Finding Duplicate Names in Active Directory17 August 2006 · Filed in Education
To use this procedure, you’ll need access to the Directory Service command line tools (these come installed automatically with Windows Server 2003) and Microsoft Log Parser. With these two tools in hand, let’s proceed.
First, we’ll need to obtain a list of all the CNs in Active Directory for every user and/or every contact, regardless of their container. It may be possible to do this with Log Parser (using the ADS input format), but I couldn’t figure out how. Instead, I turned to the Directory Service command line tool
dsquery. Here’s the command to use:
This creates a file (
output-file.txt) with a list of the CNs for every user object and contact in your Active Directory domain (obviously, you’ll need to substitute the correct values in the query statement above—unless your domain is called example.com).
Using this file, then we use Log Parser to list only those CNs that occur more than once in this file. This will identify those objects that have the same name in the domain:
This produces a text file that lists each CN which is found more than once in the input file, along with a count of how many times it was found. Use this file to go to Active Directory Users and Computers, find the duplicate objects, and rename them as needed. You can then repeat the process until you don’t find any more duplicate names.
While this may seem like overkill for smaller Active Directory installations, this is certainly very applicable in larger organizations, particularly those with decentralized IT operations. Think about it—would you want to manually search through 15,000 objects to find the duplicates?Tags: ActiveDirectory · Microsoft Previous Post: Reminders of Why I Like the Mac Next Post: More on Kerberos Authentication Against Active Directory