MSADMIN.NET

Site Sections

• Home
• Contact
• Syndication
• Login

Posts

24

Comments

229

Trackbacks

0

October 2008 Blog Posts

AD Replication

This is a good article on AD replication:

http://blogs.technet.com/kenstcyr/archive/2008/07/...

posted @ Friday, October 31, 2008 11:26 AM | Feedback (3)

DSQuery discovery

Did you know there is a tool called dsquery????? DID YOU???

OH MY GOSH!!! This is the best tool EVER! (for AD queries.)

Why didn't I know about this tool before? This tool can do all SORTS of stuff! And you can combine it with some other tools like DSMOD, etc...

It can also do ldap queries, althought the out put, using the -o option, is limited to just a four things. Basically it is for getting back account names, not certain attributes, so vbscript will still be useful in that case.

I just looked this up and it is part of the "Directory Service Command-line Tools" suite. Here is a list of the tools:

 

Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.

 

Also, here is a primer from MS:

http://support.microsoft.com/kb/322684

posted @ Friday, October 31, 2008 7:08 AM | Feedback (3)

Finding the site of a Domain Controller

Those of you out there with relatively large domains can understand what a pain it is to search through AD Sites and Services to find which site a domain controller belongs to.

Being that I am very impatient I decided enough was enough and figured out how to use a tool called nltest. It can do all sorts of things, but for now check this out:

nltest /server:<servername> /dsgetsite

Not only can you run this against a DC, you can run it against any computer in your domain to find which site it belongs to.

posted @ Wednesday, October 29, 2008 11:31 AM | Feedback (3)

System Schema Version

Wanna know the Schema version of your Active Directory?

One simple way is to logon to a domain controller and go to HKLM\System\CurrentControlSet\Services\NTDS\Parameters and look at the data portion for

the "System Schema Version" entry which sometimes, in some situations of which I'm not aware of but I've heard on the street, it's called the "Schema Version" entry.

Then check it against the following:

13 = 2000

30 = 2003

31 = 2003 R2

44 = 2008

?? = 2008 R2

 

Is there a pattern that I'm just not seeing?

 

--UPDATE--

You can look in ADSIEdit too. Just look at the objectVersion in the properties of CN=Schema,CN=Configuration,DC=your,DC=domain,DC=com.

posted @ Wednesday, October 29, 2008 8:43 AM | Feedback (3)

VBScript: Finding AD Accounts Created After a Certain Date

This was a fun one. I was asked to find all user accounts in a specific OU that were created on or after August 1st 2008.

Sweet, except that I don't know how to convert the createTimeStamp attribute to a number to compare it to 08/01/2008, which I would also have to convert to a number.

You see, the createTimeStamp attribute on every user account looks something like this: 08/01/2008 8:22:48 AM .

My quick and dirty solution was simply to split the attribute into two elements of an array. See the little space between the date and the time? Bingo!

So now I have just the date. Now what? Split THAT on the slash "/" in another array, and now I have an array where the first element is the month, the second element is the day, and the third element is the year.

From there I just compared numbers. Sometimes quick and dirty works great.

Here's the script:

ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 500
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Set objRootDSE = getObject("LDAP://rootDSE")
strDomainNCDN = objRootDSE.GET("DefaultNamingContext")
set objDomain = GetObject("LDAP://" & strDomainNCDN)

strOU = "" 'Place the OU you want to search into here, include a comma at the end, or just leave blank to search all of AD.

objCommand.CommandText = "<LDAP://" & strOU & strDomainNCDN & ">(&(objectClass=user)(objectCategory=person));name,createTimeStamp;subtree"

Set objRecordSet = objCommand.Execute

If objRecordset.RecordCount = 0 Then
WScript.Echo "Username cannot be found."
Else

While Not objRecordset.EOF

varCreateTimeStamp = objRecordset.Fields(1)
aryCreateTimeStamp = Split(varCreateTimeStamp," ")
varCreateDate = aryCreateTimeStamp(0)
aryCreateDate = Split(varCreateDate,"/")

If aryCreateDate(2) = 2008 And aryCreateDate(0) > 7 then

WScript.Echo objRecordset.Fields(0) & " Date Created: " & varCreateDate
objRecordSet.MoveNext

Else
objrecordset.MoveNext
End if

Wend
End if

posted @ Friday, October 17, 2008 8:27 AM | Feedback (13)

Article Categories

• Technical Articles

Archives

• November, 2010 (1)
• September, 2010 (3)
• January, 2009 (2)
• December, 2008 (1)
• November, 2008 (1)
• October, 2008 (5)
• February, 2008 (1)
• December, 2007 (3)
• July, 2007 (1)
• June, 2007 (1)
• May, 2007 (1)
• October, 2006 (4)

My Links

• Minus Forty