Utilities in JRButils

Adchkhome

Adchkhome checks for one or more users that the Active Directory homeDirectory attributes are set correctly, or for one or more directories that there is a user in AD corresponding to the lowest level of the path. Specifically adchkhome can:

Display contents of the homeDirectory and homeDrive attributes for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
Check for each user that the home directory path exists providing that it is a UNC path pointing to a directory on a server or cluster volume.
Check that each user is the owner of their home directory.
For a single directory, or all subdirectories of a directory, check if there is a user in AD with a name matching that of the lowest level directory i.e. for \\rata\users\karen, it will check if user Karen exists somewhere in the tree.
For each directory, check that the corresponding user’s homeDirectory attribute contains that directory e.g. for \\rata\users\karen it checks that Karen’s homeDirectory contains \\rata\users\karen.

Adchrcheck

Adchrcheck scans all files in a directory structure and lists those with non-standard characters in the name. By default non standard characters are anything other than 0-9, a-z, space, ‘.’, ‘~’, ‘-’and ‘_’. Alternative sets of allowable and non-standard characters may be specified. Features include:

Files may be renamed by removing the non standard characters.
Files may be renamed by replacement of the non standard characters with a nominated character.
Leading spaces in file names may also be identified, removed or replaced.

Adcreate

Adcreate allows you to create a wide range of objects in Active Directory. It is intended primarily for creating users in batch mode. See also adimport. Adcreate can do the following:

Set a password for users and enable the account.
Create a home directory for users, set ownership and grant rights to it.
Set the display name, given name, surname, principal name and email address when creating users.
Store the home directory path in the homeDirectory attribute.
Enable user password expiration and expire the password.
Can copy attributes from a template when creating users.
Create any type of group i.e. security or distribution, global, local or universal.

Addelattr

Deletes a selected attribute from one or more objects in Active Directory. Addelattr refuses to delete some attributes where their removal might cause problems and there are others such as objectGUID and objectSID which AD does not allow to be deleted. This does not mean that it is safe to use addelattr to delete all attributes which are not excluded. Use addelattr cautiously, and entirely at your own risk.

Addelete

Addelete can delete almost any class of object. For safety, you may not use wild cards when deleting objects. Nor will addelete delete groups with members. Features include:

When deleting users, addelete will delete the user’s home directory if it is stored in the homeDirectory attribute, or if a path is specified on the command line.
Multiple objects may be deleted using an input file.

Adextcheck

Scans all files in a directory structure and reports the number and size by extension. It can also report the number and size older than a given date. The results may be reported in columns or may be comma delimited for import to a spreadsheet. Adextcheck supports both Windows and NetWare drives.

Adgetquota

Adgetquota displays disk quotas, disk usage, space available and warning thresholds for multiple users. Features include:

Can display values for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
Can display values for each user’s home volume by reading the homeDirectory attribute, or can display values on a designated volume.
The values can be displayed in bytes, KB, MB or GB.
Can sort into ascending or descending order of quota, space used, space available, warning threshold or by user name.
Can display only totals for quotas and usage.
Can select which fields are displayed and their order.
Can filter by value e.g. list all users whose usage exceeds 500 MB, or all users without a quota.
Can display all entries in the quota tables on a selected volume.

Adgetrest

Adgetrest displays account restrictions for multiple users. These include:

Account is disabled
Account is expired
Account expiration date and time
Account is locked
Creation date and time
Creators name
Intruder lockout bad logon count
Intruder lockout date and time
Intruder lockout period
Intruder lockout reset time
Intruder lockout threshold
Last login date and time
Logon hours
Password complexity required
Password change next logon
Password is expired
Password expiration date and time
Password history length
Password last change date/time
Password minimum age
Password minimum length
Password maximum age
Password is required
Password reversible encryption allowed
Password user can change
Password unique required
Workstation restrictions

Note that some of these are set at the domain level and some at the user level. The features of adgetrest include:

Display restrictions for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
Can display all restrictions, or a single restriction e.g. password minimum length.
Can control the order and width of each output field (user name, domain name, display name, restriction value) when displaying individual restrictions.
Can sort into ascending or descending order by user name or by restriction value.
Can filter by restriction value e.g. list all users whose account has expired, or all users without an account expiration date and time set.
Can process users in the specified container and all containers below it.
Can set an error level indicating the number of matching users. This allows testing in a batch file for example if a particular user’s account is disabled.

