Active Directory Commands ( www.ostadbook.com )



Similar documents
Chapter 4: Implementing and Managing Group and Computer Accounts. Objectives

11 essential tools for managing Active Directory

Microsoft Virtual Labs. Active Directory New User Interface

Active Directory. By: Kishor Datar 10/25/2007

Step-by-Step Guide to Active Directory Bulk Import and Export

Understanding Active Directory. Heng Sovannarith

Introduction to Auditing Active Directory

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Module 4. Managing Groups. Contents: Lesson 1: Overview of Groups 4-3. Lesson 2: Administer Groups Lab A: Administer Groups 4-36

CHAPTER THREE. Managing Groups

LDAP/Active Directory Guide. Release 4.0

TechJam Active Directory Auditing Presenter Matt Warburton Professional Services

Step-by-Step Guide to Bulk Import and Export to Active Directory

LDAP Directory Integration with Cisco Unity Connection

Active Directory LDAP Quota and Admin account authentication and management

How To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log

Module 4: Implementing User, Group, and Computer Accounts

HOW TO: Customise the style of the display name in Active Directory Users and Computers and the GAL

Configuring Windows Server 2008 Active Directory

Introduction Installing and Configuring the LDAP Server Configuring Yealink IP Phones Using LDAP Phonebook...

The following gives an overview of LDAP from a user's perspective.

Module 3: Implementing an Organizational Unit Structure

Module 1: Introduction to Active Directory Infrastructure

PriveonLabs Research. Cisco Security Agent Protection Series:

R4: Configuring Windows Server 2008 Active Directory

User Management Resource Administrator. Managing LDAP directory services with UMRA

Active Directory Disaster Recovery Workshop. Lab Manual Revision 1.7


Administering Active Directory Administering W2K Server

BlackShield ID. QUICKStart Guide. Integrating Active Directory Lightweight Services

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Administrator s Guide

1 Introduction. Ubuntu Linux Server & Client and Active Directory. Page 1 of 14

Troubleshooting Active Directory Server

Core Active Directory Administration

How To Search For An Active Directory On Goprint Ggprint Goprint.Org (Geoprint) (Georgos4) (Goprint) And Gopprint.Org Gop Print.Org

PineApp Surf-SeCure Quick

Configuring Sponsor Authentication

1 Introduction. Windows Server & Client and Active Directory.

CardAccess 3000 V2.9.x New Features Configuration Guide

Windows Server 2003 Administration Part 1 Lab Manual Presented by

ADMT v3 Migration Guide

Administering Computer Accounts and Resources in Active Directory

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Lesson Plans LabSim for Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Configuring and Using the TMM with LDAP / Active Directory

HELP DOCUMENTATION UMRA REFERENCE GUIDE

INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

How to integrate hp OpenView Service Desk with Microsoft Active Directory

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Quick Introduction System Requirements Main features Getting Started Connecting to Active Directory... 4

Restructuring Active Directory Domains Within a Forest

Creating Organizational Units, Accounts, and Groups. Active Directory Users and Computers (ADUC) 21/05/2013

Using VBScript to Automate User and Group Administration

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Security Provider Integration LDAP Server

Adeptia Suite LDAP Integration Guide

LDAP User Service Guide 30 June 2006

Forests, trees, and domains

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

Active Directory. Learning Objective. Active Directory

Using LDAP Authentication in a PowerCenter Domain

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

LDAP and Active Directory Guide

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide

Configuring User Identification via Active Directory

How To Set Up A Webmin Account On A Libc (Libc) On A Linux Server On A Windows 7.5 (Amd) With A Password Protected Password Protected (Windows) On An Ubuntu (Amd

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

Automatic Deployment and Authentication Guide

Skyward LDAP Launch Kit Table of Contents

Active Directory Cleaner User Guide 1. Active Directory Cleaner User Guide

Managing Identities and Admin Access

Websense Support Webinar: Questions and Answers

Windows Server 2012 Directory Partition Containers- A Walk Through

Active Directory 2008 Implementation. Version 6.410

VMware Identity Manager Administration

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Active Directory Service. Integration Parameters and Implementation

Chapter 1 Manage Users, Computers and Groups...2. Chapter 2 Managing and Maintaining Access to Resources...43

How To Set Up An Openfire With Libap On A Cdd (Dns) On A Pc Or Mac Or Ipad (Dnt) On An Ipad Or Ipa (Dn) On Your Pc Or Ipo (D

Integrating Webalo with LDAP or Active Directory

LDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.

