AdFind Batch Script, pass-through output of first call after handling text

Question

Trying to get started with a batch script that calls AdFind: http://www.joeware.net/freetools/tools/adfind/

The purpose of this is for SPLA reporting with preferred output listing user info for any security groups starting with SPLA_.

I have figured out the commands needed for AdFind, but I can not get my preffered output with a single line command.

Here are the commands I'm working with:

Closest command to preffered output, only missing the DN as header:

C:\AdFind>adfind -b "dc=exampleDC,dc=local" -f "CN=SPLA_*" member -list | 
adfind name mail -nodn -csv
"name","mail"
"UserA","[email protected]"
"UserB","[email protected]"
"UserA","[email protected]"

Removing everything after member does not include userinfo from second call:

C:\AdFind>adfind -b "dc=exampleDC,dc=local" -f "CN=SPLA_*" member
dn:CN=SPLA_Microsoft Office Std,OU=Security Groups,OU=MyBusiness,DC=ExampleDC,DC=local
>member: CN=UserA Acct,CN=Users,DC=ExampleDC,DC=local
>member: CN=UserB Acct,CN=Users,DC=ExampleDC,DC=local

dn:CN=SPLA_Remote Desktop Users,OU=Security Groups,OU=MyBusiness,DC=ExampleDC,DC=local
>member: CN=UserA Acct,CN=Users,DC=ExampleDC,DC=local

-list removes the line starting with "dn:" Removing only "-list" from first command breaks on second AdFind call.

C:\AdFind>adfind -b "dc=ExampleDC,dc=local" -f "CN=SPLA_*" member -list

CN=UserA,CN=Users,DC=ExampleDC,DC=local
CN=UserB,CN=Users,DC=ExampleDC,DC=local
CN=UserA,CN=Users,DC=ExampleDC,DC=local

Preferred output has line starting with "dn:" with detailed user info from second call for each profile in that group.

Idea on how it would work:

Run first call: adfind -b "dc=exampleDC,dc=local" -f "CN=SPLA_*" member

Save line with starting with "dn:"

Pass through remaining to AdFind for detailed userinfo: adfind name mail -nodn

Output (Or something close) Would this be better as XML?

dn:CN=SPLA_Microsoft Office Std,OU=Security Groups,OU=MyBusiness,DC=ExampleDC,DC=local
"name","mail"
"UserA","[email protected]"
"UserB","[email protected]"

dn:CN=SPLA_Remote Desktop Users,OU=Security Groups,OU=MyBusiness,DC=ExampleDC,DC=local
"name","mail"
"UserA","[email protected]"

I know that's mixing CSV with standard output. Something like this would work too:

"cn", "name", "mail"
"SPLA_Microsoft Office Std", "UserA", "[email protected]"
"SPLA_Microsoft Office Std", "UserB", "[email protected]"
"CN=SPLA_Remote Desktop Users", "UserA", "[email protected]"

Eventually I would like to put this output in a MySQL database.

I'm looking into the "TYPE" command right now for this, but have no real experience with scripting.

adfind -b "dc=exampleDC,dc=local" -f "CN=SPLA_*" member

have type look for "dn:" and save "CN=SPLA_GROUP" as variable? send adfind user list in form: CN=UserA Acct,CN=Users,DC=ExampleDC,DC=local somehow append "CN=SPLA_GROUP" to user info from second call

EDIT: Sorry for the long post. More info better then less? : ) Grabbed this from: http://somerandomcompany.wordpress.com/category/batch-file/ VERY close, but think something is broken...

