Active Directory export for our Learning Management System

July 12, 2013 Reading time: 2 minutes

Getting back to the Active Directory Export to our Learning Management System, after importing the Managers into AD I added the manager field to the export as seen below.

$Date = (Get-Date -format "dd-MM-yyyy")
if ( (Get-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue) -eq $null )
    Add-PsSnapin Quest.ActiveRoles.ADManagement

get-qaduser -SearchRoot 'domain.local/Users' -enabled -dontusedefaultincludedproperties -includedproperties sn,givenName,sAMAccountName,employeeNumber,telephoneNumber,mail,title,manager -SizeLimit 0 | sort-object | select-object sAMAccountName,employeeNumber,givenName,telephoneNumber,title,sn,mail,manager | export-csv -Delimiter ',' -NoTypeInformation -Path \\ServerX\LMS\LMS_export$Date.csv


Slight issue is that the 'manager' field in AD gives the container of the manager's account, LMS vendor can't work with that and wants the sAMAccountName for the manager.   Hmmmm, ok.
After some more poking around for a solution I came up with something that...

  • reads in the users from Active Directory
  • adds a new null value property called 'ManagerSam' for each user
  • looks at each user and if the Manager field is not empty uses the Quest ActiveRoles tool 'get-qaduser' to lookup the sAMAccountName of the manager
  • assigns the sAMAccountName of the manager to our new 'ManagerSam' property
  • then takes all that and selects, sorts and exports to CSV

The following is what the script looks like...

$Date = (Get-Date -format "dd-MM-yyyy")
if ( (Get-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue) -eq $null )
Add-PsSnapin Quest.ActiveRoles.ADManagement
$users = get-qaduser -SearchRoot 'domain.local/Users' -enabled -dontusedefaultincludedproperties -includedproperties sn,givenName,sAMAccountName,employeeNumber,telephoneNumber,mail,title,manager -SizeLimit 0
$users | Add-Member Noteproperty -Name ManagerSam -value $null
foreach ($user in $users){
If ($user.Manager -ne $null){
$user.ManagerSam = (get-qaduser -identity $user.Manager).samaccountname
$users | select-object sAMAccountName,employeeNumber,givenName,telephoneNumber,title,sn,mail,managersam | sort-object sAMAccountName | export-csv -Delimiter ',' -NoTypeInformation -Path \\serverX\LMS\LMS_ad_export$Date.csv

Works like a charm and doesn't take forever to run.  More importantly it gives our LMS vendor what they need to have their software function correctly.  And that’s a fabulous thing!  :)

Cover Image

Audio/Video Conferencing with Openfire

July 11, 2013 Reading time: 3 minutes

We've been using Openfire for departmental instant messaging for some time now, which is described on their site as...

"a cross-platform real-time collaboration server based on the XMPP (Jabber) protocol.".

It's been working quite well for us using their Spark client as well as using the Pidgin client.  My boss saw that there is a video conferencing plugin for Openfire and thought that it could be quite useful for a number of purposes.

The one he was looking at was one that uses WebRTC for the audio/video piece in the browser, though the plug-in is still under development and is only able to utilize Chrome browser.  So I happened upon the Redfire plug-in for Openfire that describes itself as

"Redfire is a plugin for Openfire that embeds the Red5 RTMP server, Cumulus RTMFP server and modified Phono SDK to provide audio/video streaming tools for XMPP application development.".

So the plug-in has a lot going on in the backend to make things happen.  Installation of the plug-in is as simple as unzipping the war file into the Openfire plugins directory of the Openfire server and restarting the service.

After I restarted the Openfire server I was scratching my head for a while over a number of errors that were thrown up in the console, such as "SLF4J: Class path contains multiple SLF4J bindings".

After poking at it for a while I figured out it was actually running even with the errors.

So opening http://our_server:7070/redfire brought up the Redfire testing screen which allowed us to play around a little and confirm things were working as expected.  At the bottom of this page there is a link to download the Spark plug-in to get it to work seamlessly with Spark.  When someone initiates a video conference to a Pidgin client it will display a URL to click on to join the conference, still working on a way to initiate a video conference from Pidgin.

Some of the clients that we rolled this out to had issues with bringing up local audio/video, a quick update of Flash and all was well with the world.

Long story short, Openfire server with the Redfire plug-in makes for a nice little Instant Messaging / Audio / Video Conferencing server.  Oh, did I also mention you can connect it to a VOIP gateway to make external calls.

Importing into Active Directory with Powershell

July 10, 2013 Reading time: 4 minutes

We have a web based learning management system for our employees and have encountered challenges with the system ever since they applied an update.  Long story short, we needed to script for importing into Active Directory the Manager for employees from a CSV file exported from our HR system.
The export from our HR system is in the following format...


For scripting stuff with AD I definitely recommend using Powershell scripts with the Quest ActiveRoles Management Shell for AD add on(Quest Software has been bought by Dell by the way).  I was originally playing around with reading in the CSV export in our nightly batch, pulling in the users from AD, matching up the manager for each and then outputting the data in a CSV.  This was problematic and took forever.  I decided to break things up and have a separate scheduled task that will run weekly to populate the managers field in AD. After poking around on the web for a bit and borrowing and modifying some scripts, with some trial and error I came up with the following...

if ( (Get-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue) -eq $null )
    Add-PsSnapin Quest.ActiveRoles.ADManagement

$users = import-csv c:\util\LMS_Export_test.txt  

foreach ($user in $users){ 
    $eid = $user.employee_number
    $eid = "$($eid.substring($eid.Length-4,4))"
    $mfid = $user.managerfirstname
    $mfshort = "$($mfid.substring($mfid.Length3,3))"
    $msid = $user.managersurname

    $u = Get-QADUser -LdapFilter "(employeeNumber=$eid)"
    $m = Get-QADUser -LdapFilter "(givenName=$mfshort*)(sn=$msid)"

    If (($u -ne $null) -and ($m -ne $null)){
        set-qaduser -identity $u -office $user.department -title $user.job_title -manager $m.dn
Elseif ($u -eq $null){Write-Host "User $eid not found"}
Elseif ($m -eq $null){Write-Host "Manager $mid not found"}

Worked well, I tested it on a subset of the export list and omited the 'set-qaduser' line and added the following above the If (($u ne $null~ line...

   Write-Host "User $eid"
   Write-Host "manager $msid, $mfid and short $mfshort"

Which allowed me to confirm it was working correctly before writing anything to AD.

Now I just need to modify my AD export script to include the manager field.


July 10, 2013 Reading time: ~1 minute

Hi there, and welcome to the first post to my blog.  Being that I'm a Systems Administrator I'll be posting on various bits of technology ranging from Active Directory to PHP to Virtualization to SAN with a whole bunch of randomness added to the mix.  I am quite frequently am having to dig up information for one thing or another to get something done and usually have to piece together bits from here and there to come up with a complete solution.  So, when I do I'll try to document all the bits so that hopefully it will be of use to some folks out there.

Sometimes I just come across some cool technology that I want to share, whether it has to do with Systems Admin or not.
Anyway, sit back relax and enjoy.
Thanks for dropping by,


This is a brief description of yourself or your site, to change this text go to the admin panel, settings, plugins, and configure the plugin "about".