Using ADFind.exe freeware, I have scripted SamCnSid.bat to generate a semi-colon (;) delimited file containing the sAMAccountName, distinguishedName, and objectSid for all the users in the domain you are logged on to.
The syntax for using SamCnSid.bat is:
SamCnSid File
Where File is the file that will contain the output, a line of which might look like:
"Administrator";"CN=Administrator,CN=Users,DC=JSIINC,DC=COM";"S-1-5-21-3174267701-042378314-9870136178-500"
SamCnSid.bat contains:
@echo off
if \{%1\}==\{\} @echo Syntax: SamCnSidCsv CSVFile&goto :EOF
setlocal ENABLEDELAYEDEXPANSION
set csvfile=%1
if exist %csvfile% del /q %csvfile%
for /f "Tokens=*" %%a in ('adfind -default -f "&(objectcategory=person)" sAMAccountName objectSID') do (
set line=%%a
if "!line:~0,3!" EQU "dn:" set dn=!line:~3!
if "!line:~0,12!" EQU ">objectSid: " set sid=!line:~12!
if "!line:~0,17!" EQU ">sAMAccountName: " set sam=!line:~17!&@echo "!sam!";"!dn!";"!sid!">>%csvfile%
)
endlocal
0 comments
Hide comments
