Utilities in JRButils for AD v3.0

Adaccexp

Adaccexp is intended for use in a login script where it displays a warning if the user’s account is about to expire. The number of days before expiration at which warnings begin is adjustable and defaults to seven. Adaccexp can also be used to check the account expiration status of a named user. Both text mode and GUI versions are available.

Adchkhome

Adchkhome checks for one or more users that the Active Directory homeDirectory attributes are set correctly, or for one or more directories that there is a user in AD corresponding to the lowest level of the path. Specifically adchkhome can:

  • Display contents of the homeDirectory and homeDrive attributes for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
  • List users without a homeDirectory or homeDrive attribute.
  • Check for each user that the home directory path exists providing that it is a UNC path pointing to a directory on a server or cluster volume.
  • Check that each user is the owner of their home directory.
  • For a single directory, or all subdirectories of a directory, check if there is a user in AD with a name matching that of the lowest level directory i.e. for \\rata\users\karen, it will check if user Karen exists somewhere in the tree.
  • For each directory, check that the corresponding user’s homeDirectory attribute contains that directory e.g. for \\rata\users\karen it checks that Karen’s homeDirectory contains \\rata\users\karen.

Adchrcheck

  • Adchrcheck scans all files in a directory structure and lists those with non-standard characters in the name. By default non standard characters are anything other than 0-9, a-z, space, ‘.’, ‘~’, ‘-’ and ‘_’. Features include:
  • Can check for non-standard characters in either the long or short name.
  • Allows customising the set of allowed and disallowed characters.
  • Files may be renamed by removing the non standard characters.
  • Files may be renamed by replacement of the non standard characters with a nominated character.
  • Leading spaces in file names may also be identified, removed or replaced.

Adcreate

  • Adcreate allows you to create a wide range of objects in Active Directory. It is intended primarily for creating users in batch mode. Adcreate can do the following:
  • Set a password for users and enable the account.
  • Create a home directory for users, set ownership and grant rights to it.
  • Set the display name, given name, surname, initials, principal name and email address when creating users.
  • Store the home directory path in the homeDirectory attribute.
  • Enable user password expiration and expire the password.
  • Can copy attributes from a template when creating users.
  • Create any type of group i.e. security or distribution, global, local or universal.

See also adimport which does user creation, deletion and updating.

Addelattr

Addelattr deletes a selected attribute from one or more objects in Active Directory. Addelattr refuses to delete some attributes where their removal might cause problems and there are others such as objectGUID and objectSID which AD does not allow to be deleted. This does not mean that it is safe to use addelattr to delete all attributes which are not excluded. Use addelattr cautiously, and entirely at your own risk.

Addelete

Addelete can delete almost any class of object from Active Directory. For safety, you may not use wildcards when deleting objects. Nor will addelete delete groups with members. Features include:

  • When deleting users, addelete will delete the user’s home directory and its contents if the path is stored in the homeDirectory attribute, or if a path is given on the command line.
  • Multiple objects may be deleted using an input file.

Addelhome

Addelhome deletes the contents of home directories for one or more users. The home directory paths are retrieved from the homeDirectory attribute and several checks are made to first ensure that the path contained therein is correct.

Adextcheck

The adextcheck program produces a summary of the file extensions in a directory tree or on an entire volume. The extensions are sorted and for each, the number of files and the total space occupied by files with that extension are given. Features of adextcheck include:

  • Can limit the summary to selected extensions.
  • Can produce comma delimited output optionally enclosed in double quotes.
  • Can count the number of and space occupied by files older than a given date for each extension.
  • Can specify the units for the space used (bytes, KB, MB, GB).
  • Can specify whether the extension is treated as those characters after the first or last period for those files with multiple periods in the name.
  • Can sort the results on any of the possible output columns.
  • Works on Windows and NetWare drives.

Adfsupdate

Adfsupdate is file system maintenance program. It can do the following:

  • Copy selected files, or an entire directory structure to multiple hosts, retaining all file attributes, dates and ownership.
  • Perform a selective copy or delete based on owner, creation date, modification date or last accessed date.
  • Perform an update copy transferring only newer files or those which do not exist in the target directory.
  • Perform a mirror copy which in addition to updating files in the target directories, removes and files and directories which do not exist in the source.
  • Delete individual files or entire directory structures from one or more hosts.
  • List the files to be deleted for a selective delete, without actually deleting them.
  • Delete files but retain the directory structure.
  • Delete or overwrite files flagged read-only.
  • Set file and directory attributes.
  • Rename files.
  • Works on both Windows and NetWare drives.

