Due to the scale and complexity of many Active Directory implementations , Microsoft has added many new command-line features to Windows Server 2003 to better support scripting of complex configuration tasks and bulk management initiatives. | You should be able to perform the basic Active Directory object manipulation actions of creation, modification, and deletion using both graphical MMC snap-ins and command-line tools. | Table 2.1 details several new command-line tools included for Active Directory management, which we'll review in this chapter. Table 2.1. Command-Line Tools for Manipulating Active Directory Objects Tool | Description | csvde.exe | Used to import and export Active Directory data using a comma-separated file format ( .csv ) | dsadd.exe | Used to add a new object to the directory ( user , computer, contact, group , or organizational unit) | dsget.exe | Used to display selected attributes of an object in the directory | dsmod.exe | Used to modify an existing object | dsmove.exe | Used to rename an object and move an object to a new location within the same domain | dsquery .exe | Used to display a list of objects within the directory that meet the specified search criteria | dsrm.exe | Used to delete an object from the directory | ldifde .exe | A powerful tool used to import and export Active Directory data and extend the schema, as well as to create, modify, and delete objects within the directory | Table 2.2 provides a listing of other important command-line tools included in Windows Server 2003. Table 2.2. Additional Useful Command-Line Tools Provided for Scripting in Windows Server 2003 Tool | Description | Adprep | Used to prepare an existing Windows 2000 domain for upgrade to Windows Server 2003 | Bootcfg | Used to configure, change, and review BOOT.INI settings | Choice | Used to prompt a user to select from a listing of choices | Clip | Used to send command-line output to the Windows Clipboard | Cmdkey | Used to review, create, and delete stored usernames and passwords | Diskpart | Used to manage disks, partitions, and volumes | Eventcreate | Used to create an event in a specified event log | Forfiles | Used to specify files to use in batch processing | Gettype | Used to identify the version of Windows being used | Gpresult | Used to review the Resultant Set of Policy (RSoP) data for a security principal | Inuse | Used to replace in-use operating system files | Logman | Used to schedule performance counter and trace log collection | Openfiles | Used to review and disconnect currently open files | Prncnfg | Used to review and configure printer settings | Prnjobs | Used to review, pause, resume, and cancel pending print jobs | Sc | Used to review and configure services | Schtasks | Used to review, add, and delete scheduled tasks | Setx | Used to set environment variable values | Shutdown | Used to restart or turn off a computer | Systeminfo | Used to review system configuration details | Takeown | Used to take ownership of an existing file | Taskkill | Used to stop one or more processes | Tasklist | Used to review a listing of running processes | Waitfor | Used to synchronize networked computers on a common signal | Where | Used to review files that match the specified criteria | Whoami | Used to review user configuration information | WMIC | A command-line interface for Windows Management Instrumentation (WMI) scripting | Table 2.3 includes a listing of several useful command-line tools used to manage the Windows Internet Information Services (IIS). Table 2.3. Command-Line Tools for Use with IIS 6.0 Tool | Description | IISBack | Used to create and manage backups of the IIS configuration settings | IISCnfg | Used to import and export IIS configuration details | IISFtp | Used to start, stop, pause, resume, review, create, and delete FTP sites | IISFtpdr | Used to create and delete FTP site virtual directories | IISVdir | Used to create and delete Web site virtual directories | IISWeb | Used to start, stop, pause, resume, review, create, and delete Web sites | Because Windows Server 2003 has been designed to operate in large server-farm settings, almost any operation that can be managed at the console has a command-line equivalent. This eases remote and bulk scripted operations. | For more details on scripting for the Windows environment, you should look at the MSDN Windows Script site: http://msdn.microsoft.com/library/default.asp?url=/nhp/Default.asp?contentid=28001169. | As we'll discuss in later chapters, Microsoft Windows Server 2003 can also be remotely managed with the full capability of the graphical user interface (GUI) console by using Terminal Services in a Remote Management configuration, but you should be familiar with the command-line tools used for most basic operations in the chapters ahead. Command-line operations can be performed by selecting Start, Run and then entering cmd before clicking the OK button. This opens the command-line shell interface, as shown in Figure 2.5. Figure 2.5. The command-line shell environment opened by the Administrator account. The csvde Utility The csvde utility is provided to rapidly import from and export Active Directory data to a comma-separated file ( .csv format). Programs such as Microsoft Excel can be used to export tabular data in .csv format, although it's also possible to generate a CSV file through scripted output or using Notepad, as shown in Figure 2.6. Figure 2.6. Sample .csv file ( testdata.csv ) that includes Active Directory object data generated by use of the csvde utility. | The syntax of the csvde.exe utility is provided in the Microsoft help file: [View full width] [View full width] csvde [ -i ] [ -f FileName ] [ -s ServerName ] [ -c String1 String2 ] [ -v ] [ -j Path ] [ -t PortNumber ] [ -d BaseDN ] [ -r LDAPFilter ] [ -p Scope ] [ -l LDAPAttributeList ] [ -o LDAPAttributeList ] [ -g ] [ -m ] [ -n ] [ -k ] [ -a UserDistinguishedName Password ] [ -b UserName Domain Password ] To see a listing of all the parameters and their meanings, type the following at the command-line shell prompt: csvde /? | Exporting Data Using csvde To perform a simple export of nonbinary information for User objects from the server MyServer, using the Active Directory port (3268) to the file MyUsers.csv in the current directory, perform the following steps: -
Open the command-line shell interface by selecting Start, Run and entering cmd before clicking the OK button. -
Input the following command: csvde -f MyUsers.csv -s MyServer -t 3268 -m -n -r (objectClass=User) -
Open the file in Notepad to examine the result (see Figure 2.7). Figure 2.7. Sample .csv data export of MyUsers.csv in Notepad. Importing Data Using csvde The csvde utility can also be used to import data into Active Directory from a .csv file, using a similar format: csvde -i -f MyData.csv -s MyServer -r (objectClass=User) This code imports (the -i parameter specifies an import) only the User type objects from the file MyData.csv into Active Directory using the default LDAP port on the MyServer domain controller. The ldifde Utility The ldifde utility provides a more complete command-line management tool that can be used to import or export Active Directory data against another directory service, to extend the schema, or to create, modify, and delete directory objects. | The syntax of the ldifde utility is provided in the Microsoft help file: [View full width] [View full width] ldifde [ -i ] [ -f FileName ] [ -s ServerName ] [ -c String1 String2 ] [ -v ] [ -j Path ] [ -t PortNumber ] [ -d BaseDN ] [ -r LDAPFilter ] [ -p Scope ] [ -l LDAPAttributeList ] [ -o LDAPAttributeList ] [ -g ] [ -m ] [ -n ] [ -k ] [ -a UserDistinguishedName Password ] [ -b UserName Domain Password ] [ -? ] To see a listing of all the parameters and their meanings, type the following at the command-line shell prompt: ldifde /? | Use of the ldifde utility is very similar to the csvde utility you're already familiar with, although the generated output file ( .ldf ) is very different in its final format. To generate an output file MyUsers.ldf in the current directory, exporting User data ( CN , DN , Object Class , givenname , and SAMAccountName ) from MyServer, execute the following command within the command-line shell: [View full width] [View full width] ldifde -f MyUsers.ldf -s MyServer -r (objectClass=User) -l "cn,givenName,samAccountName ,objectClass" Figure 2.8 displays part of the resulting file. Figure 2.8. Sample .ldf data export MyUsers.ldf in Notepad. | Because the ldifde utility can make fundamental modifications to the schema and Active Directory objects, it's best to practice using this command in a testing network rather than in a production environment. | |