Usage: admodcmd [-dn BaseDN] [-p pagesize] [-s] [-server servername] [-f LDAPFilter] [modification]



Similar documents
Quick Introduction System Requirements Main features Getting Started Connecting to Active Directory... 4

Step-by-Step Guide to Active Directory Bulk Import and Export

Active Directory Manager Pro New Features

Scan Features Minimum Requirements Guide WorkCentre M123/M128 WorkCentre Pro 123/ P42081

HELP DOCUMENTATION UMRA REFERENCE GUIDE

Adeptia Suite LDAP Integration Guide

IceWarp to IceWarp Server Migration

Active Directory LDAP Quota and Admin account authentication and management

Using LDAP Authentication in a PowerCenter Domain

Using Avaya Aura Messaging

Before starting to use the new system you will need to know the password to your e-wire account.

Active Directory 2008 Implementation. Version 6.410

LDAP Directory Integration with Cisco Unity Connection

Erado Archiving & Setup Instruction Microsoft Exchange 2007 Push Journaling

Integrating LANGuardian with Active Directory

Deploying ModusGate with Exchange Server. (Version 4.0+)

Configuring Outlook for IMAP. Creating a New IMAP Account. Modify an Existing Account

Admin Report Kit for Active Directory

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

How-to: Single Sign-On

Windows Server 2008/2012 Server Hardening

Using MailStore to Archive MDaemon

SMART Directory Sync Known Limitations

Domains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.

Parallels Plesk Control Panel. Plesk 8.3 for Windows Advanced Administration Guide. Revision 1.0

Preface. DirXmetahub Document Set

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Step-by-Step Configuration

TECHNICAL REFERENCE GUIDE

JiJi Active Directory Reports JiJi Active Directory Reports User Manual

FOREFRONT IDENTITY MANAGEMENT

Address Synchronization Tool Administrator Guide

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Click Studios. Passwordstate. Installation Instructions

ManageEngine Exchange Reporter Plus :: Help Documentation WELCOME TO EXCHANGE REPORTER PLUS... 4 GETTING STARTED... 7 DASHBOARD VIEW...

Cisco WebEx Mail Administrator's Guide

Web. Security Options Comparison

Integrated Migration Tool

Z-Hire V4 Administration Guide

Creating a User Profile for Outlook 2013

IsItUp Quick Start Manual

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7

Skyward LDAP Launch Kit Table of Contents

Administrator s Guide

Toll Free: International:

versasrs HelpDesk quality of service

Windows XP Exchange Client Installation Instructions

Follow these steps to configure Outlook Express to access your Staffmail account:

FTP Service Reference

RoomWizard Synchronization Software Manual Installation Instructions

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

ChangeAuditor 5.8 For Active Directory

Click Studios. Passwordstate. Installation Instructions

Active Directory Commands ( )

For details for obtaining this later version; see the Known issues & Limitations, section at the end of this document.

F-Secure Messaging Security Gateway. Deployment Guide

Instructions: Configuring Outlook 2003 with Exchange 2010 on the FIUMail

StreamServe Persuasion SP4 Connectors

IPedge Feature Desc. 5/25/12

User-ID Best Practices

Zen Internet. Online Data Backup. Zen Vault Professional Plug-ins. Issue:

Managing Users and Identity Stores

Install and Configure Oracle Outlook Connector

Manual Password Depot Server 8

Active Directory Adapter with 64-bit Support User Guide

Installing GFI MailEssentials

Configuration Guide BES12. Version 12.3

FTP Service Reference

NetWrix Server Configuration Monitor

Apple Mail Outlook Web Access (OWA) Logging In Changing Passwords Mobile Devices Blackberry...

