none
Query Department field from AD users

    问题

  • I am trying to make a list of all the Department fields that I have populated for users in Active Directory.  How would I go about running a query against all the users in AD to pull the Organization\Department field and export that to a file?  From the File I could delete the duplicates to have a list of all the available Departments.
    2012年6月14日 16:35

答案

  • The LDAP syntax query for all users that have a department in AD would be:

    (&(objectCategory=person)(objectClass=user)(department=*))

    -----

    For example, this can be used with dsquery at the command prompt of a DC:

    dsquery * -Limit 0 -filter "(&(objectCategory=person)(objectClass=user)(department=*))" -Attr sAMAccountName department > UserDepts.txt

    -----

    The above may word wrap, but it is one line. The -Attr parameter specifies the attributes to output. sAMAccountName is the "pre-Windows 2000 logon" name. You could output distinguishedName instead. The same filter could be used with Joe Richards' adfind, or a VBScript or PowerShell script.

    If it helps, I have a VBScript program (and also PowerShell) that prompts for the "base" of a query, the LDAP syntax filter, and a comma delimited list of attribute values to output linked here:

    http://www.rlmueller.net/GenericADO.htm

    Use the optional /csv parameter to output in comma delimited format (instead of the default table format). The output can be redirected to a text (or csv) file. The PowerShell version is also in the script gallery here:

    http://gallery.technet.microsoft.com/Generic-Search-of-Active-0a05b8d0


    Richard Mueller - MVP Directory Services

    • 已标记为答案 Misha Rudiy 2012年6月15日 16:42
    2012年6月14日 18:09

全部回复

  • The LDAP syntax query for all users that have a department in AD would be:

    (&(objectCategory=person)(objectClass=user)(department=*))

    -----

    For example, this can be used with dsquery at the command prompt of a DC:

    dsquery * -Limit 0 -filter "(&(objectCategory=person)(objectClass=user)(department=*))" -Attr sAMAccountName department > UserDepts.txt

    -----

    The above may word wrap, but it is one line. The -Attr parameter specifies the attributes to output. sAMAccountName is the "pre-Windows 2000 logon" name. You could output distinguishedName instead. The same filter could be used with Joe Richards' adfind, or a VBScript or PowerShell script.

    If it helps, I have a VBScript program (and also PowerShell) that prompts for the "base" of a query, the LDAP syntax filter, and a comma delimited list of attribute values to output linked here:

    http://www.rlmueller.net/GenericADO.htm

    Use the optional /csv parameter to output in comma delimited format (instead of the default table format). The output can be redirected to a text (or csv) file. The PowerShell version is also in the script gallery here:

    http://gallery.technet.microsoft.com/Generic-Search-of-Active-0a05b8d0


    Richard Mueller - MVP Directory Services

    • 已标记为答案 Misha Rudiy 2012年6月15日 16:42
    2012年6月14日 18:09
  • why down you use the get-aduser powershell comlet to query for the information you need?
    2012年6月14日 18:55
  • Hi,

    You can do this with Powershell and ActiveDirectory Module.

    Import-Module ActiveDirectory Get-ADUser -Filter * -Properties Department|

    Where{$_.department -ne $null}|Select Department|Sort-Object -Unique|

    Out-File C:\TEMP\Department.txt


    Regards,
    2012年6月14日 19:17
  • Hi,

    import-module act* get-aduser -filter * -property department | select name, department |

    sort-object property -unique

    Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    2012年6月15日 5:40
  • Thanks Richard.  Your method got the job done.  I am also interested in the powershell method but it seemed to just return one result.
    2012年6月15日 22:04