LDIFDE is an oldie-but-goodie tool for finding specific information in Active Directory. If you know the name of the attribute that contains the data you’re looking for, you can construct a pretty powerful query.
For example, you can search for all computers in the Active Directory domain mydomain.com:
ldifde -f output.txt -r “(objectClass=computer)” -d “dc=mydomain,dc=com”
You can filter it down to all workstation-class computers (running Windows XP), as well:
ldifde -f output.txt -r “(&(objectClass=computer)(operatingSystem=Windows XP))” -d dc=mydomain,dc=com
Or even all workstations running Windows XP and Vista:
ldifde -f output.txt -r “(&(objectClass=computer)((operatingSystem=Windows XP)(operatingSystem=Windows Vista)))” -d dc=mydomain,dc=com
And workstations running Windows 2000, XP, and Vista:
ldifde -f output.txt -r “(&(objectClass=computer)(((operatingSystem=Windows XP*)(operatingSystem=Windows 2000 Pro*)(operatingSystem=Windows Vista))))” -l “cn,operatingSystem” -d dc=mydomain,dc=com
“But Aaron,” you ask, “LDIFDE returns a lot of fields I don’t need. How can I control the output?” Glad you asked.
You can use the -l switch to do just that:
ldifde -f output.txt -r “(&(objectClass=computer)(operatingSystem=Windows Server*))” -d dc=mydomain,dc=com -l “cn,operatingSystem”
Will return an output like this:
dn: CN=SERVERA,OU=Servers,DC=mydomain,DC=com
changetype: add
cn: SERVERA
operatingSystem: Windows Server 2003
You can swap out LDIFDE for the tool CSVDE to generate the output in a CSV format.