BlackShield ID. QUICKStart Guide. Integrating Active Directory Lightweight Services

Configuration Guide BES12. Version 12.2

Exchange Server 2003 Management Pack Guide for Operations Manager 2007

How To Search For An Active Directory On Goprint Ggprint Goprint.Org (Geoprint) (Georgos4) (Goprint) And Gopprint.Org Gop Print.Org

Configuring Your Client: Outlook Express

How To Use Gfi Mailarchiver On A Pc Or Macbook With Gfi From A Windows 7.5 (Windows 7) On A Microsoft Mail Server On A Gfi Server On An Ipod Or Gfi.Org (

Resources You can find more resources for Sync & Save at our support site:

and Active Directory Adding, Changing and Deleting Accounts, Compiling Addresses for Mail Lists

Installation Guide For Choic Enterprise Edition

Mail Attender Version

Help for System Administrators

CISNTWK-492e. Microsoft Exchange Server 2003 Administration. Chapter Five Managing Addresses

PCRecruiter Resume Inhaler

User Management Resource Administrator. UMRA tables. User Guide

CA Performance Center

NetVanta Unified Communications. NetVanta Unified Communications Server. Configuration Guide

Outlook 2010 and 2013

1 JiJi AD Bulk Manager User Manual. JiJi AD Bulk Manager - User Manual

INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE

TECHNICAL REFERENCE GUIDE

Troubleshooting IMAP Clients and ViewMail for Outlook in Cisco Unity Connection 8.x

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

SchoolBooking LDAP Integration Guide

Quality Center LDAP Guide

Installation Guide For Exchange Reporter Plus

Configuration Guide BES12. Version 12.1

Fasthosts Internet Parallels Plesk 10 Manual

ChangeAuditor 5.5. For Active Directory Event Reference Guide

Transcription:

Active Directory Bulk Modify Tool Command Line Version 2.1 ADModCmd runs an LDAP query against the specified AD container. The modifications are then performed against the results of the query. Usage: admodcmd [-dn BaseDN] [-p pagesize] [-s] [-server servername] [-f LDAPFilter] [modification] Required -dn BaseDN Modification Base DN to begin the LDAP query. Modification to perform. See below for details. Optional -p pagesize LDAP Page size to use for query. -s Denotes a subtree search. (If -s is not specified, search defaults to onelevel). -server servername Denotes the server to make the changes to (If -server is not specified, changes are made locally if on a DC. If on a member, DNS is used to find a DC). -f LDAPFilter A Valid LDAP filter to use when enumerating objects (If -f is not specified, (objectclass=user) is the default filter). Modification Switches NOTE: Using the word "null" (without quotes) as an attribute value will clear the attribute. Terminal Server Attributes Windows 2003 or later is required to modify Terminal Server attributes. -tsprofilepath [ProfilePath] -tshomefolderpath [FolderPath] Sets the users Terminal Server Profile path to the specified value. Sets the users Terminal Server folder path to the specified value. -tsnetworkfolderpath [drive] [FolderPath] Sets the users Terminal Server home folder path to a network share. drive should be the drive that FolderPath will be mapped to. -tsenable -tsdisable -enableremote -required interact -disableremote -tsstartingprogram [program] -tsstartin [location] -maxdisconnectedsession [minutes] -maxconnectiontime [minutes] Enables the user for Terminal Server. Disables the user from using Terminal Server. Enables Remote Control for the user. The -required and -interact switches are optional. If required is used, "Require Users Permission" will be checked. If -interact is specified, then "Interact With The Session" will be checked. Disables Remote Control for the user. Sets the program to start when the user logs on to Terminal Server. Sets the location for the users startup program to start in. Sets the maximum disconnected session time for the user in minutes. Setting to 0 minutes indicates an unlimited time. Sets the maximum connection time for the user in

