Posts tagged Active Directory

Powershell to Get the count of user objects in Active Directory using LDAP Query

0
7 years
by in Powershell

$Domain = ‘LDAP://DC=yourdomain;DC=com’
$Root = New-Object DirectoryServices.DirectoryEntry $Domain
$select = New-Object DirectoryServices.DirectorySearcher
$select.SearchRoot = $root
$adobj= $select.findall() |? {$_.properties.objectcategory -match “CN=Person”}
$adobj.count

For the $Domain variable change the “yourdomain” string to the name of your domain.

How to get Active Directory Users and Computers with Exchange Management Tools working in Windows 7

1
8 years
by in Uncategorized

h3>1. Install the w7 AdminPak (RSAT)

Remote Server Administration Tools for Windows 7 Release Candidate (RC)

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d#filelist

2.Install IIS and Remote Server Admin Tools (Active Directory Users and Computers)

Use the “Turn Windows features on or off” feature to add IIS Stuff and the RSAT Stuff

<

4. Copy some files to your windows system32 foolder.

I used the files from my XP installation with these bat files, you will have to get them yourself
(REMEMBER: you need to run the cmd promt as administrator, use the one in accessories, right click it)

Text file of files that need to be copied

Bat file to copy from old install (assuming D:\windows\system32)

If you dont have these files available, you might find them here

5. Register the files

(same deal with cmd promt as administrator)

eg:

regsvr32 /s adprop.dll
regsvr32 /s ws03res.dll

Batch file here

5. Vista ESM

Download from here

http://www.microsoft.com/downloads/details.aspx?familyid=3403d74e-8942-421b-8738-b3664559e46f&displaylang=en

Run it to extract the MSI, then run the MSI from command prompt (with admin rights!) with the /q switch to get rid of the ‘not for vista’ error

eg: c:\users\you\downloads\esmvista\esmvista.msi /q

Wait at least 10 minutes while it does its thing.

It is is a silent install, you wont see anything, but I have had cases of it breaking because people started AD too soon.

6. Run Active Directory

Run Active Directory users and computers from your start menu.

Determining Parent Container of Objects Found by Searching in Active Directory Users and Computers

3
8 years
by in Active Directory

Problem

When you perform a search for objects such as Users, Computers, Contacts, and Groups in the Active Directory using the Find command, an administrator may need to identify where the objects are located within the Active Directory structure. This article describes how to display and interpret this additional information.  This one has stumped me for years and I finally figured it out.

When Users, Contacts, and Groups Are Found

  1. On the View menu, click Choose Columns in the Find Users, Contacts, and Groups dialog box.
  2. In the Columns Available box, click X500 Distinguished Name, click Add, and then click OK.

Depending on how many levels deep the User, Contact, or Group is located, there may be multiple parent containers. Levels of hierarchy in the DN and separation of leaf objects from container objects are identified by commas. To identify the direct parent of the object found, locate the first comma. The most immediate parent container is to the right. The name of the container may be preceded with “OU=” in place of “CN=,” identifying it as an Organizational Unit.

For example, if the user “administrator” is found, the X500 Distinguished Name may display the following information, indicating that the “Administrator” account resides in the “Users” container directly beneath the root of the domain:

CN=Administrator,CN=Users,DC=Microsoft,DC=Com

However, if the user had been moved to an Organizational Unit used for the purpose of delegating permissions, this path might be:

CN=Administrator,OU=Security Admins,DC=Microsoft,DC=Com

Or, there may be several parent containers:

CN=Administrator,OU=Seattle,OU=Security Admins,DC=Microsoft,DC=Com

When Computers Are Found

The process to display the parent container for Computer objects found is very similar to the above steps, except for the attribute name to display and the format used.

  1. On the View menu, click Choose Columns in the Find Computers dialog box.
  2. In the Columns Available box, click Published At, click Add, and then click OK.

The path to the object displayed in the “Published At” column is presented in Canonical Name format. The path is read right to left, starting with the object found, separated by forward slashes.

For example, if the computer “Server1” was found, the “Published At” column may display the following information, indicating that the “Server1” computer account resides in the “Computers” container directly beneath the root of the domain:

ntds://microsoft.com/Computers/SERVER1

Determining the parent container for other objects in the Active Directory is very similar to the process outlined above. When a column is added to the view, this setting is saved (per user) for the next time the snap-in is used.