@ECHO OFF
SETLOCAL
IF "%1" EQU "" (
ECHO.
ECHO ERROR!
ECHO Parameter required ^
ECHO.
ECHO Usage: SPLA-Export.bat ^
ECHO.
GOTO :EOF
)
REM CHANGE THIS LINE TO MATCH YOUR DOMAIN
SET BASEDN="dc=WindRiverFinancial,dc=local"
SET CMDLINE=ADFIND -b %BASEDN% -f "cn=%1*" -nodn cn
%CMDLINE% >%1-GETGROUPS.txt 2>NUL
IF EXIST %1-GETGROUPS.txt (
FIND /I "0 Objects returned" %1-GETGROUPS.txt
IF ERRORLEVEL 1 (
GOTO START_SEARCH
) ELSE (
ECHO ERROR: Could not query Active Directory for groups with %1*
GOTO END
)
) ELSE (
ECHO ERROR: Could not query Active Directory for groups with %1*
GOTO END
)

:START_SEARCH
FOR /F "usebackq tokens=1*" %%A IN (`type %1-GETGROUPS.txt ^| FIND /I ">cn:"`) DO (
SET GRP_OBJ=%%B
CALL :GET_MEMBERS %%B
)

FOR /F "tokens=1,2 delims=:" %%A in ("%TIME%") DO (
SET MYTIME=%%A:%%B
)
GOTO END

:GET_MEMBERS
SET FLT_QRY_OBJ="msExchDynamicDLFilter:"
SET FLT_DN_OBJ="msExchDynamicDLBaseDN:"

SET FLT_QRY_CMD=ADFIND -b %BASEDN% -f "cn=%GRP_OBJ%"
REM GET QUERY STRING
%FLT_QRY_CMD% > %1-ADINFO.txt 2>NUL

FOR /F "usebackq tokens=1*" %%A IN (`type %1-ADINFO.txt ^| FIND /I %FLT_QRY_OBJ%`) DO (
SET QRY_STR="%%B"
)
REM GET QUERY BASE DN
FOR /F "usebackq tokens=1*" %%A IN (`type %1-ADINFO.txt ^| FIND /I %FLT_DN_OBJ%`) DO (
SET QRY_DN="%%B"
)

ECHO Running the following query:
ECHO ------------------------------------------------
ECHO CN: %GRP_OBJ%
ECHO DN: %QRY_DN%
ECHO QS: %QRY_STR%
ECHO.
IF EXIST "%GRP_OBJ%.csv" (
DEL /Q "%GRP_OBJ%.csv"
)
ECHO Creating export file...
ADFIND -b -csv %QRY_DN% -f %QRY_STR% sn givenName mail title physicalDeliveryOfficeName employeeID -nodn >"%GRP_OBJ%.csv" 2>NUL
ECHO Done.
ECHO.
ECHO.
IF NOT EXIST "%GRP_OBJ%.csv" (
ECHO Could not create "%GRP_OBJ%.csv"
ECHO.
ECHO Press any key to continue or Ctrl-C to quit...
PAUSE >NUL 2>NUL
)
REM PAUSE
GOTO :EOF

:END
DEL /Q %1-GETGROUPS.txt >NUL 2>NUL
DEL /Q %1-BODY.TXT >NUL 2>NUL
DEL /Q %1-ADINFO.txt >NUL 2>NUL

ENDLOCAL

Answer 1

I believe oneliner does not solve this issue, but maybe if you have more rows to spend, this might help:

@echo off
adfind "CN=SPLA_*" distinguishedname -list > d:\lista.txt
for /f "delims=: tokens=1" %%i in (d:\lista.txt) do (
echo dn:%%i
adfind -f "distinguishedname=%%i" member -list | adfind name mail -csv -nocsvheader
)

If adfind can't help you directly, you can be creative with the scripting tools you have available.

if you want to have csv file with following details for example:

"group1 dn";"username1";"mail1"
"group1 dn";"username2";"mail2"
"group2 dn";"username1";"mail1"

then following code might be answer:

@echo off
adfind -f "CN=SPLA_*" distinguishedname -list > d:\lista.txt
for /f "delims=: tokens=1" %%i in (d:\lista.txt) do (
adfind -f "distinguishedname=%%i" member -list | for /f "delims=; tokens=1,2" %%j in ('adfind samaccountname mail -nodn -csv -nocsvheader -csvdelim ";"') do @echo "dn:%%i";%%j;%%k
)

With powershell you would have a bit different possibilities to parse output even if you would use adfind to extract the data from the Active Directory.