in reply to Win32::OLE ADODB

Essentially, you need to perform a couple of tasks to be able to get and validate the data that you want to.

First, you need to identify the users within the OU that you are checking by using a search string like the one below.

sub ad_search { # To search AD and return a pre-determined value my $search_base = $_[0]; # This is the base for our searches my $filter = $_[1]; # This is the valid LDAP filter that we will b +e applying my $attribute = $_[2]; # This is the attribute that we will be ret +urning my $search_scope = $_[3]; # This is the scope for our search to fo +llow my ($conn, $res, @result, $succ_search); # Variables that we are u +sing as we go $conn = Win32::OLE->new('ADODB.Connection'); # New connection $conn->{Provider} = "ADsDSOObject"; # OLE provider $conn->Open; $res = $conn->Execute($search_base . $filter . $attribute . $searc +h_scope); # This is our search if ($res->EOF) { # If we have found 0 records that match our searc +h $succ_search = 0; # Set our no records found item and return i +t } else { $succ_search = 1; # So our records found item $res->MoveFirst; # Go to the first record while (not $res->EOF) { # Whie we still have records push (@result, $res->Fields(0)->Value); # Push them to our + array $res->MoveNext; # Go to the next one } } return ($succ_search, @result); # Return our success and our array + of results }
Basically, you'll want to apply an LDAP filter of (SamAccountName=*), and your base for the search should be the OU that you're looking in. For example: ou=users,dc=xyz,dc=com. Just make sure that the value that you receive is the objects DN. This will return every user that has been setup in that particular OU.

Next, you need to iterate for each DN that has been returned and push the Display name into another array. You can use a subroutine like this to return the attributes.

sub ad_get_attrib { # For returning Attribute Values.... my $dn = $_[0]; # The object DN my $attrib = $_[1]; # The attribute in question my ($object,$result); $object = Win32::OLE->GetObject("$dn"); if ($object->{$attrib}) { # If this Attribute actually exists.... $result = $object->Get("$attrib"); } return $result; }
Once you have these details, loop once for each DN that has been returned and evaluate it to see if it matches the Regex. If it does, then modify the userPrincipalName with the following code
sub ad_modify { # To change a single value in AD my $dn = $_[0]; # The object DN my $attrib = $_[1]; # The attribute to change my $value = $_[2]; # The attributes new value my ($object); $object = Win32::OLE->GetObject("$dn"); $object->{$attrib} = "$value"; $object->SetInfo; # Don't forget to set the values }
And that should just about do it....
There are a couple of different ways to approach this problem, but I reckont that this would be about the fastest way to do it.