ADRestore.NET rewrite

יום שבת, דצמבר 15, 2007

Last month I had couple of clients that needed to restore accidentally deleted user and computer account. Though there is a command line version of tombstone reanimation tool called adrestore, the clients were not CLI savvies and having a GUI version of this functionality could really help them out. Some time ago I wrote a GUI version just for the case in VB.NET, but as it turned out it was quite buggy (well, it was one of my first .NET GUI apps), so I set down and rewrote the application from scratch in C#. Now, if you are...
21 תגובות

Executing a set of commands against all DCs in the forest

יום חמישי, נובמבר 29, 2007

Funny how things turn out. I was visiting today a customer which is undergoing a process of upgrading his Domain Controllers to W2K3 R2 and I was asked to help them get a report of OS version on all the DCs in the forest (multi-domain forest). First I thought to query the AD directly, but it appears that there is no way to distinguish between W2K3 and W2K3 R2 when looking at operatingSystem, operatingSystemVersion and operatingSystemServicePack attributes of the DC's computer account. Now what is so funny about it ? Well, just yesterday I helped out a guy...
אין תגובות

Performance based Active Directory MCP exams

יום שלישי, אוקטובר 23, 2007

 Looks like MS are going in the right direction (finally!) - they are piloting a performance based AD exam that should replace the current multiple-choice tests. For a long time I have been bashing that the current MCP exams format is useless - too many people without proper knowledge have passed the exams just by using braindumps, the questions in the exams are way too far from the real life experiences, dilemmas and tasks me and many other AD consultants like me, are being faced with on a daily basis. Performance based exams should bring in some balance into the...
אין תגובות

XP as Domain Controller ?

יום חמישי, ספטמבר 6, 2007

Well... Not really. But here is a nice tidbit: 1) Create a share called SYSVOL on an XP box 2) Try to unshare the directory you shared as SYSVOL. 3) You will get a nice warning stating: "This share is required for the machine to act properly as a domain controller. Removing it will cause a loss of functionality on all clients that this domain controller serves. Are you sure you wish to stop sharing SYSVOL?" Here is a screenshot:   But do not worry - unsharing SYSVOL on XP will not break your AD. My...
3 תגובות


יום שישי, אפריל 27, 2007

Finally I had some time to sit down and dig into System.DirectoryServices (S.DS) namespace in .NET 2. Couple of days later and after too many full ashtrays, what I have is 2 things: A list of links to resources I found to be very useful while trying to get familiar with the topic: Introduction to System.DirectoryServices.Protocols (S.DS.P) by Ethan Wilansky Introduction to System.DirectoryServices.ActiveDirectory (S.DS.AD) by Ethan Wilansky Extemporaneous Mumblings - Ryan Dunn's blog (very useful code examples) Directory Programming .NET - website run by Ryan Dunn and Joe Kaplan - two...
3 תגובות

Preventing local administrators from renaming computers in AD

יום רביעי, פברואר 21, 2007

Imagine that you are an administrator in a large distributed AD based environment. You have invested a lot of thought and time in the design, written policies, created procedures and among other things you rely on some sort of naming convention for your servers for the purpose of provisioning and tracking. You rigorously follow the guidelines in order to keep your environment as stable and controlled as possible, but...  But the problem is that in a large environment you do not control everything. It only makes sense that there are user accounts in your AD that are local administrators on a bunch of production servers...
2 תגובות

Bulk add user accounts from a file to security group using batch

יום ראשון, ינואר 14, 2007

If you have a file containing the names of users (sAMAccountName) and you want to add all of them to a specific group in AD, here is a batch script that might make your life easier:   :: GrpFromFile.CMD - Guy Teverovsky - January 2007:: :: Add users from a file to specific group@echo offsetlocal ENABLEDELAYEDEXPANSIONsetlocal ENABLEEXTENSIONSif "%1"=="" goto :SYNTAXif "%1"=="/?" goto :SYNTAXecho/:: Define initial environmentset groupname=%1set filename=%2set scriptname=GrpFromFile:: Determine if supplied arguments were sufficientif "%groupname%"=="" (  echo/  echo ERROR - Insufficient arguments  goto :SYNTAX)if "%filename%"=="" (  echo/  echo ERROR - Insufficient arguments  goto :SYNTAX)if not exist "%filename%" (  echo/  echo ERROR - File not found  goto :SYNTAX):: Locate critical...
4 תגובות

Copying AD user group membership with dsquery and dsmod

יום שישי, דצמבר 22, 2006

  A question was asked at Daniel Petri's forums about copying AD user's group membership using dsquery/dsmod tools. Having some spare time I have written a batch script that does just that - looks at memberOf attribute of source user account and joins the target account to those groups. Important: if the source account is a member in a group that resides in another forest or the group is of Domain Local type, the fact is not reflected in the memberOf attribute and membership in those group will not be copied between accounts. The script is mosly usefull in single domain...
אין תגובות

How to install Active Directory on Longhorn Server Core

יום ראשון, נובמבר 26, 2006

Before installing AD on Server Core you should make sure you have all the basic requirements satisfied. Not being able to comply with the requirements will not let you set up the Active Directory. The actual list has not been published yet to my knowledge, so you might want to use Daniel Petri's What are the AD installation requirements and recommendations article as guidance.   Note: This article is only good for understanding how to install the FIRST DC in a NEW AD Domain, in a NEW TREE, in a NEW FOREST. Meaning - don't do it for any other scenario, such as...
10 תגובות