Dig into the Active Directory information store

I never needed to automated users and groups creation/deletion/changes in Active Directory on Windows. I have however needed to query lists of users and groups, membership and such. That was solved by some vbscripts.

A few days ago I needed to show the list of computers in an Organizational Unit (OU), so I searched for some ways to get that. And I bumped into the Microsoft dstools (dsget/dsquery/....) and they are just perfect for automating Directory service stuff.

The commands works from a Windows 2003 server, but not from XP.

Also, I need a intro for directory services, because I havnt used it much, and a then moved to a good simple dsquery tutorial.

Then I could make some quick oneliners, starting with a very comprehensive query that is highly educative of how the Directory of Level2OU is made:
dsquery * OU=Level2OU,OU=Level1OU,DC=domain,DC=domainext -limit 0 -attr *

Listing the members of a Windows group:

dsget group "CN=somegrp,OU=level2,OU=level1,DC=domain,DC=domainext" -members -expand

Show the computers of an OU:

dsquery computer OU=Level3OU,OU=Level2OU,OU=Level1OU,DC=domain,DC=domainext -limit 0

To automated the query, I have used psexec to run it on a remote server, with a user that has access to do queries:

psexec \\srv -u dom\usr -p pwd -e cmd /C "dsquery ou domainroot"

Other than that I just found the dstools to be very powerful and some googling shows many good examples of what people have done with it! Very impressive!

The article also mentions some need-to-have directory service binaries from joeware.net/freetools but I havnt tried them. They look good though, like lots of work has been wrappen into those exes:

AdFind [switches] [-b basedn] [-f filter] [attr list]

basedn RFC 2253 DN to base search from.
filter RFC 2254 LDAP filter.
attr list List of specific attributes to return, if nothing specified returns 'default' attributes, aka * set.
...

Dependency Walker commandline example

Dependency Walker (depends.exe) can be downloaded, or is in Windows 2003 resource kit.

I wanted to script the dependency check for some .dll files, so i ran toward remote server:
psexec \\someserver /u someuser -e cmd /c "environment.cmd&depends.exe /c /pb /oc "d:\depends.temp" "some.dll""

Now parse the output file, first column is status, look for "E,":
findstr /bic:"E," \\someserver\d$\depends.temp
if errorlevel 1 echo all OK

I have not made a way to avoid enter password, but if I need I recall there are some runas and similar alternatives.

Hello World and 99 Bottles of Beer collections

Browsing around for some good C++ sample code I stumbled upon the The Hello World Collection. While that is good, the 99 Bottles of Beer song collection is stunning, informative and fun:

... the collection of the Song 99 Bottles of Beer programmed in different
programming languages. Actually the song is represented in 1200 different
programming languages and variations. For more detailed information refer to
historic information.

I went to look for the Perl example for the song, and was completely baffled!! Everything written inside regular expressions, using a perl module which creates shapes out of perl code! Andrew Savige has some serious coding skills!!

Checking the reg exp, it is a bit (but not much really) readable:

perl -MO=Deparse 99-bottles.pl
'' =~ /(?{eval"\$==pop99;--\$=;sub\n_\{(\$;=(\$=No).\" bottle\".\"s\"x!!--\$=.\" of beer\").\" on the wall\"\}print+
_,\", \$;!\nTake one down, pass it around,\n\",_,\"!\n\n\"while++\$="})/;
$: = 'P';
$~ = 'h';
$^ = 'r';
$/ = '`';
99-bottles.pl syntax OK