Assuming that you have a file users.txt with this format:
Last_name First_name Group Password
This script automatically create groups in the specified ou Sales, add users to this ou and to the respective groups, give users specified passwords, assign a logon script, create and share home folders and give ntfs permissions on them....a lot of work isn't it?
I must say that the script uses the rmtshare tool for setting shares, available for download from Microsoft.
@setlocal
@set ou=OU=Sales,DC=test,DC=com
@set domain=test.com
@set domainadmins=CN=Domain Admins,CN=Users,DC=test,DC=com
@set domainusers=CN=Domain Users,CN=Users,DC=test,DC=com
@rem Creation of groups
for /f "tokens=1,2* delims= " %%a in (users.txt) do dsadd group "CN=%%c, %ou%"
@rem Creation of users
for /f "tokens=1,2* delims= " %%a in (users.txt) do dsadd user "CN=%%b %%a, %ou%" -upn "%%b %%a" -fn %%b -ln %%a -display "%%b %%a" -loscr Scripts\logon.bat -pwd %%d -memberof "CN=%%c, %ou%"
@rem Creation of personal folders (home folders)
for /f "tokens=1,2* delims= " %%a in (users.txt) do md "D:\Homes\%%b %%a"
@rem Make shares on home directories
for /f "tokens=1,2* delims= " %%a in (users.txt) do rmtshare \\%COMPUTERNAME%\"%%b %%a$" = "D:\Homes\%%b %%a"
@rem Grant share rights on home folders
for /f "tokens=1,2* delims= " %%a in (users.txt) do rmtshare \\%COMPUTERNAME%\"%%b %%a$" /grant "%domain%\%%b %%a":CHANGE /grant "%domain%\Domain Admins":"FULL CONTROL"
@rem Give NTFS rights on home folders
for /f "tokens=1,2* delims= " %%a in (users.txt) do cacls "D:\Homes\%%b %%a" /T /C /G "%domain%\%%b %%a":C "%domain%\Domain Admins":F
Thursday, July 17, 2008
Wednesday, July 16, 2008
Rename all users from AD
This was one problem I faced a time ago. I must change all active directory users name from "name surname" to "name.surname". The magic was done for me by this little vbscript which has done in seconds the amazing job. All users were in the organizational unit Test.
OUPath = LDAP://OU=Test,DC=test,DC=com
Set CNUsers = GetObject (OUPath)
CNUsers.Filter = Array("user")
For Each User in CNUsers
NewNameFormat = User.givenName & "." & User.sn
Set objUser = GetObject("LDAP://" & User.DistinguishedName)
objUser.SamAccountName = NewNameFormat
objUser.UserPrincipalName = NewNameFormat
objUser.SetInfo
Next
OUPath = LDAP://OU=Test,DC=test,DC=com
Set CNUsers = GetObject (OUPath)
CNUsers.Filter = Array("user")
For Each User in CNUsers
NewNameFormat = User.givenName & "." & User.sn
Set objUser = GetObject("LDAP://" & User.DistinguishedName)
objUser.SamAccountName = NewNameFormat
objUser.UserPrincipalName = NewNameFormat
objUser.SetInfo
Next
Security and distribution groups
Useful one-step scripts:
- Show the creation date of all groups from AD forest:
dsquery * forestroot -filter "(&(objectClass=Group))" -attr name whenCreated description -limit 0
- Show the date of modification of all groups from AD forest:
dsquery * forestroot -filter "(&(objectClass=Group))" -attr name whenChanged description -limit 0
- Show the creation date of all users from AD forest:
dsquery * forestroot -filter "(&(objectClass=User))" -attr name whenCreated description -limit 0
- Show all distribution groups mail enabled from AD forest
dsuery * forestroot -filter "(&(samAccountType=268435457)(mail=*))" -limit 0
- Show all distribution groups without mail enabled from AD forest
dsquery * forestroot -filter "(&(samAccountType=268435457)(!mail=*))" -limit 0
- Show all security groups mail enabled from AD forest
dsquery * forestroot -filter "(&(samAccountType=268435456)(mail=*))" -limit 0
- Show all security groups without mail enabled from AD forest
dsquery * forestroot -filter "(&(samAccountType=268435456)(!mail=*))" -limit 0
- Show membership of a group named "XXX"
dsget group "XXX" -members -expand
- Show the creation date of all groups from AD forest:
dsquery * forestroot -filter "(&(objectClass=Group))" -attr name whenCreated description -limit 0
- Show the date of modification of all groups from AD forest:
dsquery * forestroot -filter "(&(objectClass=Group))" -attr name whenChanged description -limit 0
- Show the creation date of all users from AD forest:
dsquery * forestroot -filter "(&(objectClass=User))" -attr name whenCreated description -limit 0
- Show all distribution groups mail enabled from AD forest
dsuery * forestroot -filter "(&(samAccountType=268435457)(mail=*))" -limit 0
- Show all distribution groups without mail enabled from AD forest
dsquery * forestroot -filter "(&(samAccountType=268435457)(!mail=*))" -limit 0
- Show all security groups mail enabled from AD forest
dsquery * forestroot -filter "(&(samAccountType=268435456)(mail=*))" -limit 0
- Show all security groups without mail enabled from AD forest
dsquery * forestroot -filter "(&(samAccountType=268435456)(!mail=*))" -limit 0