Adgetval

Adgetval displays values for almost any attribute and object class. Features include:

Display values for a single object, objects selected using wildcards, all members of a group, or a list of objects in a file.
Can display single attributes, multiple attributes or all attributes for each object.
Can use a template file containing text and substitution identifiers to format the results e.g. as commands for input to another program.
Can display objects which have a value, or do not have a value for a particular attribute.
Can display the number of values for each attribute rather than the actual values.
Knows how to display many attributes e.g. it correctly formats objectSIDs and objectGUIDs which are stored as octetStrings.
Can sort by object name or attribute value.

Adgrpadd

Adgrpadd adds one or more members to a group. Its features include:

Can process a single group or a file containing a list of groups.
Can create both security and distribution groups.
Can accept one or more members on the command line.
Can add all members of another group.
Can add a list of objects from a file.
Can provide an exclusion list of members not to be added. This may be useful when adding via wildcards or when adding all members of one group to another.

Adgrpdel

Adgrpdel removes one or more members from a group. Its features include:

Can process a single group or a file containing a list of groups.
Can accept one or more members on the command line.
Can remove all members of another group.
Can remove a list of members from a file.
Can delete the group if it has no remaining members.

Adgrplist

Adgrplist lists the members individual groups or combinations of groups. It can do the following:

List the members of a single group.
List the members of multiple groups via wildcards in the group name.
List members based on selection criteria involving one or more groups. An expression may be given using logical operators ‘and’, ‘or’ and ‘not’ to list members who are or are not members of a combination of groups.
Supports both security and distribution groups.
Results may be sorted by member name or by container.
Results may be formatted as adgrpadd or adgrpdel commands.
Can expand nested distribution groups.
Can display totals only.

Adimport

Adimport is a powerful tool for batch mode management of users. Features include:

Creates, updates and deletes users, and can export attribute values.
Sets and modifies values for a wide range of attributes.
Can create home directories, set ownership and assign rights.
Can store the home directory path in the homeDirectory attribute.
Can create a second home directory, set ownership and grant rights.
Can create subdirectories of user home directories.
Can set or remove a disk quota or warning threshold on the home volume or any other volume.
Can create directories associated with group memberships.
Can copy attributes from a user object serving as a template.
Can search AD before user creation to check if a name is unique.
Can generate random passwords of any length using numeric, alphanumeric or alphabetic characters of mixed case or single case. The generated passwords may be written to a file, along with the user name and optionally the server name and user’s description. The random passwords can be generated without them actually being set.
Can use two passes through the control and data files, creating users in the first pass and setting attributes on the second.
Can specify a delay after user creation to allow replication to occur.
Can delete home directories and their contents when deleting users.

Adlist

Adlist lists objects of any class in Active Directory. Features include:

Can list all objects of any class in a container.
Can list all objects of a particular class in a tree, or branch of the tree.
Can locate an object of given name (or partial name using wild cards) and class in the domain.
Can list groups by type (distribution or security) and whether global, local or universal.
Can expand common names to distinguished names.
Can display the results in csv format.
Can identify duplicate object names in the tree.
Can return an error level if no matching objects are found, providing a means to detect in a batch file if an object of any class exists.
Can set an error level equal to the number of matching objects.
Can sort the results by object name, container or class.
Can display totals only.

Admove

Admove moves Active Directory leaf objects from one container to another. Features include:

Can move a single object, objects selected using wildcards, all members of a group, or a list of objects in a file.
Can use an input file with one object to be moved, and the destination container, on each line.

Adrename

Adrename allows renaming of any class of Active Directory object. Features include:

When renaming a user, it will check for the existence of a homeDirectory attribute. If found, adrename will rename the user’s home directory to match the user’s new name and update the contents of the homeDirectory attribute.
Can specify the home directory path on the command line when the user does not have a homeDirectory attribute.
Can process an input file containing one old name and one new name per line.
Can change the case of the names of existing objects to all lowercase, all uppercase, or to a mixture of upper and lowercase.
Can create a new samAccountName to match the new object name.
Can update the email address in the mail attribute for users.
Can update the principal name in the userPrincipalName attribute for users.

Adschema

Displays information from the Active Directory schema. The following may be displayed:

Object classes in the schema. Wildcards may be used to list only a subset of the defined classes.
For each object class, the names of attributes which are valid for that class.
For each object class, full details of attributes which are valid for that class.
A list of attributes defined in the schema. Wildcards may be used to list only a subset of defined attributes.
A list of attributes with the object classes for which the attribute is valid.
The adschema program may be used before and after a product install to identify changes made to the schema by the installation.