CA Performance Center

O Reilly Ebooks Your bookshelf on your devices!

User-ID Best Practices

User Migration Tool. Note. Staging Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0(1) 1

Usage: admodcmd [-dn BaseDN] [-p pagesize] [-s] [-server servername] [-f LDAPFilter] [modification]

Steps to setup authentication and enrolment through LDAP protocol

Using Logon Agent for Transparent User Identification

Sample Configuration: Cisco UCS, LDAP and Active Directory

SOFTWARE BEST PRACTICES

Transcription:

CSVDE Script Example: Active Directory Commands ( www.ostadbook.com ) 1 Dn, samaccountname, userprincipalname, department, useraccountcontrol, objectclass "CN=Amir Nosrati,OU=IT,DC=Ostadbook,DC=com",Amir-n,Amir-n@Ostadbook.com,MCSE,512,user CSVDE Import CSVDE i f users.csv CSVDE i k f users.csv CSVDE Export CSVDE f users.csv r "(&(objectclass=user))" CSVDE f users.csv l "DN,objectclass,samaccountname,useraccountcontrol" CSVDE f users.csv r "(&(objectclass=user))" l "DN,objectclass,samaccountname,useraccountcontrol"

DSMOD USER Modify Password DSMOD 2 dsmod user "CN=Behzad Azarmehr,OU=IT,DC=Ostadbook,DC=com" pwd 123456 DSADD USER Create user WITH password dsadd user "CN=Mohammad AzadiNaqsh,OU=IT,DC=Ostadbook,DC=com" pwd 123456 DSMOD GROUP Examples To add the user Mohammad Saedy to all administrator distribution list groups: dsquery group "OU=Distribution Lists,DC=Ostadbook,DC=com" name adm* dsmod group addmbr "CN=Mohammad Saedy,CN=Users,DC=Ostadbook,DC=com" To add all members of the IT Info Group to the Ostadbook Info group: dsget group "CN=IT info,ou=distribution Lists,DC=Ostadbook,DC=com" members dsmod group "CN=Ostadbook info,ou=distribution Lists,DC=Ostadbook,DC=com" addmbr DSMOD GROUP Examples To convert the group type of several groups from "security" to "non-security": dsmod group "CN= IT info,ou=distribution Lists,DC=Ostadbook,DC=com" "CN=Ostadbook info,ou=distribution Lists,DC=Ostadbook,DC=com" "CN=MCSE info,ou=distribution Lists,DC=Ostadbook,DC=com" secgrp no To add three new members to the IT info group: dsmod group "CN= IT info,ou=distribution Lists,DC=Ostadbook,DC=com" addmbr "CN=Sina Razavi,CN=Users,DC=Ostadbook,DC=com" "CN=Hamed Tadei,OU=Distribution Lists,DC=Ostadbook,DC=com" "CN=Sara Alijani,CN=Users,DC=Ostadbook,DC=com"

3 To add all users from the OU "IT" to the current group "IT Staff": dsquery user OU=IT,DC=Ostadbook,DC=com dsmod group "CN=IT Staff,OU=IT,DC=Ostadbook,DC=com" addmbr To delete two members from the ccurren IT Info group: dsmod group "CN=IT Info,OU=Distribution Lists,DC=Ostadbook,DC=com" rmmbr "CN=Sina Razavi,CN=Users,DC=Ostadbook,DC=com" "CN=Sara Alijani,OU=Distribution Lists,DC=Ostadbook,DC=com" DSMOD SERVER Examples To enable the domain controllers OstadbookDC1 and OstadbookDC9 to become Global catalog servers: dsmod server "CN=OstadbookDC1,CN=Servers,CN=site1,CN =sites,cn =configuration,dc=ostadbook,dc=com" "CN=OstadbookDC9,CN=Servers,CN=site2,CN =sites,cn =configuration,dc=ostadbook,dc=com" isgc yes DSMOD COMPUTER Examples To disable multiple computer accounts: dsmod computer CN=MemberServer1,CN=Computers,DC=Ostadbook,DC=com CN=MemberServer2,CN=Computers,DC=Ostadbook,DC=com disabled yes To reset multiple computer accounts: dsmod computer CN=MemberServer1,CN=Computers,DC=Ostadbook,DC=com CN=MemberServer2,CN=Computers,DC=Ostadbook,DC=com reset

