A few days ago I needed to show the list of computers in an Organizational Unit (OU), so I searched for some ways to get that. And I bumped into the Microsoft dstools (dsget/dsquery/....) and they are just perfect for automating Directory service stuff.
The commands works from a Windows 2003 server, but not from XP.
Also, I need a intro for directory services, because I havnt used it much, and a then moved to a good simple dsquery tutorial.
Then I could make some quick oneliners, starting with a very comprehensive query that is highly educative of how the Directory of Level2OU is made:
dsquery * OU=Level2OU,OU=Level1OU,DC=domain,DC=domainext -limit 0 -attr *
Listing the members of a Windows group:
dsget group "CN=somegrp,OU=level2,OU=level1,DC=domain,DC=domainext" -members -expand
Show the computers of an OU:
dsquery computer OU=Level3OU,OU=Level2OU,OU=Level1OU,DC=domain,DC=domainext -limit 0
To automated the query, I have used psexec to run it on a remote server, with a user that has access to do queries:
psexec \\srv -u dom\usr -p pwd -e cmd /C "dsquery ou domainroot"
Other than that I just found the dstools to be very powerful and some googling shows many good examples of what people have done with it! Very impressive!
The article also mentions some need-to-have directory service binaries from joeware.net/freetools but I havnt tried them. They look good though, like lots of work has been wrappen into those exes:
AdFind [switches] [-b basedn] [-f filter] [attr list]
basedn RFC 2253 DN to base search from.
filter RFC 2254 LDAP filter.
attr list List of specific attributes to return, if nothing specified returns 'default' attributes, aka * set.
...
No comments:
Post a Comment