List Microsoft AD users with perl on Linux (active and inactive users)

rodrigo.pace.barros has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks! Need your help again. This time i´m developing a simple Perl script that queries my MS AD database in order to show me all my users and their related information. My problem is to find who, in the result query, is active or inactive. Below follows a snapshot of my code, with the LDAPSEARCH (Linux) instruction:

my $LDAPSEARCH="/usr/bin/ldapsearch";
my $IP_SERVIDOR_AD="xxx.xxx.xxx.xxx";
my $USER="ad_user\@mydomain.com";
my $PASS="password";
my $AD_QUERY="OU=Users,OU=CISTS,DC=mydomain,DC=com";
my $AD_PORT="389";
my $OPTIONS="-x -LLL -h $IP_SERVIDOR_AD -D $USER -w $PASS -b\"OU=Users
+,OU=CISTS,DC=mydomain,DC=com\" -s sub \"(objectClass=user)\" -p $AD_P
+ORT";
[download]

The output is a quite complicated and i can´t find which user is active and witch is not. Can you help me with your knowledge? Or a simple way to do this? Thanks all!!! Monks rules.. Rodrigo

Comment on List Microsoft AD users with perl on Linux (active and inactive users) Download Code

Replies are listed 'Best First'.
Re: List Microsoft AD users with perl on Linux (active and inactive users) by viveksnv (Sexton) on Feb 23, 2011 at 13:11 UTC
Net::LDAP may help you. Here some modules listed which are related with LDAP.	[reply]
Re: List Microsoft AD users with perl on Linux (active and inactive users) by Sinistral (Monsignor) on Feb 23, 2011 at 15:16 UTC
As viveksnv so helpfully points out, the LDAP interfaces in Perl are many and varied, with Net::LDAP leading the pack. However, it sounds like you are wanting more fundamental information, namely, "how do I query Active Directory using LDAP (and you're using ldapsearch command, not a Perl API)". That information seems to be carefully explained in an article in the "Hey, Scripting Guy!" blog on TechNet. Although that example uses Windows command line scripting (which if you're actually working with Active Directory you should be doing anyway, using the Microsoft tools that make such things easier than raw LDAP), it's easy enough to figure out the filters and proper values to query for. I also found an article describing how to use dsquery to do the same thing. If you're working with a newer A/D installation, you should check out Active Directory Administration using PowerShell from the folks at Microsoft. After all, they did create the system. Update: Read your request too quickly, now see the very important from Linux in your post. Sorry about that. You can still use the Scripting Guy information to help you, though.	[reply]