Adgetdirquota

Adgetdirquota displays directory quotas, usage, space available, template applied, quota status, peak usage, peak usage times and warning thresholds, individually or en masse. It can do the following:

  • Process individual directories, all subdirectories of a directory, or all directories in a tree.
  • Display quota values for the home directories of individual users, users selected via wildcards, or for all members of a group. The home directory for each user is obtained from their homeDirectory attribute.
  • The values can be displayed in bytes, KB, MB or GB.
  • Filter the results on any of the fields e.g. directories without a quota, or users whose home directory usage exceeds 500MB.
  • Sort the results by any of the fields.

Adgetobjsec

Adgetobjsec displays components of the security descriptor from the ntSecurityDescriptor attribute for objects of any class in Active Directory. It can do the following:

  • Display any combination of the dacl, sacl, owner, group and security descriptor flags.
  • Display components for a single object, objects selected via wildcards, all members of a group, a group object or a list of objects in a file.
  • Display explicit (non-inherited) ACEs, inherited ACEs, or both.
  • Display all or any combination of ACE types from the dacl and sacl e.g. deny and deny object ACEs.
  • Display only those ACEs with a specified object type.
  • Display only those ACEs with a specified inherited object type.
  • Display ACEs selectively based on the permissions granted or denied.
  • Suppress the display of dacl and sacl ACEs for well-known security identifiers such as “NT AUTHORITY\SELF”.
  • Display the rights in character form e.g. CR or as a 32 bit hexadecimal value representing the permissions mask.
  • Has flexible output formats including selected ACE fields in any order and optionally in comma or semicolon delimited format.
  • Sort the results on any field.

Adgetvolquota

Adgetvolquota displays disk quotas, disk usage, space available and warning thresholds for multiple users. Features include:

  • Can display values for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
  • Can display values for each user’s home volume by reading the homeDirectory attribute, or can display values on a designated volume.
  • The values can be displayed in bytes, KB, MB or GB.
  • Can sort into ascending or descending order of quota, space used, space available, warning threshold or by user name.
  • Can display only totals for quotas and usage.
  • Can select which fields are displayed and their order.
  • Can filter by value e.g. list all users whose usage exceeds 500 MB, all users without a quota, or all users whose usage is within 20% of their quota.
  • Can display all entries in the quota tables on a selected volume.

Adgetrest

Adgetrest displays account restrictions for multiple users. These include:

Account is disabled Password change next logon
Account is expired Password is expired
Account expiration date and time Password expiration date and time
Account is locked Password history length
Creation date and time Password last change date/time
Intruder lockout bad logon count Password minimum age
Intruder lockout date and time Password minimum length
Intruder lockout period Password maximum age
Intruder lockout reset time Password is required
Intruder lockout threshold Password reversible encryption allowed
Last login date and time Password user can change
Logon hours Password unique required
Modification date and time Workstation restrictions
Password complexity required  

Note that some of these are set at the domain level and some at the user level. The features of adgetrest include:

  • Display restrictions for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
  • Can display all restrictions, or a single restriction e.g. password minimum length.
  • Can control the order and width of each output field (user name, domain name, display name, restriction value) when displaying individual restrictions.
  • Can sort into ascending or descending order by user name or by restriction value.
  • Can filter by restriction value e.g. list all users whose account has expired, or all users without an account expiration date and time.
  • Can process users in the specified container and all containers below it.
  • Can retrieve values from a designated domain controller.
  • Values for last logon and the modification date and time are retrieved from all domain controllers and the most recent value is displayed.
  • Can set an error level indicating the number of matching users. This allows testing in a batch file for example if a particular user’s account is disabled.

Adgetval

Adgetval displays values for almost any attribute and object class. Features include:

