Description:

A solution is the following windows command script. this is a sample for ads endpoint type. this can be changed to other endpoint types. This has been tested on windows 2008 r2 sp1 64-bit with im provisioning server r12.6.0

Solution:

Beginning of the windows command script.

In this part, the settings are customizable, depending on your own values.

@ECHO OFF
SET ETAHOME="C:\Program Files (x86)\CA\Identity Manager\Provisioning Server"
:: Host name of Provisioning server:
SET HOST=imr126ads
:: Provisioning Domain Name:
SET DOMAIN=im
:: Provisioning Server administrator:
SET USERDN="eTGlobalUserName=superadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=%DOMAIN%,dc=eta"
:: Provisioning Server administrator password:
SET PASSWD=secret

The following ldap search request retrieves the global users with their id attribute.
The resulting list is stored into the temp0.ldi file.

SET BASEDN="eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=%DOMAIN%,dc=eta"
SET FILTER="(eTGlobalUserName=*)"
:: Attributes you want to extract
SET ATTRIB=eTID
%ETAHOME%\bin\ldapsearch -LLL -h %HOST% -p 20389 -D %USERDN% -w %PASSWD% -b %BASEDN% -s one %FILTER% %ATTRIB% >Temp0.ldi

The following program concatenates splitted lines (fixed length line format) to one line per attribute.
The c program source code is shown in appendix. Input file: temp0.ldi output file: temp1.ldi

ConvertLdifToLong.exe Temp0.ldi Temp1.ldi

The following sequence calls in a loop the ldapsearch sub-routine passing the etid of each global user. At the end of the process all temporary files are deleted.

:: Loop reading Temp1.ldi file
FOR /F "tokens=1,2 delims= " %%A IN (Temp1.ldi) DO IF "%%A"=="eTID:" CALL :LdapSearch %%B
:: delete temporary files
del Temp*.ldi
GOTO:EOF

This following sub-routine reads the user/ads accounts inclusions. You can change etadsaccount value to another endpoint type account class name.

:LdapSearch
SET BASEDN="eTSubordinateClass=eTADSAccount,eTSuperiorClass=eTGlobalUser,eTInclusionContainerName=Inclusions,eTNamespaceName=CommonObjects,dc=%DOMAIN%,dc=eta"
:: Attributes you want to extract
SET ATTRIB=eTSuperiorClassEntry eTSubordinateClassEntry
SET FILTER="(&(objectClass=eTInclusionObject)(eTRelationship=USERACCOUNT)(eTPID=%1))"
%ETAHOME%\bin\ldapsearch -LLL -h %HOST% -p 20389 -D %USERDN% -w %PASSWD% -b %BASEDN% -s one %FILTER% %ATTRIB% >Temp2.ldi
ConvertLdifToLong.exe Temp2.ldi Temp3.ldi

FOR /F "tokens=1-4 delims==:," %%A IN (Temp3.ldi) DO IF "%%A"=="eTSuperiorClassEntry" SET GU=%%C
FINDSTR "eTSubordinateClassEntry:" Temp3.ldi >NUL
IF %ERRORLEVEL% NEQ 0 GOTO:EOF
ECHO -----------
ECHO Global User=%GU%
FOR /F "tokens=1-2 delims=:" %%A IN (Temp3.ldi) DO IF "%%A"=="eTSubordinateClassEntry" echo %%B
 
SAMPLE OF RESULTING REPORT.
-----------
Global User=administrator
 eTADSAccountName=Administrator,eTADSContainerName=Users,eTADSDirectoryName=imr126ads,...
-----------
Global User=guiph01
 eTADSAccountName=philippe guihard,eTADSOrgUnitName=ForProvisioning,eTADSDirectoryName=imr126ads,....
-----------
Global User=[default user]
 eTADSAccountName=Guest,eTADSContainerName=Users,eTADSDirectoryName=imr126ads,...
 eTADSAccountName=krbtgt,eTADSContainerName=Users,eTADSDirectoryName=imr126ads,...
 eTADSAccountName=jean paul gaultier,eTADSOrgUnitName=ForProvisioning,eTADSDirectoryName=imr126ads,...
 
 
APPENDIX: CONVERTLDIFTOLONG.CPP
 
#include "stdafx.h"
int main(int argc, char * argv[])
{
 FILE *Infp, *Outfp;
 char InChar;
 bool Eol=false;
 if (argc != 3) {printf ("Usage: ConvertLdifToLong InPutFileName OutPutFileName\n");return 1;}
 if (fopen_s(&Infp, argv[1], "r")) {printf ("Could not open input file %s\n", argv[1]);return 1;}
 if (fopen_s(&Outfp, argv[2], "w")) {printf ("Could not open output file %s\n", argv[2]);return 1;}
 while ((InChar=fgetc(Infp))!= EOF)
 {
 if (InChar=='\n'){Eol=true;continue;}
 else if (Eol) {Eol=false;if (InChar==' ')continue;else fputc('\n', Outfp);}
 fputc(InChar, Outfp);
 }
 _fcloseall( );return 0;
}