Announcement

Collapse
No announcement yet.

AD command line questions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD command line questions

    Hi,
    I've used the Petrie site before, and I'm very thankful for how helpful it is. Thankyou very much. I am having some issues though:


    I want to be able to
    1. get the list of members of one group and then add that list to a new group
    I've looked at
    http://forums.petri.com/showthread.php?t=7690
    http://www.petri.co.il/ldap_search_s...d_exchange.htm

    and I have tried to cobble something together along the lines of:
    dsquery * -filter(&(objectCategory=user)(memberOf=CN=GroupAdm ins,CN=Users,DC=mydc,DC=net)) -attr sAMAccountName | dsmod group "CN=NewGroupAdmins,CN=Users,DC=mydc,DC=net" -addmbr

    but I am not having much luck. (yes I broke it into it's component parts to try it out)

    I've also tried:
    dsquery group "cn=GroupAdmins,cn=users,dc=mydc,dc=net | dsget user -dn | dsmod group "CN=NewGroupAdmins,CN=Users,DC=mydc,DC=net" -addmbr

    Very confused.

    2. Also, I'd like to be able to do a bulk change of the manager of 30 groups
    3. I'd also like to be able to add a group to three other groups and I have to repeat that a dozen times, so any command line instructions would be helpful.

    Thanks in advance
    Heidi

  • #2
    Re: AD command line questions

    Lets see...

    1)

    several options:
    a)
    Code:
    C:\>dsget group "CN=Domain Admins,CN=Users,DC=antid0t,DC=net" -members -expand | dsmod group "CN=gGroupTest,OU=Groups,OU=Accounts,DC=antid0t,DC=net" -c -addmbr
    b)
    Code:
    C:\>dsquery * -filter "(&(objectCategory=person)(objectClass=user)(memberOf=CN=Domain Admins,CN=Users,DC=antid0t,DC=net))" | dsmod group "CN=gGroupTest,OU=Groups,OU=Accounts,DC=antid0t,DC=net" -addmbr
    2) Are you talking about managedBy attribute ?

    3) Do you mean that you need to add different groups to 3 pre-defined groups ?
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Re: AD command line questions

      Thankyou for your response, I will try those out.
      2. Yes, I think the Managedby attribute might be what I am after.
      3. I need to add Group A to Group B,C and D. And then I need to add Group nA to Group nB, nC and nD. And I have to do that for 10 'n's.
      What I need is a quick command to add Group A to Group B,C and D, because I can just modify that command for the rest.

      Thankyou again
      Heidi

      Comment


      • #4
        Re: AD command line questions

        1. a) didn't work
        1 b) worked but didn't translate any groups that were listed in the first group. Do I simply change the object to group?

        Comment


        • #5
          Re: AD command line questions

          Originally posted by fayr
          1. a) didn't work
          Can you please post the error ?

          1 b) worked but didn't translate any groups that were listed in the first group. Do I simply change the object to group?
          Just change the LDAP filter to:
          Code:
          (&(|(objectclass=group)(objectClass=user))(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=com))
          That should take care both of user and group objects
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Re: AD command line questions

            Originally posted by fayr
            2. Also, I'd like to be able to do a bulk change of the manager of 30 groups
            I like joe's admod:
            Code:
            C:\>admod -b cn=dlTest,ou=groups,ou=accounts,dc=antid0t,dc=net "managedBy::CN=Te
            verovsky\, Guy,OU=Users,OU=Accounts,DC=antid0t,DC=net"
            
            AdMod V01.06.00cpp Joe Richards ([email protected]) June 2005
            
            DN Count: 1
            Using server: descartes.antid0t.net
            Modifying specified objects...
               DN: cn=dlTest,ou=groups,ou=accounts,dc=antid0t,dc=net...
            
            The command completed successfully
            3. I'd also like to be able to add a group to three other groups and I have
            to repeat that a dozen times, so any command line instructions would be helpful.
            Can't come up with one-liner, but you can use a batch file that will take as a parameter the DN of the group that you want to add to 3 pre-defined groups (hard coded in the batch).
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              Re: AD command line questions

              Thankyou Guy, I will give those a go.
              Greatly appreciated.

              Comment

              Working...
              X