[THIN] Re: OT: Active Directory Scripting
- From: "Walter, Chris" <christopher.walter@xxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Mon, 11 Apr 2005 23:13:15 -0400
Actually you can use the 2003 AD tools to see / change the TS profile paths
and home directories on a Window 2000 domain as well.
As far as your problem goes this would be a good time to put in a DFS share
so that in the future you just have to change the path in DFS instead of
changing all of your users.
Chris
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jeff Durbin
Sent: Monday, April 11, 2005 10:39 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Active Directory Scripting
You didn't say what version your domain is. If it's 2003, you can use the
DS commands or script it; with Win2K3, the TS profile path and TS home drive
are accessible via WMI or ADSI. IF all your accounts are not in the same OU,
your script will need to recursively work through all the OU structures in
your domain. If they all happen to be in one OU, it's a little easier to
script.
With Win2K, you can get to profiles and home drives via ADSI, but the TS
stuff is not exposed, so if you want to script it, you have to use a COM
object that wraps the appropriate API calls. There's an article by Thomas
Eck somewhere out there with links to such a COM object. If you want to go
this route and can't find it, I've got it somewhere.
There are other options as well. For the TS settings, you can use TSCMD,
an executable that you call from the command line with the various options
(download this from www.thethin.net <http://www.thethin.net> ). If you have
a text file that contains your usernames (one per line), you can call it
from the command line iteratively, using a for-in-do loop, something like
this:
for /f %x in (userlist.txt) do tscmd domaincontrollername %x
TerminalServerProfilePath \\server\profileshare\%x
<file:///\\server\profileshare\%25x>
To go this route, you'll need a list of your user accounts. To generate
that, use LDIFDE via a batch file like so:
ldifde -f temp.txt -r "(objectclass=user") -l SamAccountName
type temp.txt|find /i "SamAccountName">temp2.txt
for /f "tokens=2" %a in (temp2.txt) do echo %a>>userlist.txt
del temp.txt
del temp2.txt
There are some ideas for you.
JD
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Trevor Fuson
Sent: Monday, April 11, 2005 3:48 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Active Directory Scripting
You can modify Active Directory using your ds commands:
Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.
Use dsquery to pull a list of users then pipe it into dsmod to modify the
values you want.
Example:
dsquery user "OU=Users,OU=Core,DC=business,DC=com" -limit 0 | dsmod user
-profile \\server2\profiledir\$username$
<file:///\\server2\profiledir\$username$>
If you can't set it through these tools, then you are probably setting a
registry entry and you will need to set it through group policy.
Trevor.
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of David Demers
Sent: Monday, April 11, 2005 1:33 PM
To: Thin (E-mail)
Subject: [THIN] OT: Active Directory Scripting
I'm hoping a few of you Guru's can help me out. I have to make some mass
changes to user settings in active directory. Things like:
-Paths for H: drives
-Paths for user profiles
-Paths for Terminal Services profiles
For example:
user1 currently has his H: pointing to \\server1\homedirs\user1$ and I need
it to be \\server2\homedirs\user1$
I need to do the same for all of my users.
What approach do you recommend for accomplishing this?
Thanks
-David
Other related posts:
