Saturday, November 11, 2006

Examples

Dsquery user “OU=Employees,DC=Contoso,DC=Com” –stalepwd 60 | dsmod user
mustchpwd yes

Dsquery user “OU=Employees,DC=Contoso,DC=Com” | dsmod user –HMDIR
\\Server04\Profiles\$username$” -HMDRV U:

Dsquery user “OU=Employees,DC=Contoso,DC=Com” | dsmod user –PROFILE “\\Server04\Profiles\$username$”

posted by Leenis @ 2:29 PM   0 comments

Monday, November 06, 2006

CACLS links

CACLS - Modify Discretionary Access Control Lists




How to Set File Permissions with CACLS and Excel

posted by Leenis @ 12:13 PM   0 comments

Friday, November 03, 2006

Script to MD

Then I took the sAMAccountName column by itself and ran it through for /f with a batch file using RMTSHARE (a Microsoft utility for remotely creating shares):
quote:

md y:\users\%1
rmtshare \\servername\%1$=f:\users\%1 /grant domain\user:full /remove everyone /grant "domain\Domain Admins":full

posted by Leenis @ 11:05 AM   0 comments

Tuesday, October 17, 2006

Quotable Quotes

Use domain local groups to control access to resources and use global groups to organize similar groups of users. When this is done, the global groups created are then applied to the domain local groups as members, allowing those users permissions to those resources and limiting the effect that replication has on an environment.

posted by Leenis @ 2:52 PM   0 comments

Saturday, October 07, 2006

Samples

netdom add ComputerName / domain:DomainName /userd:User PasswordD:UserPassword [/ou:OUDN]

dsadd computer "cn=desktop03,ou=servers,dc=contoso,dc=com"

dsmove "cn=desktop,ou=servers,dc=contoso,dc=com" -newparent "ou=desktops,dc=contoso,dc=com"

posted by Leenis @ 2:27 PM   0 comments

Thursday, October 05, 2006

Ldifde

Switches:

-i : Turn on import mode.
-f FileName : the input or output FileName
ie: ldifde -i -f groups.ldifde

*only ldifde is capable of modifying existing objects or removing objects.

posted by Leenis @ 3:29 PM   0 comments

Thursday, September 28, 2006

2003 Server Command Line Tools and Help

sAMAccountname = Pre-Windows 2000 Logon Name
givenName = First Name
sn = Last Name
displayName = Display Name
userPrincipalName = User Principal Name = logon-name@UPN-suffix
DN = Distinguished Name "cn+ou+dc" ; Domain Name
CN = Common Name = Pimary Name of object in LDAP like AD.
OU = Object Unit
DC = Domain Controller = a server on a Microsoft Windows or Windows NT network that is responsible for allowing host access to Windows domain resources. The domain controllers in your network are the centerpiece of your Active Directory directory service. It stores user account information, authenticates users and enforces security policy for a Windows domain.

ie:

posted by Leenis @ 8:30 AM   0 comments