ADFind Oneliners

I’m very fond of the powerful AdFind command line utility from joeware.net. Here’s a little list I’m keeping for my own reference:

Find the user behind a GUID:

adfind -binenc -gc -s subtree -b dc=test,dc=com -f "objectGUID={{GUID:????????-????-????-????-????????????}}" displayName

Likewise, you can use the same tool to find the e-mail address of a certain user:

adfind -gc -b dc=???,dc=??? -nodn -nolabel -f "sAMAccountName=??????" mail

The command above is actually part of script, so I used the “-nodn” and “-nolabel” parameters to have the tool only return the e-mail address. You obviously need to replace the question marks with something meaningful in the examples above.

List all distribution groups:

adfind -csv -nodn -f "(&(objectcategory=group)(mail=*))" displayname

List all contacts:

adfind -csv -nodn -f "(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=contact)) ))))" displayname

List all mailbox-enabled users:

adfind -csv -nodn -f "(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) ))))" displayname

Run a query against another domain:

adfind -h %servername% -u %domain%\%username% -up %password% -csv -nodn -f "displayname=John Doe" displayname

List all the members of a DL (and optionally use the resulting dn to retrieve some more readable information):

adfind -list -f "DisplayName=%displayname%" member
adfind -list -f "DisplayName=%displayname%" member | adfind -csv -nodn mailnickname displayname mail

Report on the usage of Extension Attributes:

adfind -csv -nodn -f "(|(ExtensionAttribute1=*)(ExtensionAttribute2=*)(ExtensionAttribute3=*)(ExtensionAttribute4=*)(ExtensionAttribute5=*)(ExtensionAttribute6=*)(ExtensionAttribute7=*)(ExtensionAttribute8=*)(ExtensionAttribute9=*)(ExtensionAttribute10=*)(ExtensionAttribute11=*)(ExtensionAttribute12=*)(ExtensionAttribute13=*)(ExtensionAttribute14=*)(ExtensionAttribute15=*))" displayname ExtensionAttribute1 ExtensionAttribute2 ExtensionAttribute3 ExtensionAttribute4 ExtensionAttribute5 ExtensionAttribute6 ExtensionAttribute7 ExtensionAttribute8 ExtensionAttribute9 ExtensionAttribute10 ExtensionAttribute11 ExtensionAttribute12 ExtensionAttribute13 ExtensionAttribute14 ExtensionAttribute15

Count the number of mailboxes on an exchange server:

adfind -c -f "msExchHomeServerName=/o=EMS/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=%servername%"

Imagine you’re working as a consultant/contractor for a large organisation and you want to know the end date of you contract:

adfind -tdcs -f "samaccountname=%UserName%" accountExpires

The “tdcs” parameter converts the time in a human readable format.

Somebody called you on your mobile phone and you want to know who:

adfind -list -f "telephoneNumber=*%extension%" displayname

More info

• msexchange.org
• theessentialexchange.com
• petri.co.il
• petri.co.il