DSADD Create an Organizational Unit in Windows 2003 dsadd ou "OU=IT,DC=Ostadbook,DC=com" DSADD 4 DSADD Creating Groups scope g Global group -scope L Domain Local group (Could also be scope l. Lower case L) -secgrp yes Security group (not distribution) dsadd group "CN=Ostadbook-users,OU=IT,DC=Ostadbook,DC=com" secgrp yes scope L DSADD Members Perhaps one of the most useful commands would be to add member to a groups as you create the group. Assuming you have already created a user called Tadei you would append this to example: Creating group. -members "CN=Tadei,OU=IT,DC=Ostadbook,DC=com" If there is a snag, you need to remember to add the members when you create the group otherwise dsadd will not work. However, you could try dsmod to modify or add members to an existing group. Dsadd group "CN=Ostadbook-users,OU=IT,DC=Ostadbook,DC=com" secgrp yes scope L -members "CN=Tadei,OU=IT,DC=Ostadbook, DC=com" DSADD Creating a User dsadd user "CN=Jowzi,OU=IT,DC=Ostadbook,DC=com"

DSGET COMPUTER DSGET 5 To find all computers in a given OU whose name starts with "tst" and show their descriptions. Dsquery computer OU=Test,DC=Ostadbook,DC=com name tst* dsget computer desc To show the list of groups, recursively expanded, to which a given computer "MyDBServer" belongs: dsget computer CN=MyDBServer,CN=computers,DC=Ostadbook,DC=com memberof expand To display the effective quota and quota used of a given computer "MyDBServer" on a given partition "CN=domain1,DC=Ostadbook,DC=com", type: dsget computer CN=MyDBServer,CN=computers,DC=Ostadbook,DC=com part CN=domain1,DC=Ostadbook,DC=com qlimit qused DSGET GROUP To find all groups in a given OU whose names start with "adm" and display their descriptions. Dsquery group OU=Test,DC=Ostadbook,DC=com name adm* dsget group desc To display the list of members, recursively expanded, of the group "Backup Operators": dsget group "CN=Backup Operators,OU=Test,DC=Ostadbook,DC=com" members expand To display the effective quota and quota used for a group on a specified partition, type: dsget group "CN=Backup Operators,OU=Test,DC=Ostadbook,DC=com" part "CN=domain1,DC=Ostadbook,DC=Com" qlimit qused

DSGET SERVER To find all domain controllers for domain IT.ostadbook.com and display their DNS host name and site name: 6 dsquery server domain IT.ostadbook.com dsget server dnsname site To show if a domain controller with the name DC1 is also a Global Catalog server: dsget server CN=DC1,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Ostadbook,DC=com isgc To show the distinguished names of the directory partitions on a domain controller with the name DC1, type: dsget server CN=DC1,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Ostadbook,DC=com part To show the security principals that own the largest total number of directory objects on the directory partitions of a domain controller with the name DC1, and limiting the list to the top 5 owners, type: dsget server CN=DC1,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Ostadbook,DC=com topobjowner 5 DSGET USER To find all users in a given OU whose names start with "rez" and display their descriptions, type: dsquery user OU=Test,DC=Ostadbook,DC=com name rez* dsget user desc To display the list of groups, recursively expanded, to which a given user "Afshin Tavvahin" belongs, type: dsget user "CN=afshin tavvahin,cn=users,dc=ostadbook,dc=com" memberof expand To display the effective quota and quota used for a given user "Afshin Tavvahin" on a given partition "CN=domain,DC=Ostadbook,DC=com", type: dsget user "CN=Afshin tavvahin,cn=users,dc=ostadbook,dc=com" part "CN=domain,DC=Ostadbook,DC=com" qlimit qused

DSMOVE Examples DSMOVE 7 The user object for the user Tadei can be renamed to Tadei with the following command: dsmove "CN=Tadei,OU=sales,DC=Ostadbook,DC=com" newname "Tadei" The same user can be moved from the Sales organization to the Marketing organization with the following command: dsmove "CN=Tadei,OU=sales,DC=Ostadbook,DC=com" newparent OU=Marketing,DC=Ostadbook,DC=com The rename and move operations for the user can be combined with the following command: dsmove "CN=Tadei,OU=sales,DC=Ostadbook,DC=com" newparent OU=Marketing,DC=Ostadbook,DC=com newname "Tadei" DSQUERY DSQUERY Examples To find all computers those have been inactive for the last four weeks and remove them from the directory: dsquery computer inactive 4 dsrm To find all users in the organizational unit "OU=Marketing,DC=Ostadbook,DC=com" and add them to the Marketing Staff group: dsquery user OU=Marketing,DC=Ostadbook,DC=com dsmod group "CN=Marketing Staff,OU=Marketing,DC=Ostadbook,dc=com" addmbr To find all users with names starting with "amir" and display his office number: dsquery user name Amir* dsget user office To display an arbitrary set of attributes of any given object in the directory use the dsquery * command. For example, to display the samaccountname, userprincipalname and department attributes of the object whose DN is OU=Test,DC=Ostadbook,dc=com: dsquery * OU=Test,DC=Ostadbook,DC=com scope base attr samaccountname userprincipalname department To read all attributes of the object whose DN is OU=Test,DC=Ostadbook,DC=com: dsquery * OU=Test,DC=Ostadbook,DC=com scope base attr *

