About LDAP:
LDAP stands for Lightweight Directory Access Protocol. It is usually used to fetch (and sometimes update) data in a directory of people.
Using Net::LDAP module in Perl can provide a way to interact with this database.
Perl script to get this:
#! /usr/bin/perl
# Owner: Rebecca
# Creation date: 2014-12-29
# Usage:
# ./script.pl > yourfile.scv
use strict;
use Win32;
use Win32::OLE;
use Net::LDAP;
use warnings;
sub getmembersingroup
{
(my $subldap, my $groupname) = @_;
#************************************Get distinguished name by using group name*****************************************
my $mesg = $subldap->search(
base => "dc=global,dc=ds,dc=company,dc=com",
filter => "(&(CN=".$groupname."))",
);
if($mesg->code)
{
print $mesg->error, "\n";
exit;
}
my @entries = $mesg->entries;
my $distinguishedName;
foreach my $entry(@entries)
{
$distinguishedName = $entry->get_value("distinguishedName");
}
#**********************Get members by using the newly got distinguished Name*********************************************
$mesg = $subldap->search(
base => $distinguishedName,
scope => "sub",
filter => "(&(objectClass=*))",
);
@entries = $mesg->entries;
my $entry;
foreach $entry(@entries)
{
my @member = $entry->get_value("member");
foreach (@member)
{
my $line = $_;
my $para = $line;
my $string_dl = "OU=Distribution Lists";
$line =~ /DC=(.*?),/;
my $str_domain = $1;
if (!/$string_dl/)
{
#--------------get the account name and domain name---------------------
my $str_obj = Win32::OLE->GetObject("LDAP://".$para) or die "[email protected]";
my $status_able = "disabled";
if ($str_obj->{accountdisabled} eq 0)
{
$status_able = "enabled";
}
$str_obj->{displayName} =~ s/\,//g; # remove the , in the name
print "$str_obj->{displayName},$str_obj->{sAMAccountName},$str_domain,$status_able \n" ;
}
else
{
#it is a DL need to get the members inside
$line = ~/CN=(.*?),/;
my $sub_group_name = $1;
&getmembersingroup($subldap,$sub_group_name);
}
}
}
}
my $ldap = Net::LDAP->new(‘global.ds.company.com‘) or die "[email protected]";
my $mesg = $ldap->bind(‘[email protected]‘,password =>"youraccountpassword");
if($mesg->code)
{
print $mesg->error, "\n";
}
&getmembersingroup($ldap, "GroupName");