  • Display values for a single object, objects selected using wildcards, all members of a group, or a list of objects in a file.
  • Can display single attributes, multiple attributes or all attributes for each object.
  • Can use a template file containing text and substitution identifiers to format the results e.g. as commands for input to another program.
  • Can display objects which have a value, or do not have a value for a particular attribute.
  • Can display the number of values for each attribute rather than the actual values.
  • Knows how to display many attributes e.g. it correctly formats object SIDs and object GUIDs which are stored as octet strings.
  • Can retrieve values from a designated domain controller.
  • Values for last logon and the modification date and time are retrieved from all domain controllers and the most recent value is displayed.
  • Can sort by object name or attribute value.
  • Supports the following pseudo-attributes for user objects. These are derived values (e.g. accountLocked), bit values from userAccountControl (e.g. accountDisabled), domain wide values (e.g. passwordMinimumLength), or terminal services values read from the userParameters attribute.
    accountDisabled passwordReverseEncryption
    accountExpired passwordUniqueRequired
    accountLocked tsAllowLogon
    homedirRequired tsBrokenConnectionAction
    lockoutDuration tsConnectClientDrivesAtLogon
    lockoutThreshold tsConnectClientPrintersAtLogon
    lockoutWindow tsDefaultToMainPrinter
    passwordChangeNextLogon tsEnableRemoteControl
    passwordComplexityRequired tsHomeDirectory
    passwordExpired tsHomeDrive
    passwordExpires tsInitialProgram
    passwordHistoryLength tsMaxConnectionTime
    passwordMaximumAge tsMaxDisconnectionTime
    passwordMinimumAge tsMaxIdleTime
    passwordMinimumLength tsProfilePath
    passwordNeverExpires tsReconnectionAction
    passwordRequired tsWorkDirectory

Adgrpadd

Adgrpadd adds one or more members to a group. Its features include:

  • Can process a single group or a file containing a list of groups.
  • Supports local groups on workstations and member servers.
  • Can create both security and distribution groups.
  • Can accept one or more members on the command line.
  • Can add all members of another group.
  • Can add a list of objects from a file.
  • Can process a file containing one group name and one member name per line.
  • Supports nested groups.
  • Can provide an exclusion list of members not to be added. This may be useful when adding via wildcards or when adding all members of one group to another.

Adgrpdel

Adgrpdel removes one or more members from a group. Its features include:

  • Can process a single group or a file containing a list of groups.
  • Supports local groups on workstations and member servers.
  • Can accept one or more members on the command line.
  • Can remove all members of another group.
  • Can remove a list of members from a file.
  • Can process a file containing one group name and one member name per line.
  • Supports nested groups.
  • Can delete the group if it has no remaining members.

Adgrplist

Adgrplist lists the members of individual groups or combinations of groups. It can do the following:

  • List the members of a single group.
  • List the members of multiple groups via wildcards in the group name.
  • List members based on selection criteria involving one or more groups. An expression may be given using logical operators ‘and’, ‘or’ and ‘not’ to list members who are or are not members of a combination of groups.
  • Supports both security and distribution groups.
  • Results may be sorted by member name or by container.
  • Results may be formatted as adgrpadd or adgrpdel commands.
  • Can expand nested distribution groups.
  • Can display totals only.

Adgrpmemb

Adgrpmemb determins in a batch file or script whether an object is a member of a group. It can set a range of error levels indicating whether the object is or is not a member, and whether the group and object exist.

Adhome

Adhome maps the current drive or a designated drive to the path from a user’s homeDirectory attribute. This may be useful when trouble-shooting an issue in a user’s home directory.

Adimport

Adimport is a powerful tool for batch mode management of users. Features include:

  • Creates, updates and deletes users and contacts, and can export attribute values.
  • Sets and modifies values for a wide range of attributes including all of the terminal services settings stored in the userParameters attribute.
  • Can create home directories, set ownership and assign rights.
  • Can store the home directory path in the homeDirectory attribute.
  • Can create a second home directory, set ownership and grant rights.
  • Can create subdirectories of user home directories.
  • Can create profile directories.
  • Can set or remove a disk quota or warning threshold on the home volume or any other volume.
  • Can set or remove a directory quota on the primary or secondary home directories under W2008 onwards.
  • Can create directories associated with group memberships.
  • Can copy attributes from a user object serving as a template.
  • Can search AD before user creation to check if a name is unique.
  • Can generate random passwords of any length using numeric, alphanumeric, alphabetic or symbol characters of mixed case or single case. The generated passwords may be written to a file, along with the user name and optionally the server name and user’s description. The random passwords can be generated without them actually being set.
  • Can use two passes through the control and data files, creating users in the first pass and setting attributes on the second.
  • Can specify a delay after user creation to allow replication to occur.
  • Can delete home directories and their contents when deleting users.
  • Supports copying files or a directory structure into the home directory or into one of its subdirectories.

