Using ADFind.exe freeware, I have scripted SamCnSid.bat to generate a semi-colon (;) delimited file containing the sAMAccountName, distinguishedName, and objectSid for all the users in the domain you are logged on to.
The syntax for using SamCnSid.bat is:
SamCnSid File
Where File is the file that will contain the output, a line of which might look like:
"Administrator";"CN=Administrator,CN=Users,DC=JSIINC,DC=COM";"S-1-5-21-3174267701-042378314-9870136178-500"
SamCnSid.bat contains:
@echo off if \{%1\}==\{\} @echo Syntax: SamCnSidCsv CSVFile&goto :EOF setlocal ENABLEDELAYEDEXPANSION set csvfile=%1 if exist %csvfile% del /q %csvfile% for /f "Tokens=*" %%a in ('adfind -default -f "&(objectcategory=person)" sAMAccountName objectSID') do ( set line=%%a if "!line:~0,3!" EQU "dn:" set dn=!line:~3! if "!line:~0,12!" EQU ">objectSid: " set sid=!line:~12! if "!line:~0,17!" EQU ">sAMAccountName: " set sam=!line:~17!&@echo "!sam!";"!dn!";"!sid!">>%csvfile% ) endlocal
0 comments
Hide comments