))
All users without a telephone number attribute.
 
 
Notice: The search filter parenthesis cannot be omitted.  

IncludeSubContainers
Options: Yes | No  
·Yes - objects in subcontainers should be included in search  
·No - objects in subcontainers should not be included in search  

ListOfProperties
List of properties and destination columns, Format: ADpropertyName§Column§[ADpropertyName§Column§].  
 
The easiest way to find out correct property names for accounts is probably to use SetupExplorer, see How to display all existing properties for one account.  
 
"Data.Get.AD.Find" also returns these none-standard AD properties -  
·ADpath = full AD path to object (use with AD commands such as AD.Account.SetProperty)  
·Account flags  

Add [Optional parameter]
Options: Add |  
·Add - Add data at the end of the [Data] section instead of replacing the entire [Data] section. This is useful when more than one Data.Get.AD.Find command is used to get data from more than one container.  

Examples
1) Search domain "d31.acme.com" for users with telephone number attribute. Put ADpath of matching objects in [Data] column 1 and telephone number in column 2

[Init_Batch_Begin] 
Data.Get.AD.Find dc=com/dc=acme/dc=d31,(&(objectClass=user)(telephonenumber=*)),Yes,ADpath§1§telephonenumber§2§
[Init_Batch_End]

2) Search "users" container of domain "d31.acme.com" for groups that starts with "dom". Put ADpath of matching objects in [Data] column 1

[Init_Batch_Begin]
Data.Get.AD.Find dc=com/dc=acme/dc=d31/cn=users,(&(objectClass=group)(cn=dom*)),Yes,ADpath§1§
[Init_Batch_End]

3) Search "Internet" OU of domain "d31.acme.com" for users without first name attribute. Put ADpath of matching objects in [Data] column 1

[Init_Batch_Begin]
Data.Get.AD.Find dc=com/dc=acme/dc=d31/ou=Internet,(&(objectClass=user)(!(givenName=*))),Yes,ADpath§1§
[Init_Batch_End]

4) LogonAs example - search a server in a remote and untrusted domain

[Init_Batch_Begin] 
LogonAs \\192.168.2.226, d41\Administrator, password
Data.Get.AD.Find 192.168.2.226/dc=com/dc=acme/dc=d41,(cn=a*),Yes,cn§1§
LogOff \\192.168.2.226   
[Init_Batch_End]

If you try to search a remote server without being logged on to the remote domain you will get the error "An operations error occurred". LogonAs solves this problem.