Adjrbpass

Adjrbpass is a graphical utility for changing passwords for individual users. It can be used by anyone to change a password providing that they know the current password. Users with appropriate rights can change another user’s password without knowing the old one. Features of adjrbpass include:

  • Can change a user’s Active Directory password.
  • Can change an NT domain password when logged into an NT domain.
  • Can change passwords on the local workstation.
  • Can change NetWare passwords if the Novell client is installed and a connection exists to a NetWare server.
  • When used by someone with sufficient rights, it can unlock an account that has been locked by Window’s intruder detection, and can expire a password after change.
  • The interface can be modified via command line switches.

Adlist

Adlist lists objects of any class in Active Directory. Features include:

  • Can list all objects of any class in a container.
  • Can list all objects of a particular class in a tree, or branch of the tree.
  • Can locate an object of given name (or partial name using wildcards) and class in the domain.
  • Can list groups by type (distribution or security) and whether global, local or universal.
  • Can expand common names to distinguished names.
  • Can display the results in csv format.
  • Can identify duplicate object names in the tree.
  • Can return an error level if no matching objects are found, providing a means to detect in a batch file if an object of any class exists.
  • Can set an error level equal to the number of matching objects.
  • Can sort the results by object name, container or class.
  • Can display totals only.

Adlookup

  • Adlookup provides an alternative to adgetval for displaying attributes. It is more limited in scope but provides a convenient means of searching AD for objects with a particular name, or with an attribute such as telephoneNumber containing a specific value. All or selected attributes read from a file, are then displayed.

Admove

Admove moves Active Directory leaf objects from one container to another. Features include:

  • Can move a single object, objects selected using wildcards, all members of a group, or a list of objects in a file.
  • Can use an input file with one object to be moved, and the destination container, on each line.

Admovedir

Admovedir moves files and directories from one location to another within the same server and volume by moving the directory entry rather than copying and deleting. It can move entries on both local and network drives and on NetWare if the Novell client is present.

Admovehome

Admovehome moves home directories from one location to another. It can do the following:

  • Create a new home directory and copy the contents of the old home directory. When the home directory is being relocated within the same volume, the default action is to move the directory entry rather than create a new one and copy the contents.
  • Set ownership on the new home directory and copy the entire discretionary ACL from the old home directory.
  • Optionally delete the contents of the old home directory if no errors occurred during the copy.
  • Optionally copy a volume quota on the old home volume to the new volume. The volume quota may also be removed from the old volume.
  • Copy a share on the home directory if it is being moved to a different server.
  • Update the homeDirectory attribute.
  • Revoke all rights and ownership to the old home directory. Ownership is set to administrator.
  • Set or clear the archive bit on the copied files.

Adopenfile

Adopenfile displays the files held open on a server by network connections. It can do the following:

  • List all open files in and below a given network path.
  • List all files on a server held open by network connections.
  • Display open files for a given user or for objects selected via wildcards.
  • Close open files.
  • Display the number of locks on each file and the permissions used to open it.
  • Has flexible output options allowing fields to be displayed in any combination and order, and optionally in csv format.
  • The results may be sorted on any field.

Adpwdexp

Adpwdexp is intended for use in a login script where it displays a warning if the user’s password is about to expire. However, it can also perform the check for any nominated user. The number of days before expiration at which warnings begin is adjustable and defaults to seven. Adpwdexp can also force a password change before or after password expiration. It will prompt for and change the password.  Both text mode and GUI versions are available. The GUI version has a number of extra features including:

  • Can change AD domain, NT domain, workstation and NetWare passwords.
  • Can force the window to remain as the topmost window.
  • Allows either one or two lines of user supplied text to be displayed.
  • Can control how long the window warning of impending password expiration remains open.
  • Can prevent changing other passwords if the Active Directory password is not successfully changed first.
  • Can display a customer supplied icon or bitmap on the right of the window.

Adrename

Adrename allows renaming of any class of Active Directory object. Features include:

  • When renaming a user, it will check for the existence of a homeDirectory attribute. If found, adrename will rename the user’s home directory to match the user’s new name and update the contents of the homeDirectory attribute.
  • Can specify the home directory path on the command line when the user does not have a homeDirectory attribute.
  • Can process an input file containing one old name and one new name per line.
  • Can change the case of the names of existing objects to all lowercase, all uppercase, or to a mixture of upper and lowercase.
  • Can create a new samAccountName to match the new object name.
  • Can update the email address in the mail attribute for users.
  • Can update the principal name in the userPrincipalName attribute for users.