8 DSQUERY COMPUTER To find all computers in the current domain whose name starts with "re" and whose description starts with "desktop", and display their DNs: dsquery computer domainroot name re* -desc desktop* To find all computers in the organizational unit (OU) given by OU=sales,DC=Ostadbook,DC=com and display their DNs: dsquery computer OU=sales,DC=Ostadbook,DC=com DSQUERY Group To find all groups in the current domain whose name starts with "re" and whose description starts with "admin", and display their DNs: dsquery group domainroot name re* -desc admin* Find all groups in the domain given by DC=Ostadbook,DC=com and display their DNs: dsquery group DC=Ostadbook,DC=com DSQUERY Server To find all DCs in the current domain: dsquery server To find all DCs in the forest and display their Relative Distinguished Names: dsquery server o rdn forest To find all DCs in the site whose name is "Teh-Ostadbookgaran", and display their Relative Distinguished Names: dsquery server o rdn site Teh-Ostadbookgaran Find the DC in the forest that holds the schema FSMO role: dsquery server forest hasfsmo schema Find all DCs in the domain example.ostadbookt.com that are global catalog servers: dsquery server domain example.ostadbook.com isgc Find all DCs in the current domain that hold a copy of a given directory partition called "ApplicationSales": dsquery server part "Application*"

DSQUERY User 9 To find all users in a given organizational unit (OU) whose name starts with "rez" and whose account has been disabled for logon and display their user principal names (UPNs): dsquery user OU=Test,DC=Ostadbook,DC=com o upn name rez* -disabled To find all users in only the current domain, whose names end with "Jowzi" and who have been inactive for 3 weeks or more, and display their DNs: dsquery user domainroot name *Jowzi inactive 3 To find all users in the OU given by OU=sales,DC=Ostadbook,DC=com and display their UPNs: dsquery user OU=sales,DC=Microsfot,DC=com o upn DSQUERY OU To find all Ous in the current domain whose name starts with "se" and whose description starts with "sales", and display their DNs: dsquery ou domainroot name se* -desc sales* To find all Ous in the domain given by DC=Ostadbook,DC=com and display their DNs: dsquery ou DC=Ostadbook,DC=com DSQUERY Site To find all sites in West-Teh with name starting with "west" and display their DNs: dsquery site name west* To list the distinguished names (RDNs) of all sites defined in the directory: dsquery site o rdn

11 DSQUERY Subnet To find all subnets with the network IP address starting with 80.191: dsquery subnet name 80.191.* To find all subnets in the site whose name is "Site-Teh", and display their names as Relative Distinguished Names (RDNs): dsquery subnet o rdn site Site-teh To list the names (RDNs) of all subnets defined in the directory: dsquery subnet o rdn dsquery failed:the parameter is incorrect. DSRM Examples DSRM To remove an organizational unit (OU) called "Marketing" and all the objects under that OU, use the following command: dsrm subtree noprompt c OU=Marketing,DC=Ostadbook,DC=com To remove all objects under the OU called "Marketing" but leave the OU intact, use the following command with the exclude parameter: dsrm subtree exclude noprompt c "OU=Marketing,DC=Ostadbook,DC=com"

