JSI Tip 7708. What user accounts in my domain have no Department configured?

Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, I have scripted NoDepartment.bat to display all the distinguished names of domain users who have no Department configured.

The syntax for using NoDepartment.bat is:

NoDepartment

The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:

NoDepartment>FileName

You can use the output in subsequent commands, as in:

for /f "Tokens=*" %%i in ('NoDepartment') do SomeCommand %%i

NoDepartment.bat contains:

@echo offsetlocalif exist "%TEMP%NoDepartment.TM1" del /q "%TEMP%NoDepartment.TM1"if exist "%TEMP%NoDepartment.TM2" del /q "%TEMP%NoDepartment.TM2"set query=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=*))" -attr distinguishedName department -limit 0for /f "Tokens=*" %%u in ('%query%') do set line=%%u&call :parseif not exist "%TEMP%NoDepartment.TM1" goto donesort "%TEMP%NoDepartment.TM1" /O "%TEMP%NoDepartment.TM2"type "%TEMP%NoDepartment.TM2"del /q "%TEMP%NoDepartment.TM1"del /q "%TEMP%NoDepartment.TM2":doneendlocalexit /b 0:parseif /i "%line:~0,17%" NEQ "distinguishedName" goto detailset /a pos=17:loopset /a pos=%pos% + 1call set work=%%line:~%pos%^,11%%if /i "%work%" NEQ " Department" goto :loopset /a pos=%pos% + 1set /a len=%pos% - 2goto :EOF:detailcall set dpt=%%line:~%pos%%%if "%dpt:~0,11%" NEQ "           " goto :EOFcall set dn="%%line:~0,%len%%%"set dn=%dn:   =%set dn=%dn:  =%set dn=%dn: "="%@echo %dn%>>"%TEMP%NoDepartment.TM1"