PowerShell Ezine, Logon Scripts

Guy's Scripting Ezine 93 - ADSI Edit

Guy recommends this:
Free - WMI Monitor

WMI Monitor

Guy's Top 10 Free Tools

1) FreePing
2) Network Monitor
3) Xobni
4) PuTTY (UNIX)
5) WMI Monitor
6) BgInfo
7) Net-SNMP
8) Engineer's Toolset
9) Exchange Monitor
10) WinDiff

Contents for Ezine 93 - ADSI Edit

This Week's Secret

ADSI Edit is one of my favourite Windows 2003 utilities.  I was pondering the philosophical question: Is a utility such as ADSI Edit naturally versatile because of its brilliant design?  Alternatively, does a utility become versatile because of our skill in finding lots of tasks and applications?  For example, ADSI Edit can be used for configuring Exchange, learning about the Schema as well as mastering LDAP properties.

My conclusion was that it's a bit of both.  Some utilities have multiple capabilities, but it's up to us to get the most out of a tool such as ADSI Edit.  In my opinion, VBScript and Spreadsheets are also versatile utilities, whereas LDIFDE is limited to Active Directory.

Employing ADSI Edit to Identify LDAP Properties

This week I want to show you how ADSI Edit helps with scripting Active Directory in general and identifying LDAP properties in particular.  Our goal is to investigate the correct LDAP names so that we can script values for the boxes that appear in the Active Directory Users and Computers property sheets.  Here are some LDAP examples, but rather than teaching you the names parrot fashion, I want to persuade you to investigate for your self.

Active Directory    LDAP
Property Sheet     Attribute

First name           givenName
Last name           sn
Display name       displayName
Description         description
Office                physicalDeliveryOfficeName

Crucial Technique

The point is this, when you are scripting a field, how do you know whether its LDAP name is Description or displayName?  How do you know that it's called physicalDeliveryOfficeName and not Street or plain 'o'?  The answer is deceptively simple, call for Active Directory Users and Computers.  Enter a value in the property sheet box of your test user, then call for ADSI Edit to see which LDAP attribute corresponds to the value that you just set.  It reminds me of my old Biology research, where we tagged a moth, let it go, searched different habitats until we caught it again.

Without this technique, you have to rely on guesswork, or you have to research the internet.  The trouble is that for scripting, you need a specific name for example, for office you need the LDAP physicalDeliveryOfficeName.  It's no good trying physicalOfficeLocation, you have to get the name right and it is hard to research the name until you know what it is.  Searching in Google for 'Office and LDAP'  produces too broad a set of results.

If you are looking for handy network utilities, try some of the free downloads at Tools4Ever

Instructions for Getting Started with ADSI Edit

The most difficult part of the whole procedure, is getting a copy of ADSI Edit.  This is one of saying that once you have got the idea then this is an easy technique.  In my opinion, ADSI Edit is intuitive and you need no instructions to find the LDAP properties.  However, if my opinion is wrong, this is what you do.

  1. Breakout the Windows Server 2003 CD (Not XP, not ResKit)

  2. Navigate to the Support Folder, install all the Support Tools including ADSI Edit.

  3. Important. Once ADSI Edit launches, look out for: Select a well known Naming Context:  Choose Domain (Not Configuration or Schema).

  4. Drill down to the OU or CN and find your test user.  Right click your leaf object (CN=TestUser) and select properties.  Now you will be overwhelmed with LDAP Attributes, but scroll down to find the values of interest.

Trick. Tick the box that says Show only attributes that have values.

Trap. ADSI Edit gains live access to data in Active Directory.  There is no read only mode and no confirmation message such as 'Do you really want to change this value?'

Another technique to display the LDAP properties is to execute CSVDE in export mode, then examine the first row of the resulting CSV file.  Alternatively, you can call for ADSI Edit to investigate these same LDAP properties, which are vital for scripting changes to Active Directory users (or other objects).

Tip. If possible master the CSVDE -d switch to export one OU. Example CSVDE -d "OU=Newport,DC=cp,dc=com" -f Newport.csv.

ˆ

Summary of ADSI Edit

ADSI Edit is a brilliant and versatile utility.  We have concentrated on its role in identifying LDAP fields for scripting, however ADSI Edit is also used for configuring Exchange and for investigating the Schema.  The crucial technique involves setting a value in Active Directory Users and Computers, then finding the correct LDAP name with ADSI Edit.

If you need a copy of ADSI Edit, just remember that it comes from the support folder on the Windows Server 2003 CD.

Computer Training Software - Recommended Training VideosGuy Thomas recommends Computer Training Software

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

 *

Google

Web  This website

Review of Orion NPMGuy Recommends: Orion's NPM - Network Performance Monitor

Orion's performance monitor is designed for detecting network outages. A network-centric view make it easy to see what's working, and what needs your attention.

This utility guides you through troubleshooting by indicating whether the root cause is faulty equipment or resource overload.

Download a free trial of the Network Performance Monitor

 

Home Copyright © 1999-2010 Computer Performance LTD All rights reserved

Please report a broken link, or an error.