minutes. Setting to 0 indicates an unlimited time. -maxidletime [minutes] -sessionlimitaction [disconnect end] -allowreconnect [any originating] -tsconnectclientdrives [yes no] -tsconnectclientprinters [yes no] -tsdefaulttomainprinter [yes no] Sets the maximum idle time for the user in minutes. Setting to 0 indicates an unlimited time. Specifies the action to take when a sessions limit has been reached. Specify either disconnect (disconnect the session) or end (end the session). Specifies whether or not to allow a reconnect from anywhere (any) or just the originating client (originating). Specifies whether or not to connect client drives upon logon to a Terminal Server session. Specifies whether or not to connect client printers upon logon to a Terminal Server session. Specifies whether or not to default to the main client printer. Exchange Related Attributes -killmail -includeinrecipientpolicy -excludefromrecipientpolicy -hidefromaddresslists -showinaddresslists -includeinmailboxmanager -excludefrommailboxmanager -enablehttp -disablehttp -enablepop3 -disablepop3 -enableimap4 -disableimap4 Removes Exchange Attributes. Checks "Automatically Update E-mail Addresses Based on Recipient Policy" Check box. Unchecks "Automatically Update E-mail Addresses Based on Recipient Policy" Check box. Hides the user from all Address Lists. Shows the user in address lists. Includes the user in mailbox manager policies. Excludes the user from mailbox manager policies. Enables HTTP for the user. Disables HTTP for the user. Enables POP3 for the user. Disables POP3 for the user. Enables IMAP4 for the user. Disables IMAP4 for the user. The three MAPI settings below require that the users mailbox is homed on an Exchange 2003 SP2 or later server. -enablemapi -disablemapi -enablecachedmapi Enables MAPI access for the user. Disables MAPI access for the user. Enables MAPI access for users in cached mode only. -addsmtp [address] -setasprimary updatemail Adds an SMTP address to the user. Address will need to be in the form of variable@domain.com (Information on variable usage can be found below under "Variables"). Specify the optional setasprimary switch to set the address as primary (default is secondary). Use the updatemail switch to also set the E-mail address on the ADU&C General tab. -removeaddress [address] Removes any address that matches the specified filter. Wild cards are allowed. Examples would be: smtp:*@domain.com smtp:*@doma??.com Normal * and? wildcard matching rules apply. Please note that this can be used to remove any match found in the users Proxy Addresses list, not

just SMTP addresses. Matches are case-insensitive. Mailbox Rights -setmailboxrights Sets msexchmailboxsecuritydescriptor. KB 324353 -fixsendas -removefixsendas -grantselfaea -removeaeafromself -grantselffullandread -removefullandread -dumpmailboxrights -importmailboxrights [overwrite append] -addtomailboxrights DOMAIN\USER Grants Send-As rights to users with Full Mailbox Access and Read. KB 327274 Removes Send-As rights from users Full Mailbox Access and Read. Undo for KB 327274 Grants Associated External Account privileges to SELF. KB 278966 Removes Associated External Account from SELF. Undo for KB 278966 Grants Full Mailbox Access and Read to SELF. KB 304935 Removes Full Mailbox Access and Read from SELF. Undo for KB 304935 Dumps all permissions in Mailbox Rights to a file called mbxrights.xml. Imports mailbox rights from the mbxrights.xml created by the -dumpmailboxrights switch. When using this switch, the -dn switch is not required. Overwrite will remove all non-inherited ACE's before importing, append will not. This switch only imports non-inherited mailbox rights. Adds an account to mailbox rights with the specified permissions masks. The optional -deny switch specifies a deny entry, default is an allow entry. Valid Access Masks: ACE_MB_FULL_ACCESS ACE_MB_DELETE_MB_STORAGE ACE_MB_READ_PERMISSIONS ACE_MB_CHANGE_PERMISSION ACE_MB_TAKE_OWNERSHIP -removefrommailboxrights DOMAIN\USER ACCESS_MASK -deny (optional) Removes the specified mask from DOMAIN\USER in mailbox rights. The -deny switch specifies a deny entry, default is an allow entry. Valid Access Masks: ACE_MB_FULL_ACCESS ACE_MB_DELETE_MB_STORAGE ACE_MB_READ_PERMISSIONS ACE_MB_CHANGE_PERMISSION ACE_MB_TAKE_OWNERSHIP ALL The ALL Mask will remove all permissions for the specified user. User Account Settings -enableaccount -disableaccount -passwordnotrequired [yes no] -passwordneverexpires [yes no] -mustchangepassword [yes no] -cannotchangepassword [yes no] Enables the user account. Disables the user account. Specifies whether to set the password not required option. Specifies whether to check or uncheck the "Password Never Expires" box. Specifies whether to check or uncheck the "User Must Change Password at Next Logon" box. Specifies whether to check or uncheck the "User Cannot Change Password" box.

