Search Results

Search found 50 results on 2 pages for 'adsi'.

Page 1/2 | 1 2  | Next Page >

  • ADSI, SQL, Exchange Server 2010

    - by WernerCD
    Maybe I'm barking up the wrong tree... We have a Domain Controller "DC1". We have Exchange Server 2010 "Postman". Say I have an Address Book: And I add a few contacts to it: How then do I get the data from that contact via ADSI? Say I want the Job Title or CustomerID field that I filled out in the Contacts list? SELECT * FROM OPENQUERY(ADSI, 'SELECT EXTENSIONATTRIBUTE15 ,DISPLAYNAME ,GIVENNAME ,NAME ,SN ,SAMACCOUNTNAME FROM ''LDAP://DC=ATLANTICGENERAL,DC=ORG'' WHERE USERACCOUNTCONTROL=512 AND SAMACCOUNTTYPE=805306368 AND OBJECTCLASS=''PERSON'' AND OBJECTCLASS=''USER'' ORDER BY SAMACCOUNTTYPE ') How can I tie the Contact Card to an Active Directory User, so that I can edit either the AD account information OR the Exchange information and have them synced up?

    Read the article

  • Creating an IIS 6 Virtual Directory with PowerShell v2 over WMI/ADSI

    - by codepoke
    I can create an IISWebVirtualDir or IISWebVirtualDirSetting with WMI, but I've found no way to turn the virtual directory into an IIS Application. The virtual directory wants an AppFriendlyName and a Path. That's easy because they're part of the ...Setting object. But in order to turn the virtual directory into an App, you need to set AppIsolated=2 and AppRoot=[its root]. I cannot do this with WMI. I'd rather not mix ADSI and WMI, so if anyone can coach me through to amking this happen in WMI I'd be very happy. Here's my demo code: $server = 'serverName' $site = 'W3SVC/10/ROOT/' $app = 'AppName' # If I use these args, the VirDir is not created at all. Fails to write read-only prop # $args = @{'Name'=('W3SVC/10/ROOT/' + $app); ` # 'AppIsolated'=2;'AppRoot'='/LM/' + $site + $app} # So I use this single arg $args = @{'Name'=($site + $app)} $args # Look at the args to make sure I'm putting what I think I am $v = set-wmiinstance -Class IIsWebVirtualDir -Authentication PacketPrivacy ` -ComputerName $server -Namespace root\microsoftiisv2 -Arguments $args $v.Put() # VirDir now exists # Pull the settings object for it and prove I can tweak it $filter = "Name = '" + $site + $app + "'" $filter $v = get-wmiobject -Class IIsWebVirtualDirSetting -Authentication PacketPrivacy ` -ComputerName $server -Namespace root\microsoftiisv2 -Filter $filter $v.AppFriendlyName = $app $v.Put() $v # Yep. Changes work. Goes without saying I cannot change AppIsolated or AppRoot # But ADSI can change them without a hitch # Slower than molasses in January, but it works $a = [adsi]("IIS://$server/" + $site + $app) $a.Put("AppIsolated", 2) $a.Put("AppRoot", ('/LM/' + $site + $app)) $a.Put("Path", "C:\Inetpub\wwwroot\news") $a.SetInfo() $a Any thoughts?

    Read the article

  • Programmatically add an ISAPI extension dll in IIS 7 using ADSI?

