locked
active directory user list query RRS feed

  • Question

  • User-867869163 posted

    Hi,

    I just joined a company, contract position,  and I am provided with 5 lists (provided by HR dept.) of user names, first name and last name and employee id.  I am to find out if  each of the user is disabled or enabled from each of the lists in the active directory. Now, my problem is I only have the users first name and last name, the company does not have a consistent format for creating a new user name and over half of the names are either misspelled, already been deleted or have nicknames. So, the only unique attribute I got are names, since employee ids are not always a match and are reused for other employees in the Active directory.

    The only way I came up with to match the names was export the list of all disabled users into csv excel file, from there do a match function and if both names match (less than 20 percent of them) then I had a fit, after that I had to eyeball all the other names and manually search AD to see if they existed or were disabled, or were using nicknames instead of the names from HR dept lists.

    Is there another way to do this, can I just pipe the names in from the excel to a command and then export the results?

    Also they provided another list of names, for this one I am to get the profile location.  this one has most of the employee ids that weren't reused, so I want to use the employee id to pull the profile locations,  the employee id is in an excel file.  Is there anyway to use csvde or ldifde, or ds commands to do this?   I do not want to export the information to excel and do the match the information there, but instead want to do it using the active directory commands. 

    Thursday, August 28, 2008 7:30 PM

All replies

  • User1095185381 posted

    Have you considered exporting the details to SQL Server and using an SSIS Fuzzy Lookup Transformation?  I guess it depends on how many users you have to match and such.  I played with it but in the end abandoned it because I didn't have enough to justify the effort.  It was suggested to me after I'd tried something similar.  I ended up adding a program to the logon script to collect employeeIDs from the users and inserted it into AD.  I was more interested in live accounts than dead ones.  You can use last-logon-timestamp to help eliminate dead accounts: http://msdn.microsoft.com/en-us/library/ms676824(VS.85).aspx

    Friday, August 29, 2008 1:56 PM
  • User-31526489 posted

    Hi,

    Here is the link fallow the steps .

    http://blog.waleedmohamed.net/2009/12/create-active-directory-service-using.html

    Hope it helps you.

     

    Best Regards

     

    life is name of learning!
    Mark as an answer if it helps
    Thursday, February 11, 2010 5:48 AM