JSI Tip 9415. Three ways to convert a user name (sAMAccountName) to a distinguished name (distinguishedName).


There are normally many ways to accopmlished task. This tip presents 3 scripts to convert a user name (sAMAccountName) to a distinguished name (distinguishedName).

The three methods used are:


DSQuery

DSQuery is an Active Directory command-line tool.

NOTE: See tip 7714 » What attribute names can I use with the user filtered dsquery command?
NOTE: See tip 7992 » How do I know what attribute names to use when performing a 'DSQUERY *'?

I have scripted SAMID2DN.bat to convert a user's sAMAccountName to their distinguishedName.

The syntax for using SAMID2DN.bat is:

call SAMID2DN UserName

Where UserName is the NetBIOS user name, like Jerry. Wild cards are supported, so using J* will return the distinguished name of all users whose UserName starts with J. The output is displayed on the console, but can be redirected to a file, or processed in a FOR command.

SAMID2DN.bat contains:

@echo off
if \{%1\}

\{\} @echo Syntax: SAMID2DN Samid &goto :EOF setlocal ENABLEDELAYEDEXPANSION set user=%1 set user=%user:"=% set qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=%user%))" -attr distinguishedName -L -limit 0 set dn=NONE for /f "Tokens=*" %%u in ('%qry%') do ( set dn=%%u @echo "!dn!" ) endlocal

Back to the top

ADFind

ADFind.exe freeware, I have scripted SAMID2DNadf.bat to convert a user's sAMAccountName to their distinguishedName.

The syntax for using SAMID2DNadf.bat is:

call SAMID2DNadf UserName

Where UserName is the NetBIOS user name, like Jerry. Wild cards are supported, so using J* will return the distinguished name of all users whose UserName starts with J. The output is displayed on the console, but can be redirected to a file, or processed in a FOR command.

SAMID2DNadf.bat contains:

@echo off
if \{%1\}\{\} @echo Syntax: SAMID2DNadf Samid &goto :EOF
setlocal ENABLEDELAYEDEXPANSION
set user=%1
set user=%user:"=%
set qry=adfind -default -f "&(objectcategory=person)(samaccountname=%user%)" -ps 1000 -nodn -noctl
set dn=NONE
for /f "Tokens=*" %%u in ('%qry%^|findstr /b /l /c:">distinguishedName: "') do (
 set dn=%%u
 set dn=!dn:^>distinguishedName: =!
 @echo "!dn!"
)
endlocal
Back to the top

NameTranslate

Richard Mueller describes NameTranslate, the IADsNameTranslate interface, which can be used to convert the names of Active Directory objects from one format to another:

Back to the top



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish