Guy's Scripting Ezine 29 - DS Commands
Contents for Guy's Scripting Ezine 29 - DS Commands
This week I have a change from VBScript, we will investigate the DS family
of commands. Another difference it that in this edition, I am going to
request your opinion about DSadd, DSmod and the rest of the commands.
Normally, I welcome new technology with open arms. Yet
occasionally, I wonder if a new feature lives up to all its hype. The DS
family is a case in point. In the past I have had the same negative
feeling when I trawl through the resource kit, while some of the tools are nice,
snappy or powerful, others make me scratch my head and think: 'Will I
ever really need this executable?'
What niggles is the feeling that I may be wrong to dismiss the the DS commands. I
must be wary of the Luddite syndrome; if you remember the Luddites smashed new
technology just because they did not understand it. So, please help me.
Tell me what you think
about the DS family. To help you decide on the value of DS commands, here are
three examples.
Calculating IP Address
ranges is a black art, which many network managers solve by creating custom
Excel spreadsheets. IPAT cracks this problem of allocating IP addresses
in networks in two ways:
For Mr Organized there is a nifty subnet
calculator, you enter the network address and the subnet mask, then IPAT
works out the usable addresses and their ranges.
For Mr Lazy IPAT
discovers and then displays the IP addresses of existing computers.
Download the Free IP Address Tracker
The scenario. Let us create an OU (Organizational Unit) to house all
our test Active Directory objects. That way the new users or groups will
not get mixed up with the existing accounts, and its easy to clear up by
deleting a whole OU full of dud experiments.
DS Syntax
Firstly, it's worth taking time to understand the command structure used by all
of the DS family:
Command
object "DN" (as in LDAP distinguished name), for example:
DSadd
OU "ou=DSguy, dc=cp, dc=com"
Speech marks and spaces
You only really need speech marks if there is a space in any of your DN
names. Therefore:
ou=DSguy, dc=cp, dc=com would work fine
ou=GUY
Space DS, dc=cp, dc=com fails because of the spaces in the GUY Space DS, name.
In this second example you should type: "ou=GUY Space DS, dc=cp, dc=com"
Preparation:
You really need to be at your domain controller's console.
Examine the script below. Edit dc= to reflect YOUR domain. Change
ou= DSguy to yourname if you prefer.
Run, CMD, now copy your script and then paste it into the command window.
Alternatively type it starting with dsadd ou .........
dsadd ou "ou=DSguy, dc=cp, dc=com"
Note 1: dsadd ou. This command tells Active Directory which object
you want to create,
in this case an OU (not a
user). Note 2: These DS commands are case insensitive so DSADD OU would
work just as well. So What?In my heart, I
would rather create the OU with Active Directory Users and Computers. O.K calm
down Guy, perhaps adding users will be more rewarding?
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
Solarwinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMWare
virtual machines. If you are interested in troubleshooting, and creating
network maps, then I recommend that you take advantage of Solarwinds' offer.
Download a free trial of
the Network Performance Monitor.
dsadd user "cn=guyt, ou=DSguy, dc=cp, dc=com"
Note 1: DSadd requires the complete distinguished name.
Note 2: Observe that the distinguished name is encased in
double "speech marks". I expect you spotted that this user
will be created in the same DSguy organizational unit that was created in Example 1.
Change "cn=guyt to a different user name if you wish.
So What?Where is the FOR....NEXT loop?
Have I missed the command somewhere? or is the plain truth - there are no
looping command in the DS syntax. To me, this is the crunch, without a
bulk import mechanism I cannot see me executing DSadd user or DSadd computer to any
significant extent. I am only impressed in a very minor way. The best
opportunity for DSadd User is if you have to create 1 or 2 new joiners at
irregular intervals. Give it another chance Guy, how about DSMod for
passwords?
The situation is that you quickly need to change a user's password.
Examine the script below. Decide how cn= or ou= or dc= need editing.
Run, CMD then copy your script and paste into the command window.
Alternatively type it starting with dsmod user .........
dsmod user "cn=guyt, ou=guyds, dc=cp, dc=com" -pwd a1yC24kg
Note 1: From technical view point the script is more interesting because it
uses a switch -pwd. The DS family supports a rich set of switches which
you can see with DSmod user /?
Note 2: Help is context sensitive and although the text may look the
same, you get subtly different menus as you type different command e.g. DSadd
computer give different help answers compared with DSmod user.
So What?At the tactical level I am impressed
with the DS' s help, also the error messages are meaningful and varied.
However at the strategic level, I am wondering am ever going to remember these
darn dn strings so that I could actually master this DS language at the command
prompt.
When leaning, I feel that one valid response is to say yes I
understand how that utility works, but no, I do not need it. Well that is
how I feel about DS commands. I know how the DS syntax works, but I prefer
alternative methods to manipulate Active Directory objects.
See more examples of DS commands here.
| 
