Thursday, April 14, 2011

VB script to create OU in active directory

                A Simple vb script to create a OU ( Organizational unit ) in the Active directory. Please find the below script, edit the script as your needs. I will explain in both picture and video. Please tell your comments.

Set objDomain = GetObject("LDAP://DC=test, DC=com")
Set objOU = objDomain.Create("organizationalUnit", "OU=North_Bay")

Saturday, April 9, 2011

Trust types in active directory

   Communications between the domains through trusts. The trust are authentication pipelines that are must be present in order for clients in one domain to access resources in another domain. By default two trusts are created, during the active directory installation. The other four types of trust can be created using the new trust wizard or netdom cmd line tool.

Trust protocols in active directory

            The Domain controller running windows 2003 server authenticates users and application using one of the two protocols: kerberos and NTLM. The kerberos protocol is the default protocol for clients running windows 2000, XP Pro or Server 2003. The kerberos protocol, the client request a ticket from a domain controller in its domain to the server in the trusting domain., the ticket issued by an intermediary trusted by the client and the server. The client presents this trusted ticket to the server in the trusting domain for authentication.
           If a client tries too access resources on a server in another domain using NTLM authentication, the server containing the resources must contact a domain controller in the client account domain to verify the account credentials.

Active directory trust in windows 2000 and windows 2003

                    All trusts in a Windows 2000 and Windows Server 2003 forest are transitive, two-way trusts. Therefore, both domains in a trust relationship are trusted.

Trusts in Windows NT

        In windows NT 4.0 the trust are limited to two domains and the trust relationship is one-way and non-transitive.

What is mean by Trust in active directory

                       A trust is a relationship between domains that enable the users in one domain to be authenticated by a domain controller  in the other domain. the trust relationship in NT are differ than in windows 2000 and windows server 2003.

Thursday, April 7, 2011

Types of Schema Modifications in active directory

The following modification, we can make in the schema on the active directory

  • Redefining a deactivated class or attribute
  •  Creating a new attribute
  •  Modifying an existing attribute
  •  Deactivating a class or an attribute
  •  Activating a deactivated class or attribute
  •  Creating a new class
  •  Modifying an existing class
                   I will post about the above topics in detail, As Soon as possible

Tuesday, April 5, 2011

How to get or find the remote system up-time.

To find the system uptime in the local system.

                In local system we can find the system uptime, by using the following command in the command prompt.
 “net stats srv
 It will give the system statistics with uptime…

To find the system uptime of remote system.
                We find the remote system uptime, with the help of PSTOOL utility. We need to download the utility from the following location After download and extract the zip file and extract to “C” Drive or any location. Then go to the command prompt in the pstool extracted location. For example c:\pstool.

In the command prompt the below syntax command will be used for login to remote system.

Psexec \\remotesystemname or \\remotesystem-ipaddress cmd

The cmd is used for login  to remote system command prompt.

C:\pstool>psexec \\ cmd
After executing this command, remote system command prompt will appear.
Then execute this command “net stats srv”. You will get the results for remote system uptime and statistics.

Group types in active directory

                   Group is a collection of user, computer accounts and other group accounts into controllable unit. Groups help simplify network tasks, maintenance and administrations.

Two types of Groups in Active directory:-
  • Distributions groups
  • Security groups

Distributions groups:-

                This group can be used only for e-mail distributions such as in exchange server, for sending the e-mail to multiple users. It’s not securely-enabled; because it not listed in DACLs (Discretionary access control lists). We can’t use to filter group policy settings and also we can’t give permission to this type of groups.

Security groups:-

                This group can be used to grant permission for resources like shared folders. It is listed in the DACLs. If we would like assign permission for a shared folder to 200 users, better way to create a security group and assign the permission to that group and add users that group. We can assign user rights to security groups, by using GP (group policy) to help delegate specific tasks.


Monday, April 4, 2011

What are Schema Classes and Attributes

            If we create a directory object is an instance of an object class it’s contained in the schema. Every object class contains a list of associated attributes, it’s give the information of the object. Attributes and classes defined independently, so single attribute can contain with multiple classes. All attributes and schema classes are defined by the class schema and attribute schema objects.

                There are three types of classes in the schema. 

Structural Class – this class is used to objects like (computers and users) in the active directory.
Abstract Class – this class is used to deriving the structural classes
Auxiliary Class – this class contains predefined attributes, it can be include in the structural and abstract classes.

Class Schema:
                ClassSchema object is used to define the classes in the schema, it provide the template for building active directory objects of the class.
Attributes Schema:
                 AttributeSchema objects are used to define attributes in the schema. An attributeSchema object determines the allowable contents and syntax for instances of that attribute in the director

Sunday, April 3, 2011

How to migrate printer servers by using "printbrm" utility

            The "printbrm" tools is located in the "%windir%\system32\spool\tool". By using the printbrm tool we can export print queues, printer settings, printer ports, and language monitors; Also we can import to another printer server running a windows operating system. We can do this in a efficient way.


     To Export the printer settings.

     Printbrm -s \\<sourcecomputername> -b -f <filename>.printerExport

     To migrate or transfer the printer settings to another printer server.

     Printbrm -s \\<destinationcomputername> -r -f <filename>.printerExport