Adsethome

Adsethome performs a range of tasks for managing home directories, and the homeDirectory and homeDrive attributes. Features include:

Can process a single user, users selected using wildcards, all members of a group, or a list of users in a file.
When a directory is specified, (e.g. \\moa\students\2008), adsethome will automatically append the user name to obtain the full home path for each user.
A complete path can be specified when the lowest level of the home directory does not match the user name.
Can create the home directory if it does not exist. The user is assigned full rights and ownership of the directory.
Can delete homeDirectory attributes.
Can create home directories without modifying the contents of the homeDirectory attribute.
Can set the homeDirectory attribute without creating the home directory.
Set or delete the homeDrive attribute.

Adsetpwd

Adsetpwd sets and verifies passwords for Active Directory users. Its features include:

Can set a password for an individual user using either the old password, or without if the person making the change has sufficient rights.
Can change passwords for multiple users via wildcards, all members of a group, or an input file.
Can accept a new password on the command line, or via an input file if the password has been generated by some other means.
Can set the password to match the user name.
Can set a different password for each user via an input file containing user name and password pairs on each line.
Can generate random passwords of any length using numeric, alphanumeric or alphabetic characters of mixed case or single case. The generated passwords may be written to a file, along with the user name and optionally the server name and user’s description. The random passwords can be generated without them actually being set.
Can expire the password after an administrator change.
Can verify passwords i.e. determine if a given password is the user’s current password.
Can unlock an account before setting a user’s password.

Adsetquota

Adsetquota sets disk quotas and warning thresholds for multiple users. Features include:

Can set values for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
Can set values on each user’s home volume by reading the homeDirectory attribute, or on a designated volume.
Quotas may be specified in units of bytes, KB, MB or GB.
Can increase or decrease existing values by a nominated amount or percentage.
Can set values relative to the current disk usage e.g. the current usage plus 20% or current usage plus 50MB.
Can remove quotas and thresholds.
Can prompt for confirmation before setting each value.

Adsetrest

Adsetrest sets those account restrictions maintained at the user level rather then domain wide. These include:

Account is disabled
Account expiration date and time
Account is locked (unlock only)
Logon hours
Password expired
Password never expires
Password is required
Password allow reversible encryption
Password user can change
Workstation restrictions

Adsetval

Adsetval can set a wide range of attributes for objects of any class. Its features include:

Can set attribute values for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
Can set attributes holding text attributes such as givenName, middleName, sn (surname), description and department.
Can be used to change the case of existing values for text attributes.
Can set boolean attributes such as msNPAllowDialin.
Can set attributes holding integer values such as userAccountControl, codePage or the domain’s maxPwdAge.
Can set attributes holding dates as values such as accountExpires.
Can set attributes holding object names e.g. member, seeAlso and assistantName.
Can replace existing values for multi-valued attributes or add new values.
Can copy a value from another object.
Can delete all or selected values for an attribute.

Adusergrps

Adusergrps lists the groups to which one or more users belong. Features include:

Can list group memberships for a single user, users selected using wildcards, all members of a group, or a list of users in a file.
Can suppress selected group types (e.g. distribution groups) from the results.
Includes the primary group by default.
Can include or exclude selected groups.
Can display only those groups which exist in the same container as the user, or in a particular container.
Can sort the users and/or groups belonged to.
Has flexible formatting options including the ability to list the results as adgrpadd and adgrpdel commands.

Adwhodidit

Adwhodidit displays selected information about files and directories which is useful in determining when they were created, modified, last accessed and by whom. It can list any combination of the following fields:

Attributes
Creation date and time
Cumulative usage. This is the physical size of the current file plus the sum of the sizes of all previously listed files.
File or directory extension
Last access date and time
Length of each path
Logical size as shown by a ‘dir’ command or Explorer
Long name
Modification date and time
Number of files in each directory
Owner
Physical size (for compressed or sparse files)
Short (DOS) name
Space used in a directory exclusive of subdirectories
Space used in a directory inclusive of subdirectories

Features include:

The user may select which of the above are to be displayed, in what order, and the width of the columns.
A template file containing text and substitution identifiers may be used. This allows any combination of values to be given in any format and may be useful to create a batch file of commands incorporating file names.
The results may be filtered on any value e.g. it is possible to display details of files greater than a certain size, files which are compressed, or all files and directories owned by a particular user.
Filters may be combined in a logical expression e.g. “(owner=John) and (size gt 100mb)”.
Can display only the total files or directories.
Can display file and directory information for both Windows and NetWare drives. The full NetWare functionality is available when run on a machine with the NetWare client installed.

[ Home | Purchasing | JRButils for NetWare | JRButils for AD | Search ]