Hi Scripting Guy!!!

I need to pull down all the available attributes in my company's AD environment.  I would like to know how many times the attribute was used (populated with data) across all domains within the forest.  Then export the total list of AD attributes with the totals to excel.

Thanks!

Please read the following:

• Posting guidelines
• Handy tips for posting to this forum
• How to ask questions in a technical forum
• Rubber duck problem solving
• How to write a bad forum post
• Help Vampires: A Spotter's Guide

 

You can request a script here, but keep in mind that there is no guarantee that someone will take on this project and write all of the code for you for free.

Hi Scripting Guy!!!

I need to pull down all the available attributes in my company's AD environment.  I would like to know how many times the attribute was used (populated with data) across all domains within the forest.  Then export the total list of AD attributes with the totals to excel.

Thanks!

Cannot be easily done.  You will need to hire a consultant to work with you on this.  It may be labor and time intensive since most attributes are not exposed without explicitly requesting them by name. YOu cannot know the names without reading the current schema and you need to account for misising attributes when the script errs otr you need to probe each object fro all of its extra attributes.

In all cases it is not a trivial script.

You can read the attribute names in the Schema container. You probably want the lDAPDisplayNames rather than the common names. Then for each attribute you would query for all objects in the domain that have values assigned to the attribute. This would take a lot of processing. There are over 1300 attributes, and some mandatory for all objects (like distinguishedName and objectGUID). And, if you query the domain for objects that have values assigned, this will not include any objects in the Schema, Configuration, or any application partitions.

To retrieve lDAPDisplayNames of all attributes in the schema:

dsquery * "cn=Schema,cn=Configuration,dc=MyDomain,dc=com" -Filter "(objectClass=attributeSchema)" -Attr lDAPDisplayName -Limit 0 > Attributes.txt

To check how many objects have values for any given attribute (for example "displayName"):

dsquery * -Filter "(displayName=*)" -Limit 0 | find /c ",dc="

but this will only include objects in the domain partition.

This PowerShell V2 script retrieves the lDAPDisplayNames of all attributes in the schema, then determines how many objects in the domain have a value for each. I added the filter clause involving systemFlags to skip operational attributes, like canonicalName. Filters with these attributes raise an error. Their value is constructed from other attributes, so they are not actually saved in AD. Be patient, as this script will take several minutes at least.

# Retrieve lDAPDisplayName of all attributes in the Schema container, except operational attributes.
$Attrs = Get-ADObject -SearchBase "cn=Schema,cn=Configuration,dc=Hilltop,dc=rlmueller,dc=net" -LDAPFilter "(&(objectClass=attributeSchema)(!systemFlags:1.2.840.113556.1.4.803:=4))" -Properties lDAPDisplayName

# Specify output file name, for csv file that can be read into a spreadsheet.
$File = "Attributes.csv"

ForEach ($Attr In $Attrs)
{
    $Name = $($Attr.lDAPDisplayName)
    $Filter = "($Name=*)"
    # Count the number of objects in the domain where the attribute has a value.
    $Count =(Get-ADObject -LDAPFilter $Filter).Count
    If (-Not $Count){$Count = 0}
    Add-Content -Path $File -Value "$Name,$Count"
}

The resulting comma delimited file can be read into a spreadsheet.