PERL and Active DIrectory

Discussion in 'Perl Misc' started by gaz_5_m@yahoo.co.uk, Jun 28, 2007.

  1. Guest

    Hi folks,

    I was just wondering if anyone was using PERL to any great effect to
    query Active DIrectory.

    I'm in the middle of a fairly large project at work that requires
    getting (constantly changing) info from AD. I was doing the same
    things on a daily basis so thought it best to try and script it.

    Is there any way to directly interrogate AD from within PERL. At the
    moment, the only way I have been able to figure out is to use the
    Windows Admin Pak to call:

    open query, "dsquery group -name "x" | dsget group -members |";

    from within the script and then use the piped output of the open
    command to strip out the data that I want.

    It works OK, just takes a hell of a long time!

    The other issue I get is the default return size that is set in our AD
    environment, 1000, so groups with any larger than 1000 users return
    nothing.

    I know you can get round this with VB, but PERL is my language of
    choice! :)

    Anyone with any tips?
    , Jun 28, 2007
    #1
    1. Advertising

  2. Guest

    wrote in message-id: <>

    >
    > Hi folks,
    >
    > I was just wondering if anyone was using PERL to any great effect to
    > query Active DIrectory.
    >
    > I'm in the middle of a fairly large project at work that requires
    > getting (constantly changing) info from AD. I was doing the same
    > things on a daily basis so thought it best to try and script it.
    >
    > Is there any way to directly interrogate AD from within PERL. At the
    > moment, the only way I have been able to figure out is to use the
    > Windows Admin Pak to call:
    >
    > open query, "dsquery group -name "x" | dsget group -members |";
    >
    > from within the script and then use the piped output of the open
    > command to strip out the data that I want.
    >
    > It works OK, just takes a hell of a long time!
    >
    > The other issue I get is the default return size that is set in our AD
    > environment, 1000, so groups with any larger than 1000 users return
    > nothing.
    >
    > I know you can get round this with VB, but PERL is my language of
    > choice! :)
    >
    > Anyone with any tips?


    Yeah you probably want to use Net::LDAP
    it is part of the perl-ldap package
    btw this will work with all major directory services
    Netscape, AD, NDS, and Solaris Directory
    , Jun 28, 2007
    #2
    1. Advertising

  3. Guest

    On Jun 28, 3:41 pm, wrote:
    > wrote in message-id: <>
    >
    > > Hi folks,

    >
    > > I was just wondering if anyone was using PERL to any great effect to
    > > query Active DIrectory.

    >
    > > I'm in the middle of a fairly large project at work that requires
    > > getting (constantly changing) info from AD. I was doing the same
    > > things on a daily basis so thought it best to try and script it.

    >
    > > Is there any way to directly interrogate AD from within PERL. At the
    > > moment, the only way I have been able to figure out is to use the
    > > Windows Admin Pak to call:

    >
    > > open query, "dsquery group -name "x" | dsget group -members |";

    >
    > > from within the script and then use the piped output of the open
    > > command to strip out the data that I want.

    >
    > > It works OK, just takes a hell of a long time!

    >
    > > The other issue I get is the default return size that is set in our AD
    > > environment, 1000, so groups with any larger than 1000 users return
    > > nothing.

    >
    > > I know you can get round this with VB, but PERL is my language of
    > > choice! :)

    >
    > > Anyone with any tips?

    >
    > Yeah you probably want to use Net::LDAP
    > it is part of the perl-ldap package
    > btw this will work with all major directory services
    > Netscape, AD, NDS, and Solaris Directory


    Thanks for that. I've been having a look at the LDAP library in PERL
    but I'm not as proficient in OO coding as I used to be :) so it might
    take a little time.

    One of the reasons I'm looking to change is the speed issues piping
    things out to dsget and dsquery. Does using LDAP prove quite speedy
    (especially for large queries)?
    , Jul 2, 2007
    #3
  4. Guest

    wrote in message-id: <>

    >
    > On Jun 28, 3:41 pm, wrote:
    > > wrote in message-id: <>
    > >
    > > > Hi folks,

    > >
    > > > I was just wondering if anyone was using PERL to any great effect to
    > > > query Active DIrectory.

    > >
    > > > I'm in the middle of a fairly large project at work that requires
    > > > getting (constantly changing) info from AD. I was doing the same
    > > > things on a daily basis so thought it best to try and script it.

    > >
    > > > Is there any way to directly interrogate AD from within PERL. At the
    > > > moment, the only way I have been able to figure out is to use the
    > > > Windows Admin Pak to call:

    > >
    > > > open query, "dsquery group -name "x" | dsget group -members |";

    > >
    > > > from within the script and then use the piped output of the open
    > > > command to strip out the data that I want.

    > >
    > > > It works OK, just takes a hell of a long time!

    > >
    > > > The other issue I get is the default return size that is set in our AD
    > > > environment, 1000, so groups with any larger than 1000 users return
    > > > nothing.

    > >
    > > > I know you can get round this with VB, but PERL is my language of
    > > > choice! :)

    > >
    > > > Anyone with any tips?

    > >
    > > Yeah you probably want to use Net::LDAP
    > > it is part of the perl-ldap package
    > > btw this will work with all major directory services
    > > Netscape, AD, NDS, and Solaris Directory

    >
    > Thanks for that. I've been having a look at the LDAP library in PERL
    > but I'm not as proficient in OO coding as I used to be :) so it might
    > take a little time.
    >
    > One of the reasons I'm looking to change is the speed issues piping
    > things out to dsget and dsquery. Does using LDAP prove quite speedy
    > (especially for large queries)?


    Speed will largely be determined by things like the network and the
    server.. that said it would likely be quickest to query the nearest DC.
    , Jul 3, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ejcosta
    Replies:
    2
    Views:
    855
    Eurico Costa
    Oct 8, 2004
  2. carlos seramos
    Replies:
    2
    Views:
    464
    carlos seramos
    Aug 1, 2003
  3. perl with Active Directory

    , Nov 2, 2005, in forum: Perl Misc
    Replies:
    0
    Views:
    94
  4. PGPS
    Replies:
    10
    Views:
    627
  5. Replies:
    5
    Views:
    347
    Mart van de Wege
    Dec 14, 2008
Loading...

Share This Page