Export Sites from AD sites and services:
adfind -config -f "(objectClass=site)" -dn
Export sites and associated subnets:
adfind -config -f "(objectClass=subnet)" distinguishedname siteobject
Show user which have certificates:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user)(userCertificate=*))" -dsq
Show users whch don't have certificates:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user)(userCertificate=*))" -dsq
Show users whch don't have certificates:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user)(!userCertificate=*))" -dsq Show useful informations about users:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user))"
The output of the command above is shown in the above picture.
2 comments:
Hi,
Thanks for sharing your insightful thoughts and suggestions - very cool and helpful indeed.
In the spirit of sharing helpful information, thought I'd mention that one of my Microsoft colleagues informed us about a cool FREE tool from a Microsoft partner, that offers over 50 super-helpful Active Directory security reports, such as which accounts are locked out, which accounts are set to expire in the next few days, which security groups are nested, where all a user may have permissions etc.
The tool is called Gold Finger, and it is developed by a company called Paramount Defenses. You can download it from http://www.paramountdefenses.com/goldfinger.php
Why bother writing complicated scripts or using unsupported command-line tools when you can use a 100% AUTOMATED, GUI based, FREE solution that is not only SUPPORTED but also ENDORSED by Microsoft?!
If you're into Active Directory security, then this tool is a must-have.
Thought I'd share this helpful tip with you!
Sincerely,
JohnM
Hey, nice post - thanks. Indeed, a plan and sticking to it is so important and can be so helpful.
By the way, I run a blog on Free Active Directory Tools, so if you're into helpful AD tools, please feel free to stop by!
Ciao,
Marc
Post a Comment