Adschema

Adschema displays information from the Active Directory schema. The following may be displayed:

  • Object classes in the schema. Wildcards may be used to list only a subset of the defined classes.
  • For each object class, the names of attributes which are valid for that class.
  • For each object class, full details of attributes which are valid for that class.
  • A list of attributes defined in the schema. Wildcards may be used to list only a subset of defined attributes.
  • A list of attributes with the object classes for which the attribute is valid.
  • The adschema program may be used before and after a product install to identify changes made to the schema by the installation.

Adsetdirquota

Adsetdirquota sets and removes directory quotas individually or en masse. The program must be run on W2008 server or later. It can do the following:

  • Process individual directories, all subdirectories of a directory, or an entire directory structure.
  • Set quota values for the home directories of individual users, users selected via wildcards, or for all members of a group. The home directory for each user is obtained from their homeDirectory attribute.
  • Apply a quota or a quota template.
  • Can increase or decrease existing quotas by a nominated amount or percentage.
  • Set quotas relative to the current usage.
  • Remove quotas and quota templates.
  • Set the quota status to hard, soft or disabled.
  • Reset the peak usage value to the current usage.
  • Prompt for confirmation before setting each value.

Adsethome

Adsethome performs a range of tasks for managing home directories, and the homeDirectory and homeDrive attributes. Features include:

  • Can process a single user, users selected using wildcards, all members of a group, or a list of users in a file.
  • When a directory is specified, (e.g. \\moa\students\2010), adsethome will automatically append the user name to obtain the full home path for each user.
  • A complete path can be specified when the lowest level of the home directory does not match the user name.
  • Can create the home directory if it does not exist. The user is assigned rights and ownership of the directory.
  • Can set ownership of the entire home directory contents when the home directory already exists.
  • Can delete homeDirectory attributes.
  • Can create home directories without modifying the contents of the homeDirectory attribute.
  • Can set the homeDirectory attribute without creating the home directory.
  • Set or delete the homeDrive attribute.

Adsetowner

Adsetowner is a flexible tool for setting file and directory ownership. It can do the following:

  • For a single user, users selected via wildcards, all members of a group or a list of users in a file, set the ownership of the contents of the home directory. The path is read from the homeDirectory attribute.
  • For a directory, set ownership of the directory and contents to a user corresponding to the directory name e.g. larry for \\yogi\users\larry, or to another named object.
  • For all first level subdirectories of a directory, set ownership of each subdirectory tree to the user corresponding to the directory name. For example, if \\yogi\users has subdirectories harry, barry and larry, a single command can be used to set ownership of files in \\yogi\users\harry to harry, \\yogi\users\barry to barry and \\yogi\users\larry to larry.
  • Set ownership of one or more files to a specified user.
  • Process a file created by adwhodidit to restore one or more of ownership, creation date and time, modification date and time, last access date and time, and attributes.

Adsetpwd

Adsetpwd sets and verifies passwords for Active Directory users. Its features include:

  • Can set a password for an individual user using either the old password, or without if the person making the change has sufficient rights.
  • Can change passwords for multiple users via wildcards, all members of a group, or an input file.
  • Can accept a new password on the command line, or via an input file if the password has been generated by some other means.
  • Can set the password to match the user name (subject to any password policy).
  • Can set a different password for each user via an input file containing user name and password pairs on each line.
  • Can generate random passwords of any length using numeric, alphanumeric, alphabetic or symbol characters of mixed case or single case. The generated passwords may be written to a file, along with the user name and optionally the server name and user’s description. The random passwords can be generated without them actually being set.
  • Can check password compliance against the password policy rather than set the password. This requires that adsetpwd be run on Windows 2003 or a more recent server OS. The function used is not supported on Windows 2000 servers or on workstations.
  • Can expire the password after an administrator change.
  • Can verify passwords i.e. determine if a given password is the user’s current password.
  • Can unlock an account before setting a user’s password.

    Adsettrust

    •  Adsettrust manages ACE entries in the discretionary access control list for files and directories. Specifically, it can do the following:
    • Add grant or deny ACEs for one or more directories or files.
    • Remove grant or deny ACEs for one or more directories or files.
    • Restore ACEs from a file of adsettrust, icacls or cacls commands created by adtrstlist.
    • Accepts wildcards in trustee object names allowing multiple objects to be updated for the same files and directories.
    • Check for and optionally fix ACLs containing duplicate ACEs, incorrectly ordered ACEs or unused space.
    • Grant or remove non-propagated RX rights to each parent directory, thereby providing a means to browse to the directory from the volume root.
    • Modify dacls on both Active Directory servers and on workstations.
    • Accepts rights in numeric format as well as accepting the well known symbols of R, X, GR, GE etc.

