O'Reilly Book Excerpts: Active Directory Cookbook
Cooking with Active Directory, Part 2
Editor's note: In the previous batch of recipes we presented from Active Directory Cookbook we covered how to find the domain controllers that are acting as one of the FSMO roles, and how to determine the last time a user logged into a domain. This week we offer a recipe from Chapter 6 ("Users") on modifying an attribute for several users at once, and another from Chapter 7 ("Groups") on viewing the nested members of a group.
Recipe 6.4: Modifying an Attribute for Several Users at Once
You want to modify an attribute for several users at once.
Using a graphical user interface
TIP: This requires the Windows Server 2003 version of the Active Directory Users and Computers snap-in.
- Open the Active Directory Users and Computers (ADUC) snap-in.
- If you need to change domains, right-click on "Active Directory Users and Computers" in the left pane, select Connect to Domain, enter the domain name, and click OK.
- In the left pane, browse to the parent container of the objects you want to modify.
- In the right pane, highlight each object you want to modify, right-click and select Properties.
- Check the box beside the attribute(s) you want to modify and edit the fields for the attributes.
- Click OK.
Using a command-line interface
The following command sets the home directory of all users under a
parent container (<ParentDN>) to be on a
particular file server (<FileServer>). The user
$username$) is automatically replaced with the
sAMAccountName for the user.
> for /F "usebackq delims=""" %i in (`dsquery user "<ParentDN>" -limit 0 -scope onelevel`) do dsmod user -hmdir "\\<FileServerName>\$username$" %i
' This code sets the home drive of all users under a container ' to be on a file server where the share name is the same as the user's ' sAMAccountName. set objParent = GetObject("LDAP://<ParentDN>") objParent.Filter = Array("user") for each objUser in objParent Wscript.Echo "Modifying " & objUser.Get("sAMAccountName") objUser.HomeDirectory = "\\<FileServerName>\" & _ objUser.Get("sAMAccountName") objUser.SetInfo next
It is often necessary to update several users at once due to an organizational, locational or file server change. In each solution, I showed how to modify all users within a parent container, but you may need to use different criteria for locating the users.
With ADUC, you are limited to modifying multiple users that belong to the same container. You can, however, create a Saved Query with the Windows Server 2003 version of ADUC that returns users based on any criteria you specify. You can then highlight those users and modify them as described in the GUI solution.
With the CLI solution, you can modify the
user command to search
on whatever criteria you want. The same applies in the VBScript solution, but
you'll need to use an ADO query instead of the
method if you want to do anything more complex. See Recipe for more information
on searching with ADO.
Pages: 1, 2