csvde « Tim Lefler's IT Blog

March 4, 2010

Script to set AD targetAddress property to forward Email during a Transition to new Domain

Filed under: General Development,Information Technology — Tags: active directory, csvde, script, targetAddress — Tim Lefler @ 9:07 am

My company was moving from our in house email system to a completely new infrastructure with a new email domain name and a new Active Directory domain. The plan was to have users configure a new Outlook profile to connect to the new system at a particular time on the migration day. Because we have little control over when the users will actually make the transition, I want to make sure any new emaill that arrived at the old mailbox would get forwarded to the new mailbox. This would help cover the straggler users who keep sending email to users who had already migrated.

So this script does exactly that…. it takes a list of distinguished names in an input file, connects to active directory and sets the Active Directory attribute for “targetAddress”. This will essentially forward the mail to the targetAddress SMTP location.

The input file can be easily generated with a CSVDE command:

C:\csvde -f input.csv -d "dc=domain,dc=com" -r "(ObjectCategory=Person)" -l "DN"
Connecting to "(null)"
Logging in as current user using SSPI
Exporting directory to file input.csv
Searching for entries...
Writing out entries
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
...........................................
Export Completed. Post-processing in progress...
763 entries exported
 
The command has completed successfully

Then you can run this script to read it in and make the changes the the mail enabled active directory objects. (more…)

Comments (1)

February 23, 2010

csvde Command to show disabled accounts

Filed under: Information Technology — Tags: account, accounts, active directory, csvde, disabled, list, status — Tim Lefler @ 4:53 pm

For audit purposes I needed to list all active directory users and prove that ex-employees were either deleted of disabled. There are a couple of techniques to produce the required output. I think the easiest was to make use of the csvde.exe.

Arguements for csvde.exe

CSV Directory Exchange
 
General Parameters
==================
-i              Turn on Import Mode (The default is Export)
-f filename     Input or Output filename
-s servername   The server to bind to (Default to DC of computer's domain)
-v              Turn on Verbose Mode
-c FromDN ToDN  Replace occurences of FromDN to ToDN
-j path         Log File Location
-t port         Port Number (default = 389)
-u              Use Unicode format
-?              Help
 
Export Specific
===============
-d RootDN       The root of the LDAP search (Default to Naming Context)
-r Filter       LDAP search filter (Default to "(objectClass=*)")
-p SearchScope  Search Scope (Base/OneLevel/Subtree)
-l list         List of attributes (comma separated) to look for in an
                LDAP search
-o list         List of attributes (comma separated) to omit from input.
-g              Disable Paged Search.
-m              Enable the SAM logic on export.
-n              Do not export binary values
 
 
Import
======
-k              The import will go on ignoring 'Constraint Violation' and
                'Object Already Exists' errors
 
 
Credentials Establishment
=========================
Note that if no credentials is specified, CSVDE will bind as the currently
logged on user, using SSPI.
 
-a UserDN [Password | *]            Simple authentication
-b UserName Domain [Password | *]   SSPI bind method
 
Example: Simple import of current domain
    csvde -i -f INPUT.CSV
 
Example: Simple export of current domain
    csvde -f OUTPUT.CSV
 
Example: Export of specific domain with credentials
    csvde -m -f OUTPUT.CSV
          -b USERNAME DOMAINNAME *
          -s SERVERNAME
          -d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
          -r "(objectClass=user)"
No log files were written.  In order to generate a log file, please
specify the log file path via the -j option.

So to display whether a user is disabled or not we need to extract the “userAccountControl” property.
(more…)

Comments (0)