Is your server running slowly? Check with SolarWinds ipMonitor.
Get your free evaluation copy of ipMonitor
here
IPAM will assist
you in managing IP addresses.
To let you into a secret, this utilities is fun to use, even if you
don't have a pressing need to calculate your IP address space.
Get a free evaluation copy of
Orion IPAM
Introduction to LDAP* Properties with ADSI Edit
There are two main reasons for turning to Microsoft's ADSI Edit (Active Directory Services Interface). In each case Active Directory User and Computers does not
provide sufficient detail on the object's properties. - When you need to script user account attributes, what you want is the precise spelling of the LDAP* property. For example, Active Directory Users and Computers
displays First Name, but you need to know that the underlying LDAP attribute is called givenName.
- You are troubleshooting a problem and TechNet gives you the solution, which is to amend an LDAP property. However, Active Directory Users and Computers does not display the attribute, so you
launch ADSI Edit
because it gives low level access to the object's attributes.
* LDAP is the Lightweight Directory Access Protocol.
Topics for LDAP Properties with ADSI Edit
When ever you discover a useful utility such as ADSI Edit, always make a note of where it comes from. The best place to get ADSI Edit is from the support folder of the Windows Server 2003 CD.
You can also find the executable in many of Microsoft's Resource Kits. Failing all else you can download ADSI Edit here You need very little to get started with ADSI Edit. I love the MMC (Microsoft Management Console), so I just add
ADSI Edit as extra Snap-in to my console.
Here is a sure way to launch ADSI Edit, Start, run MMC. File (Menu) Add Remove Snap-in, ADSI Edit. Once ADSI Edit launches you need to decide on the Naming Context. For scripting, and
Active Directory Users and Computers properties, you
normally select Domain. However, with TechNet pay close attention as to whether you need the Configuration or Domain naming context. After a while I expect that you will add both contexts to the snap-in.
The situation is that you wish to bulk import
users. Not only do you wish to create an account, but also you want that account to have numerous values pre-configured in the properties pages. This
is a classic job for multi-tasking. Open Active Directory Users and Computers in one window, and ADSI Edit in the other. When you put a value in one window, you can discover which field it
appears in the other window. The reason for this experiment is that when you script user's properties you need to know the LDAP name for each attribute or box in Active Directory Users and computers.
Here are a few comparisons between ADUC Properties and ADSI Edit. Beware there is no consistency, some are identical, some are near, whilst others bear no resemblance. ADUC Properties
- ADSI Edit Attributes
First Name - givenName
Last Name - sn
Office - physicalDeliveryOfficeName
City - L
Department - Department (See screen shot)
Display Name - DisplayName
Description - Description ADSI Edit has the added bonus in that you can display attributes that do not display in the Active Directory User's and Computers interface. For example, badPwdCount or
logonCount. The diagram opposite is taken from
Active Directory Users and Computers.
Observer how the Department property on the Organization tab is the same as the Department attribute in ADSI edit. However, more often than not, the LDAP names differ from the property sheet names.
If ADSI Edit is unavailable, you could use CSVDE -f filename.csv to export the LDAP attributes. If you opened filename.csv in Excel then you could see all the LDAP attributes in the first row.
The only problem with this technique is that it's not always obvious which field in the spreadsheet corresponds to which field in Active Directory Users and Computers. One useful technique is to add values in the boxes, then export using CSVDE, finally open the file in Excel and search for the value.
Guy Recommends: SolarWinds Engineer's Toolset v10
The Engineer's Toolset v10 provides a
comprehensive console of utilities for troubleshooting computer problems. Guy says
it helps me monitor what's occurring on the network, and the tools
teaches me more about how the system literally operates.
There are so many good gadgets, it's like having free rein of a
sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.
Download your copy of the Engineer's Toolset v 10
In Exchange, if you wish to change the way names are displayed in the global address book, then employ ADSI Edit to
alter the user-Display, createDialog. This is a job for the Container naming context, not the Domain naming context. See more here
on customizing the display name. My point is that as soon as you start investigating ADSI Edit, you will suddenly discover more and more opportunities to apply the LDAP techniques in other
situations. Trust me, Microsoft's ADSI Edit will become a utility that you turn to more and more. Not only is ADSI Edit useful for spelling the LDAP properties,
but also it will help when you need to find and then configure, hidden Active Directory properties. So, waste no time, get a copy of ADSI Edit and add it to your MMC console.
● ADSI Edit - Getting Started ● ADSI Edit - More
Settings
|
Save
hours of frustration and buy Guy's eBook. The extra features include:
detailed instructions on how to import and export user accounts, ten new pages
of worked CSVDE examples.