Computer Performance, Windows 2003 Vista Best Practice

Best Practice Ezine #59 ADSI Edit

Best Practice Ezine. Computer Performance. Advertise

Monitor Server

Is your server running slowly?  Check with SolarWinds ipMonitor.

Get your free evaluation copy of ipMonitor here

IPAM Ip Address Tracker

IPAM will assist you in managing IP addresses.

To let you into a secret, this utilities is fun to use, even if you don't have a pressing need to calculate your IP address space.

Get a free evaluation copy of Orion IPAM

Best Practice Ezine #59 ADSI Edit

I never waste a chance to explore with ADSI Edit (Active Directory Services Interface).  Not only is ADSI Edit useful for undertaking TechNet solutions, but also it helps me learn about Active Directory.  The learning effect is rather like going into a large church, not only do you see the beauty of the windows, but also you absorb the atmosphere and ethos of the building.  So it is with ADSI Edit, as you troubleshoot a problem, you cannot fail to take in Active Directory's overall structure as well as some of its thousands of attributes.

If you are looking for handy network utilities, try some of the free downloads at Tools4Ever

As someone who writes VBScripts, ADSI Edit provides the correct LDAP names when I am scripting user's properties.  Only last week the mailNickName attribute helped solve an Exchange problem.  For you, I have a challenge to experiment with a property called createDialog.  Before we start a word of warning, some people call me Gung-ho Guy. The good news about Gung-ho Guy is that you don't get 7 pages of disclaimers before you start; instead my aim is to have fun and get you started.  The bad news about Gung-ho Guy is that I may lure you to try something you should not do on a production network.  For Example, last week I was rightly brought to task for not emphasising that you should not start Seizing FSMO roles with NTDSutil on a business network.

So here are a few words of warning; best of all use a test network, if you must use a real network, undo your actions at the end of the experiment.  Let me describe the task.  You are a large organization, and when you view the 'Name' column in Active Directory Users and Computers, you see users ordered by First Name then Last Name.  The boss says he wants the order to be: Last Name, First Name.  Just to confirm, I am Not talking about the column called Display, or the column called Description, we are going to experiment with the column called Name.  Research reveals that the key Attribute is called createDialog.  Here is how find that setting with ADSI Edit, and add a command to alter the sort order.

ˆ

If you prefer to see the instructions online check here

1) Install ADSI Edit from the \support\tools folder of the Windows Server 2003 CD.

2) Once ADSI Edit launches, select the Configuration partition (not the Domain).

3) Next it's CN=Configuration, Display Specifies.  CN=409 means English sort order (not Spanish or Arabic).

4) What we want is the user-Display Properties, then the crucial Attribute is createDialog.

5) Ever heard of 'slow down I am in hurry'?  Well I rushed this next command and it took me four re-tries before I perfected the string value:
%<sn>, %<givenName>.

The error that incensed me the most was when I tried givenname.  It was particularly galling as I had previously preached that LDAP was not case sensitive. Wrong, Guy you need precisely %<givenName>

6) Go to Active Directory Users and Computer and create a test user.  If their name displayed, Last Name, comma, First Name then you have succeeded.  If not re-read the instructions.  With ADSI Edit and LDAP, learn from my mistakes and pay attention to detail.

7) I am afraid there is one more horror story, editing createDialog does not affect existing users only new ones. So, I advise you to reverse the instructions and set back to how the default. First Name Last Name. Of course there is a hidden message here, plan and test before you roll-out a live domain.

Confession time.  A reader kindly sent in a script which WOULD change the Name display of all existing names, but I lost it.  So, if you know of such a script please send it in.  Talking of sending in ideas, please send me your favourite ADSI Edit 'hacks'.  Meanwhile here are some more of mine.

  1. tombstoneLifetime - To be able to restore backups older than 60 days.
  2. Address Lists Container - Exchange 2003 setting to control security for the Anonymous User.
  3. msDS-Behavior-Version - Cures a problem with Raising Forest Level.

 

See more about ADSI in my new section at the website

 

Computer Training Software - Recommended Training VideosGuy Thomas recommends Computer Training Software

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

 *

Google

Web  This website

Review of Orion NPMGuy Recommends: Orion's NPM - Network Performance Monitor

Orion's performance monitor is designed for detecting network outages. A network-centric view make it easy to see what's working, and what needs your attention.

This utility guides you through troubleshooting by indicating whether the root cause is faulty equipment or resource overload.

Download a free trial of the Network Performance Monitor

 

Home Copyright © 1999-2010 Computer Performance LTD All rights reserved

Please report a broken link, or an error.