    Adsetrest

    Adsetrest sets those account restrictions maintained at the user level rather then domain wide. These include:

    Account is disabled Password never expires
    Account expiration date and time Password is required
    Account is locked (unlock only) Password allow reversible encryption
    Logon hours Password user can change
    Password expired Workstation restrictions

    Restrictions may be set for a single user, users selected using wildcards, all members of a group, or a list of users in a file

    Adsetval

    Adsetval can set a wide range of attributes for objects of any class. Its features include:

    • Can set attribute values for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
    • Can set attributes holding text attributes such as givenName, middleName, sn (surname), description and department.
    • Can be used to change the case of existing values for text attributes.
    • Can set boolean attributes such as msNPAllowDialin.
    • Can set attributes holding integer values such as userAccountControl, codePage or the domain’s maxPwdAge.
    • Can set attributes holding dates as values such as accountExpires.
    • Can set attributes holding object names e.g. member, seeAlso and secretary.
    • Can replace existing values for multi-valued attributes or add new values.
    • Can copy a value from another object.
    • Accepts as input a csv file containing one object name and attribute value per line.
    • Can delete all or selected values for an attribute.

    Adsetvolquota

    Adsetvolquota sets disk quotas and warning thresholds for multiple users. Features include:

    • Can set values for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
    • Can set values on each user’s home volume by reading the homeDirectory attribute, or on a designated volume.
    • Quotas may be specified in units of bytes, KB, MB or GB.
    • Can increase or decrease existing values by a nominated amount or percentage.
    • Can set values relative to the current disk usage e.g. the current usage plus 20% or current usage plus 50MB.
    • Can remove quotas and thresholds.
    • Can prompt for confirmation before setting each value.

    Adtrstlist

    Adtrstlist displays components of the security descriptor for file and directories. It can do the following:

    • Display all or any combination of the dacl, sacl, owner, group and security descriptor flags.
    • Supports both local and network paths.
    • Process selected files and directories, or an entire directory structure.
    • Process a specified path then each of its parent directories.
    • For a single user, users selected via wildcards, all members of a group, a group object or a list of users in a file, display the ACEs in a dacl or sacl for which the object is a trustee. This may be done on a user’s home directory or for a specified directory or file.
    • Suppress the display of dacl and sacl ACEs for well-known security identifiers such as “CREATOR OWNER”.
    • Display explicit (non-inherited) ACEs, inherited ACEs, or both.
    • Display access allowed ACEs, access denied ACEs, or both.
    • Display ACEs selectively based on the permissions granted or denied.
    • Display the rights in character form e.g. RWXD or as a 32 bit hexadecimal value representing the permissions mask.
    • Display the ACEs from a dacl as cacls , icacls or adsettrust commands.
    • Display paths for which there are no ACEs for a selected trustee.
    • Has flexible output formats including selected fields in any order and optionally in comma or semicolon delimited format.
    • Sort the results on any field.

    Adusergrps

    Adusergrps lists the groups to which one or more users belong. Features include:

    • Can list group memberships for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
    • Can suppress selected group types (e.g. distribution groups) from the results.
      Includes the primary group by default.
    • Can include or exclude selected groups.
    • Can display only those groups which exist in the same container as the user, or in a particular container.
    • Can sort the users and/or groups belonged to.
    • Has flexible formatting options including the ability to list the results as adgrpadd and adgrpdel commands.

    AdWhodidit

    Adwhodidit displays selected information about files and directories which is useful in determining when they were created, modified, last accessed and by whom. It can list any combination of the following fields:

    Attributes Modification date and time
    Creation date and time Number of files in each directory
    The cumulative usage in a directory Owner
    File or directory extension Physical size (for compressed or sparse files)
    Last access date and time Short (DOS) name
    Length of each path Space used exclusive of subdirectories
    Logical size as shown by Explorer Space used inclusive of subdirectories
    Long name  

    Features include:

    • The user may select which of the above are to be displayed, in what order, and the width of the columns.
    • A template file containing text and substitution identifiers may be used. This allows any combination of values to be given in any format and may be useful to create a batch file of commands incorporating file names.
    • The results may be filtered on any value e.g. it is possible to display details of files greater than a certain size, files which are compressed, or all files and directories owned by a particular user.
    • Filters may be combined in a logical expression e.g. “(owner=John) and (size gt 100mb)”.
    • Can display only the total files or directories.
    • Can display file and directory information for both Windows and NetWare drives. The full NetWare functionality is available when run on a machine with the Novell client installed.