    - by fretje
    I apologize beforehand, this is a cross post of this SO question. I thought I'd ask it there first, but apparently it doesn't harvest any answers there. I hope it will get more attention here. When I have an answer somewhere, I'll delete the other one. I'm trying to programmatically add an ISAPI extension dll in IIS using ADSI. This has been working for ages on previous versions of IIS, but it seems to fail on IIS 7. I am using similar code like shown in this question: var web = GetObject("IIS://localhost/W3SVC/1/ROOT/specificVirtualDirectory"); var maps = web.ScriptMaps.toArray(); map[maps.length] = ".aaa,c:\\path\\to\\isapi\\extension.dll,1,GET,POST"; web.ScriptMaps = maps.asDictionary(); web.SetInfo(); After executing that code, I do see an "AboMapperCustom-12345678" entry for that specific dll in the "Handler mappings" of the specific virtual directory in which I added the script map. But when I try to use that extension in a browser, I always get HTTP Error 404.2 Not Found The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server. Even after adding an entry to allow that specific dll in the "ISAPI and CGI restrictions", I keep getting that error. To make it actually work, I first have to undo these steps (encountering the same issue like the OP of the question mentioned above: after deleting the script map entry from the IIS manager GUI, I also have to programmatically delete it using ADSI before it's actually gone from the metabase). And then manually add an entry like this: inetmgr - webserver - website - virtual directory - handler mappings - add script map... path = *.dll, executable = <path to dll>, name = <doesn't matter, but it's mandatory> click "yes" on the question "do you want to allow this ISAPI extension?" When I compare the 2 entries, they are exactly the same, except for the "Entry Type" which seems to be "Inherited" for the programmatically added one and "Local" for the one added manually. The strange thing is, even though it says "Inherited", I don't see it anywhere in IIS on a higher level. Where is it inheriting from? In my code, I do add the script map to the specific virtual directory so it should be "Local" as well. Maybe there is the problem, but I don't know how to add a "Local" Script Map using ADSI. I really would like to keep using the ADSI method, as otherwise I will have to use different methods in our setup when working with IIS 7 or previous versions, and I would like to avoid that. To recap: How can I programmatically add a script map entry and its companion CGI and ISAPI restrictions entry to IIS 7 using ADSI? Anybody who can shed some light on this? Any help appreciated.

    Read the article

  • Find Users E-Mail via SID using VBScript and ADSI

    - by er4z0r
    Hi, I am parsing log messages about changes to user accounts on a windows system. I want to notify the user about the changes so I need to retrieve their personal information (First,Last, E-Mail) from Active Directory. I already found a way to retrieve the username but that is only via WMI and not ADSI: Function FindUser(Message) Dim objWMIService Dim strAccountRegex Dim objRegex Dim objMatch Dim strComputer Dim objUser Dim objShell strAccountRegex = "(\%\{[A-Z,0-9,\-]*\})" strComputer = "." Wscript.StdOut.writeLine "Querying WMI to retrieve user-data" Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set objShell = WScript.CreateObject("WScript.Shell") Set objRegex = new RegExp objRegex.Pattern= strAccountRegex for each objMatch in objRegex.Execute(Message) REM Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value Dim strSID strSID=NormalizeSID(objMatch.value) REM Wscript.Echo "SID after escaping: " & strSID Set objUser = objWMIService.Get _ ("Win32_SID.SID='" & strSID & "'") next FindUser=objUser.ReferencedDomainName & "\" & objUser.AccountName End Function It works fine, but I would like to do it via Active Directory instead of going via WMI. Can you help me?

    Read the article

  • What is better for non-active directory stuff, WMI or ADSI?

    - by nbolton
    I've used both technologies in C# for some time now and thus far have not been able to figure out which is better (in terms of ease of use). It seems to me that because there is support for Windows 95 in WMI, it's an older technology than ADSI (which I assume was invented along with Active Directory). However, despite the hint that ADSI is "for AD", I've used it for several non-AD things, such as managing IIS and local users. So, for those sort of tasks (managing IIS and local users), which is more practical? WMI or ADSI? Consider also that I'm using C# to implement these technologies, not vbscript. However, this may equally apply to vbscript.

    Read the article

  • How a password is transmited to AD Server

    - by erdogany
    My question is how ADSI performs SetPassword operation. According to what I have read ADSI is a COM interface and it has more capabilities than AD provides through LDAP. While you are suppose to update unicodePwd attribute of a personaccount entity through LDAP, ADSI provides you SetPassword call. I know that ADSI & AD provides Kerberos during authentication. So how the password is transmitted to server when SetPassword is called? Is it raw binary unencrypted data? Or does Kerberos comes into play at this call?