General Parameters -i Turn on Import Mode (The default is Export) -f filename Input or Output filename LDIFDE -s servername The server to bind to (Default to DC of computer's domain) -c FromDN ToDN Replace ccurrences of FromDN to ToDN -v Turn on Verbose Mode -t port Port Number (default = 389) -u Use Unicode format -w timeout Terminate execution if the server takes longer than the specified number of seconds to respond to an operation(default = no timeout specified) -h Enable SASL layer encryption -j path og File Location Export Specific -d RootDN The root of the LDAP search (Default to Naming Context) -r Filter LDAP search filter (Default to "(objectclass=*)") -p SearchScope Search Scope (Base/OneLevel/Subtree) -l list List of attributes (comma separated) to look for in an LDAP search -o list List of attributes (comma separated) to omit from input. -g Disable Paged Search. -m Enable the SAM logic on export. -n Do not export binary values Import -k The import will go on ignoring 'Constraint Violation' and 'Object Already Exists' errors -y The import will use lazy commit for better performance (enabled by default) -e The import will not use lazy commit -q threads The import will use the specified number of threads (default is 1) 11

Credentials Establishment Note that if no credentials are specified, LDIFDE will bind as the currently logged on user, using SSPI. -a UserDN [Password *] Simple authentication -b UserName Domain [Password *] SSPI bind method 12 Examples Simple import of current domain ldifde i f INPUT.LDF Simple export of current domain ldifde f OUTPUT.LDF Export of specific domain with credentials ldifde m f OUTPUT.LDF -b USERNAME DOMAINNAME * -s SERVERNAME -d "cn=users,dc=ostadbook,dc=com" -r "(objectclass=user)" No log files were written. In order to generate a log file, please specify the log file path via the j option. LDIFDE Import The key switch is i without this tiny i switch (Lower case ) LDIFDE will just export information or raise an error message To master importing user accounts, you must understand the LDAP attributes Also you need 'Active Directory Users and Computer' available for inspecting the users' properties Once you have written all the data in your.ldf file then just import the data with a command like this : ldifde i f accounts.ldf s bigserve

Using LDIFDE to Add a New User In this example, you use LDIFDE to add a new user named Sina Razavi to the Training organizational unit. 13 Start Notepad, and create a new file called Newuser.ldf. (Save the file as with an.ldf extension.) (Note you will need to substitute the information for your domain!) dn: CN=GuyThomas, OU=Training, DC=Ostadbook, DC=com changetype: add cn: Sina Razavi objectclass: user samaccountname: Sina givenname: Sina sn: Razavi Save the LDIF file. Edit the LDIF file Newuser.ldf, and add the following text : Run LDIFDE to import the new user into active directory. Open a 'dos box', start run, CMD, then type the following command, and then press Enter. Ldifde i f newuser.ldf s bigserve To confirm that the new user has been created, check your active directory users and computers snap-in. Modify a User's attributes Once you have mastered adding users, then experiment with modifying existing attributes, this is the main advantage of LDIFDE over CSVDE. The key is the 'changetype: ' command in the data file. The three possible commands are add, modify, and delete. Changing the password is very difficult. Below is an example but you really needing more details from your ebook to master the 'unicodepwd' syntax. Dn: CN=Behzad Azarmehr, OU=IT, DC=Ostadbook,DC=com changetype: modify replace: unicodepwd unicodepwd::igbzag8adqbyae4azqb3afaadwbkacia

14 Deleting a user When you need to delete objects, firstly you need their dn: attributes. Secondly, on the next line, write a statement for changetype: delete. Example: If you saved these entries into a file called leavers.ldf dn: CN=Sara Alijani,CN=Users,DC=Ostadbook changetype: delete dn: CN=Azadinaqsh,CN=Users,DC=Ostadbook changetype: delete dn: CN=Sina Jowzi=Users,DC=Ostadbook changetype: delete LDIFDE Export The situation is, you want to extract user accounts from active directory. Perhaps you are doing this with a view to making changes, then importing them back into active directory. Alternatively, you may just want to practice the export to gain experience because LDIFDE f filename, is harmless compared with the import command. Note that export is the default so you do not need a i switch, all you need is the f switch and a filename. Ldifde f export.ldf s ostadbook (Where ostadbook is your domain controller and export.ldf is the filename) In theory you can export user accounts by just giving the filename, but I find you need the s switch to connect to the server. (-s ostadbook) Type your ldifde commands in notepad, then save as a.bat file then execute your.bat file from DOS. Adding filters with r Use the r switch to filter your data, for example: the command to export only computer objects on a server called ostadbook is: ldifde f ExportComputer.ldf s ostadbook r "(objectclass=computer)" Gradually add to your basic ldifde file, pay attention to the syntax e.g. "speech marks", commas Exporting only the fields you want with l (lower case L) ldifde f ExportUser.ldf s ostadbook r "(objectclass=user)" l "dn, cn, givenname, sn, department"

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information