- Show membership of a group named "XXX"
dsget group "XXX" -members -expand
Saturday, July 12, 2008
Filter information from event log
The following script will show when specific events logged in event viewer happened. This helped me find out if a computer was shut down daily during a month. For this, i searched for specific event id 6009 in the System event log and put in a text file the date and time when it was logged:
Set dtmDate = CreateObject("WbemScripting.SWbemDateTime")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _("Select * from Win32_NTLogEvent Where Logfile = 'System' and " _& "EventCode = '6009'")
For Each objItem in colItems
Wscript.Echo "Computer Name: " & objItem.ComputerName
Wscript.Echo "Event Code: " & objItem.EventCode
dtmDate.Value = objItem.TimeWritten
dtmTimeWritten = dtmDate.GetVarDate
Wscript.Echo "Time Written: " & dtmTimeWritten
Next
Set dtmDate = CreateObject("WbemScripting.SWbemDateTime")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _("Select * from Win32_NTLogEvent Where Logfile = 'System' and " _& "EventCode = '6009'")
For Each objItem in colItems
Wscript.Echo "Computer Name: " & objItem.ComputerName
Wscript.Echo "Event Code: " & objItem.EventCode
dtmDate.Value = objItem.TimeWritten
dtmTimeWritten = dtmDate.GetVarDate
Wscript.Echo "Time Written: " & dtmTimeWritten
Next
Find users who are local admins
Here is a Visual Basic script, which will audit what accounts/groups are members of the local administrator group. I put it as a a logon script. It puts in a shared folder named public a text file with the computer name and users which are in the local administrators group and are not domain admins or administrator:
Option Explicit
Const ForAppending = 8
Dim objGroup, strComputer, objMember, WshNetwork, objRecordSet, objFSO, objFile, strFileName
strComputer = "."
Set WshNetwork = WScript.CreateObject("WScript.Network")
WScript.Echo "Computer Name = " & WshNetwork.ComputerName
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
For Each objMember In objGroup.Members
If objMember.Name <> "Administrator" and objMember.Name <> "Domain Admins"
ThenSet objFSO = CreateObject("Scripting.FileSystemObject")
strFileName = "C:\Public\" & WshNetwork.ComputerName & ".txt"
Set objFile = objFSO.OpenTextFile(strFileName, ForAppending, True)
objFile.WriteLine (objMember.Name)
objFile.Close
End If
Next
Option Explicit
Const ForAppending = 8
Dim objGroup, strComputer, objMember, WshNetwork, objRecordSet, objFSO, objFile, strFileName
strComputer = "."
Set WshNetwork = WScript.CreateObject("WScript.Network")
WScript.Echo "Computer Name = " & WshNetwork.ComputerName
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
For Each objMember In objGroup.Members
If objMember.Name <> "Administrator" and objMember.Name <> "Domain Admins"
ThenSet objFSO = CreateObject("Scripting.FileSystemObject")
strFileName = "C:\Public\" & WshNetwork.ComputerName & ".txt"
Set objFile = objFSO.OpenTextFile(strFileName, ForAppending, True)
objFile.WriteLine (objMember.Name)
objFile.Close
End If
Next
Add users from a file to a specific OU
Hi all,
Today i will post a bunch of useful scripts for a system administrator. This is the one about adding a users from a text file (users.txt) in which you have the first and last name of the users. The users will be created with the password P@ssw0rd.
for /F "tokens=1,2 delims= " %%i in (users.txt)
do dsadd user "cn=%%i %%j,ou=Sales,dc=test,dc=ro" -samid "%%i %%j" -upn "%%i %%j"@test.ro -fn "%%i" -ln "%%j" -display "%%i %%j" -pwd P@ssw0rd -disabled no
The script can be easily customized, For example, if in the users.txt you have the first name, last name and a description of every user, the script will look like this:
for /F "tokens=1,2,3 delims= " %%i in (users.txt) do dsadd user "cn=%%i %%j,ou=Sales,dc=test,dc=ro" -samid "%%i %%j" -upn "%%i %%j"@test.ro -fn "%%i" -ln "%%j" -display "%%i %%j" -pwd P@ssw0rd -disabled no -desc=%%k
Today i will post a bunch of useful scripts for a system administrator. This is the one about adding a users from a text file (users.txt) in which you have the first and last name of the users. The users will be created with the password P@ssw0rd.
for /F "tokens=1,2 delims= " %%i in (users.txt)
do dsadd user "cn=%%i %%j,ou=Sales,dc=test,dc=ro" -samid "%%i %%j" -upn "%%i %%j"@test.ro -fn "%%i" -ln "%%j" -display "%%i %%j" -pwd P@ssw0rd -disabled no
The script can be easily customized, For example, if in the users.txt you have the first name, last name and a description of every user, the script will look like this:
for /F "tokens=1,2,3 delims= " %%i in (users.txt) do dsadd user "cn=%%i %%j,ou=Sales,dc=test,dc=ro" -samid "%%i %%j" -upn "%%i %%j"@test.ro -fn "%%i" -ln "%%j" -display "%%i %%j" -pwd P@ssw0rd -disabled no -desc=%%k
Subscribe to:
Posts (Atom)