    Read the article

  • Querying Active Directory in PowerShell from a Windows host that is not a member of the domain

    - by jshin47
    How can I use PowerShell [adsisearcher] to query a domain that I am not a member of? Usually I will do something like this: $myAdsi = [adsisearcher]"" $myAdsi.SearchRoot = [adsi]"LDAP://dc=corp,dc=mycompany,dc=com" $myAdsi.Filter = "objectCategory=computer" $res = $myAdsi.FindAll() If I run this snippet on a host in my domain, I get the expected result. However, if I run this from a computer that has network access to the domain (through a L2L VPN) I get the error: Exception calling "FindAll" with "0" argument(s): "The specified domain either does not exist or could not be contacted. " At line:11 char:33 + $adComputers = $searcher.FindAll <<<< () + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException This is somewhat expected as I have not provided any sort of credentials to [adsisearcher] that would tell it how to authenticate. My question is: how do I let [adsisearcher] know that I want to authenticate against a domain in which I am not a member?

    Read the article

  • Global Address List, Multiple All Address Lists in CN=Address Lists Container

    - by Jonathan
    When my colleges (that was way before my time here) updated Exchange 2000 to 2003 a English All Address Lists appeared in addition to the German variant. The English All Address Lists have German titled GAL below it. This has just been a cosmetic problem for the last few years. Now as we are in the process of rolling out Exchange 2010 this causes some issues. Exchange 2010 picked the wrong i.e. English Address Lists Container to use. In ADSI Editor we see CN=All Address Lists,CN=Address Lists Container,CN=exchange org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain and CN=Alle Adresslisten,CN=Address Lists Container,CN=exchange org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain. In the addressBookRoots attribute of CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain both address lists were stored as values. We removed the English variant from addressBookRoots and restarted all (old and new) Exchange servers. User with mailboxes on the Exchange 2003 now only sees the German variant. Exchange 2010 is still stuck with the English/Mixed variant as are Users on Exchange 2010. Our goal would be to have Outlook display the German title of All Address Lists and get rid of the wrong Address Lists Container.

    Read the article

  • Public Folders - Delete Public Folders from 2003 after migrating to 2010 (via Adsiedit) - safe?

    - by HeavenCore
    Similar Question: How do I delete a public store in Exchange 2003? We are ready to remove our Exchange 2003 server after having migrated all public folders and mailboxes to 2010. We ran for a week with the exchange 2003 server shutdown and everything seemed to work. When I try to delete the PF database from 2003 it says it contains replicas. Whilst migrating i only had one was sync working (from 2003 to 2010) so i believe that 2003 hasn't received the responses from 2010 saying replica removed. When I look in Public folders on the 2003 box none are listed, when i look in PF Instances they are all listed. I know everything has moved to the 2010 server and I know 2010 is not showing the 2003 server as a replica for any folders. I am looking to use ADSI edit to remove the Public folder database from the 2003 server, but want to ensure i am going to delete the right thing so that they do not get deleted from the 2010 database. Should i delete configuration, Services, Microsoft Exchange, Company Name, Administrative groups, First administrative group, Servers, Server name, Information store, First storage group, public folder store (Server name)? Or something else? I have checked and the only public folder with the old exchange server listed as a replica is SYSTEM CONFIGURATION. Thanks in advance.

