Table of Contents
Contacts
Output a list of all contacts in Active Directory to a text file with current date
dsquery contact > "Contacts in AD (%date%).txt"
Output a list of all contacts with their emailaddress in Active Directory to a text file with the current date
dsquery contact|dsget contact -email -display > "Email Addresses for Contacts (%date%).txt"
Output a list of all contacts with their emailaddress in the Contacts.Exchange OU to a text file with the current date
dsquery contact "OU=Contacts,OU=Exchange,DC=fabrikam,DC=com"|dsget contact -email -display > "Email Addresses for Contacts OU (%date%).txt"
Output a list of all contacts with their emailaddress in the OU that is given when the script runs
dsquery contact %1|dsget contact -email -display > "Email Addresses for %2 OU (%date%).txt"
Above script should be run as follows:
ShowContactsEmailAddressFor.cmd "OU=Contacts,OU=Exchange,DC=fabrikam,DC=com" "Contacts"
Groups
Copy the group memberships from one user to another
dsget user %1 -memberof|dsmod group -c -addmbr %2
Above script should be run as follows:
CopyGroupMembership.cmd "CN=SourceUsername,OU=Users,DC=fabrikam,DC=com" "CN=DestinationUserName,OU=Users,DC=fabrikam,DC=com"
Copy the group memberschips from one group to another
- CopyGroupMembersToGroup.cmd
@ECHO OFF REM CopyGroupMembersToGroup.cmd REM For copying the members of one group to another. REM 20100827, v1. REM 20120621, v2. REM Added FOR loop so the script doesn't quit on the first account that already is a member of both groups. @ECHO ON FOR /F "tokens=*" %%S IN ('dsget group %1 -members') DO ( dsmod group %2 -addmbr %%S )
Above script should be run as follows:
CopyGroupMembersToGroup.cmd "CN=SourceGroupName,OU=Groups,DC=fabrikam,DC=com" "CN=DestinationGroupName,OU=Groups,DC=fabrikam,DC=com"
Get the account names of group members
dsget group %1 -members -expand|dsget user -samid -c
Above script should be run as follows:
GetGroupMembersAccountName.cmd "CN=GroupName,OU=Groups,DC=fabrikam,DC=com"
Get the full name of group members
dsget group %1 -members -expand|dsget user -display -c
Above script should be run as follows:
GetGroupMembersFullName.cmd "CN=GroupName,OU=Groups,DC=fabrikam,DC=com"
Users
Home directories
Onderstaand commando haalt alle users uit AD die nu een home directory hebben met “servernaam” in de string en vervangt deze door \\newserver\Home\$username$:
dsquery user -limit 2000|dsget user -samid -hmdir|find /I "servernaam"|gawk "{print $1}"|tee "c:\temp\usernamesfound.txt"|xargs -n 1 dsquery user -samid |dsmod user -hmdir \\newserver\Home\$username$|tee "c:\temp\dsmodresult.txt"
Voor dit commando heb je de gawk, tee en xargs utilities voor Windows nodig. Deze kun je halen uit: GNU utilities for Win32
Uitleg
dsquery user -limit 2000
Vraagt alle users op in AD en verhoogt de limiet op geretourneerde regels van de standaard 100 naar 2000.
dsget user -samid -hmdir
Vraagt van al deze users het samid en de home directory op.
find /I “servernaam”
Geeft de regels terug waarin servernaam voorkomt en let daarbij niet op hoofdletters.
gawk “{print $1}“
Geef de eerste kolom van het resultaat terug, de samid's.
tee “c:\temp\usernamesfound.txt”
Stopt de uitvoer in zowel het aangegeven bestand als op de console.
xargs -n 1 dsquery user -samid
Voert dsquery user -samid met daarachter één argument uit de lijst aangegeven door xargs (vergeet niet de spatie na -samid en het pipe symbool!) om de DN van deze useraccount te achterhalen.
dsmod user -hmdir \\newserver\Home\$username$
Past per userDN de home directory aan naar de nieuwe server + share + username.
tee “c:\temp\dsmodresult.txt”
Stopt de uitvoer van dsmod in zowel het aangegeven bestand, als op de console.
List of enabled users
Requires comm.exe from UnixUtils
- GetActiveUsers.cmd
@ECHO OFF REM GetActiveUsers.cmd REM 20110726, v1. SET UNIXUTILS=I:\Tools\UnixUtils\usr\local\wbin SET TMPDIR=C:\Temp ECHO Getting a list of all user accounts %SYSTEMROOT%\system32\dsquery.exe user forestroot -o samid -limit 0|sort > "%TMPDIR%\users.txt" ECHO Getting a list of disabled user accounts %SYSTEMROOT%\system32\dsquery.exe user forestroot -disabled -o samid -limit 0|sort > "%TMPDIR%\disabled.txt" ECHO Comparing both lists to filter out the disabled users %UNIXUTILS%\comm.exe -3 "%TMPDIR%\disabled.txt" "%TMPDIR%\users.txt" > "%TMPDIR%\Enabled-%date%.txt" ECHO Displaying the end result in Notepad %SYSTEMROOT%\system32\notepad.exe "%TMPDIR%\Enabled-%date%.txt"