-usereversibleencryption [yes no] Specifies whether to check or uncheck the "Store Password Using Reversible Encryption" box. -smartcardrequired [yes no] -cannotbedelegated [yes no] -usedesencryption [yes no] -donotrequirekerberospreauth [yes no] -addtogroup [DNOfGroup] -removefromgroup [DNOfGroup] -allowinheritable [yes no] -modrdn [NewRDN] Specifies whether to check or uncheck the "Smart Card is Required for Interactive Logon" box. Specifies whether to check or uncheck the "Account is Sensitive and Cannot be Delegated" box. Specifies whether to check or uncheck the "Use DES Encryption Types for This Account" box. Specifies whether to check or uncheck the "Do Not Require Kerberos Preauthentication" box. Adds the user to the specified group. Removes the user from the specified group. Specifies whether to check or uncheck the "Allow inheritable permissions to propagate to this object" box. Changes the users Relative Distinguished Name (CN). Variable usage is required. To change an RDN to LastName, FirstName use the following syntax: -modrdn "%'sn'%, %'givenname'%" Custom Attributes The custom switch allows you to name the attribute you wish to modify. This operation is only supported against attributes of the following type: Boolean Case Insensitive String Distinguished Name DN Binary IA5 String Integer Numerical String Unicode String Syntax: [-custom attributename attributevalue -multi -remove] attributename attributevalue -multi (optional) -remove (optional) The name of the attribute you wish to modify. The value to give the attribute. Specifies a multi-valued append. If the attribute being modified is multi-valued this switch needs to be used. Otherwise, the value will be overwritten, not appended. Specifies a multi-valued remove. If the attribute being modified is multi-valued and -remove is used, then only the specified value will get removed. Example for setting description attribute: -custom description "IT Department" Variables Variable usage is allowed when building attributes. Variables can be based off of almost any current Active Directory attribute, as long as it has a value. Variables are seperated from literal values using the % sign. Variables must also be enclosed in a single tick ('). This example shows how to set homedirectory to the path c:\test\username,

where username is the users samaccountname: -custom homedirectory c:\test\%'samaccountname'% It is also possible to pull only a specified number of characters from the attribute as well. Just specify the number of characters you want to use after the %, and before the "'". The following example shows how to add an SMTP address of FirstInitial.LastName@domain.com: -addsmtp %1'givenName'%.%'sn'%@domain.com If a % or ' is needed as a literal value, simply use the forward slash (/) as an escape character: Example: This is a percent sign: /% The above line will end up being: This is a percent sign: % There may be times where you need a literal forward slash before the percentage or single tick characters, usually when the forward slash needs to be followed by a variable. The syntax for this is //% or //' An example would be adding an MS Mail address: ms:po/server//%'mailnickname' Undo Mode Changes made with ADModify can be undone, as long as the xml log file that logged the changes still exists. These log files are typically located in the same folder as the admodify executable. Syntax: [-undo logfilename -server servername] -undo logfilename -server servername (optional) Specifes the log file that contains the changes to be undone. Specifies the DC to write the changes to. If left blank changes are written locally if the local machine is a DC. If not, DNS is used to find one. For information on users that were skipped during an undo process, refer to the undo.log file. For more information on sample usage, please refer to the ADModify help.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information