Table of Contents

Contacts

Output a list of all contacts in Active Directory to a text file with current date

dsquery contact > "Contacts in AD (%date%).txt"

Output a list of all contacts with their emailaddress in Active Directory to a text file with the current date

dsquery contact|dsget contact -email -display > "Email Addresses for Contacts (%date%).txt"

Output a list of all contacts with their emailaddress in the Contacts.Exchange OU to a text file with the current date

dsquery contact "OU=Contacts,OU=Exchange,DC=fabrikam,DC=com"|dsget contact -email -display > "Email Addresses for Contacts OU (%date%).txt"

Output a list of all contacts with their emailaddress in the OU that is given when the script runs

dsquery contact %1|dsget contact -email -display > "Email Addresses for %2 OU (%date%).txt"

Above script should be run as follows:

ShowContactsEmailAddressFor.cmd "OU=Contacts,OU=Exchange,DC=fabrikam,DC=com" "Contacts"

Groups

Copy the group memberships from one user to another

dsget user %1 -memberof|dsmod group -c -addmbr %2

Above script should be run as follows:

CopyGroupMembership.cmd "CN=SourceUsername,OU=Users,DC=fabrikam,DC=com" "CN=DestinationUserName,OU=Users,DC=fabrikam,DC=com"

Copy the group memberschips from one group to another

CopyGroupMembersToGroup.cmd
@ECHO OFF
REM CopyGroupMembersToGroup.cmd
REM For copying the members of one group to another.
REM 20100827, v1.
REM 20120621, v2.
REM               Added FOR loop so the script doesn't quit on the first account that already is a member of both groups.
@ECHO ON
 
FOR /F "tokens=*" %%S IN ('dsget group %1 -members') DO (
 
	dsmod group %2 -addmbr %%S
 
)

Above script should be run as follows:

CopyGroupMembersToGroup.cmd "CN=SourceGroupName,OU=Groups,DC=fabrikam,DC=com" "CN=DestinationGroupName,OU=Groups,DC=fabrikam,DC=com"

Get the account names of group members

dsget group %1 -members -expand|dsget user -samid -c

Above script should be run as follows:

GetGroupMembersAccountName.cmd "CN=GroupName,OU=Groups,DC=fabrikam,DC=com"

Get the full name of group members

dsget group %1 -members -expand|dsget user -display -c

Above script should be run as follows:

GetGroupMembersFullName.cmd "CN=GroupName,OU=Groups,DC=fabrikam,DC=com"

Users

Home directories

Onderstaand commando haalt alle users uit AD die nu een home directory hebben met “servernaam” in de string en vervangt deze door \\newserver\Home\$username$:

dsquery user -limit 2000|dsget user -samid -hmdir|find /I "servernaam"|gawk "{print $1}"|tee "c:\temp\usernamesfound.txt"|xargs -n 1 dsquery user -samid |dsmod user -hmdir \\newserver\Home\$username$|tee "c:\temp\dsmodresult.txt"

Voor dit commando heb je de gawk, tee en xargs utilities voor Windows nodig. Deze kun je halen uit: GNU utilities for Win32

Uitleg

dsquery user -limit 2000
Vraagt alle users op in AD en verhoogt de limiet op geretourneerde regels van de standaard 100 naar 2000.

dsget user -samid -hmdir
Vraagt van al deze users het samid en de home directory op.

find /I “servernaam”
Geeft de regels terug waarin servernaam voorkomt en let daarbij niet op hoofdletters.

gawk “{print $1}“
Geef de eerste kolom van het resultaat terug, de samid's.

tee “c:\temp\usernamesfound.txt”
Stopt de uitvoer in zowel het aangegeven bestand als op de console.

xargs -n 1 dsquery user -samid
Voert dsquery user -samid met daarachter één argument uit de lijst aangegeven door xargs (vergeet niet de spatie na -samid en het pipe symbool!) om de DN van deze useraccount te achterhalen.

dsmod user -hmdir \\newserver\Home\$username$
Past per userDN de home directory aan naar de nieuwe server + share + username.

tee “c:\temp\dsmodresult.txt”
Stopt de uitvoer van dsmod in zowel het aangegeven bestand, als op de console.

List of enabled users

Requires comm.exe from UnixUtils

GetActiveUsers.cmd
@ECHO OFF
REM GetActiveUsers.cmd
REM 20110726, v1.
 
SET UNIXUTILS=I:\Tools\UnixUtils\usr\local\wbin
SET TMPDIR=C:\Temp
 
ECHO Getting a list of all user accounts
%SYSTEMROOT%\system32\dsquery.exe user forestroot -o samid -limit 0|sort > "%TMPDIR%\users.txt"
 
ECHO Getting a list of disabled user accounts
%SYSTEMROOT%\system32\dsquery.exe user forestroot -disabled -o samid -limit 0|sort > "%TMPDIR%\disabled.txt"
 
ECHO Comparing both lists to filter out the disabled users
%UNIXUTILS%\comm.exe -3 "%TMPDIR%\disabled.txt" "%TMPDIR%\users.txt" > "%TMPDIR%\Enabled-%date%.txt"
 
ECHO Displaying the end result in Notepad
%SYSTEMROOT%\system32\notepad.exe "%TMPDIR%\Enabled-%date%.txt"

Directory service command-line tools
Dsget
Dsquery
Dsmod
Microsoft Windows 2000 Scripting Guide - ADSI - Modifying Multivalued Attributes