    Read the article

  • ADSIEdit Cleanup After Exchange 2003 Crash During Transition To Exchange 2010

    - by ThaKidd
    Hello all. I would value some input from a few Exchange 2010 experts. I have almost completed the transition from Exchange 2003 Standard to Exchange 2010 Standard. Everything went smoothly until I tried to uninstall Exchange 2003. At that point the server bit the dust and died completely. I now have NO access to the old Exchange System Management MMC as I am running Windows 2008 SR2 and Windows 7 only. I can only fix this with ADSIEdit, EMShell, and EMConsole. I have used the 2010 shell to move/remove/verify that all mailboxes, public folders and OAB are hosted on Exchange 2010. I also verified that the routing connector has been deleted. The only two things that were not done was to remove the Recipient Update Service and actually perform the removal of the 2003 software. I have spent a lot of time going through ASDIedit and have located the old Administrative Group and the Exchange 2003 server listed under it. I also located the Recipient Update Service which includes two entries; Enterprise and my domain name. I have read that it is an unwise idea to remove the old administrative group so I won't bother messing with that. I am repeatedly getting three warnings in the Application Log. Both are from MSExchangeTransport EventID 5006 (Cannot find route to Mailbox Server OLDSERVER) and 5020 (The topology doesn't contain a route to Exchange 2000 Server or Exchange Server 2003) So my questions are: To clean out AD of the old Exchange 2003 info, can I delete the server name folder (Configuration - Services - Microsoft Exchange - ExchOrg - Administrative Groups - First Administrative Group - Servers - Old Server) and also delete the Update Recipient Service (Enterprise) and Update Recipient Service (DOMAIN) containers safely? Are there any additional items I need to address to ensure the AD is clean? Thanks in advance for your help!

    Read the article

  • ADSIEdit freezes gettings properties of a group with hundred of thousands members

    - by ixe013
    Doing performance testing on an AD-LDS (Server 2008 R2 64 bits), we created a milion user in a single OU. We also created a single group object and made those milion users member of that group. When we try to list the milion of users ADSIEdit times out with an error message saying it cannot display that many users. Fine. But if we open the properties for the group, ADSIEdit freezes, eating up all available memory and CPU trashing (nearly 60M page faults in under an hour). AD-LDS (running on another computer) is barely hitting the 1% CPU mark, servicing other ldap requests as if nothing were. We can throw more memory at the problem, but more users will have to be managed one day and we will be back at square one. Is there a way to set a limit in ADSIEdit so that it will not hang the computer when retreving a very large multi-value object ?

    Read the article

  • Unable to Uninstall Exchange 2010 ("Internet Newsgroups" public folder)

    - by helplessITguy
    I am trying to uninstall Exchange 2010, before installing a new instance of Exchange 2010 SP1 on a different server. (Our production Exchange server is 2003) We have met all of the Mailbox uninstall prereqs except for the following: Error: Uninstall cannot continue. Database 'Public Folder Database 1579722947': The public folder database "Public Folder Database 1579722947" contains folder replicas. Before deleting the public folder database, remove the folders or move the replicas to another public folder database. For detailed instructions about how to remove a public folder database, see http://go.microsoft.com/fwlink/?linkid=81409&clcid=0x409. Recommended Action: We have been able to delete all Public Folders in the 2010 storage group except for the one (previously replicated) folder - "Internet Newsgroups". How can I delete this folder without impacting public folders on the production Exchange 2003 server? We have: verified permissions to the public folder removed replication for the folder on (on the Exch 2010 server) tried PowerShell scripts: RemoveReplicaFromPFRecursive Get-PublicFolder -Server "\" -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Server -Recurse -ErrorAction:SilentlyContinue

    Read the article

  • Find Users E-Mail via SID using VBScript and Active Directory

    - by er4z0r
    Hi, I am parsing log messages about changes to user accounts on a windows system. I want to notify the user about the changes so I need to retrieve their personal information (First,Last, E-Mail) from Active Directory. I already found a way to retrieve the username but that is only via WMI and not ADSI: Function FindUser(Message) Dim objWMIService Dim strAccountRegex Dim objRegex Dim objMatch Dim strComputer Dim objUser Dim objShell strAccountRegex = "(\%\{[A-Z,0-9,\-]*\})" strComputer = "." Wscript.StdOut.writeLine "Querying WMI to retrieve user-data" Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set objShell = WScript.CreateObject("WScript.Shell") Set objRegex = new RegExp objRegex.Pattern= strAccountRegex for each objMatch in objRegex.Execute(Message) REM Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value Dim strSID strSID=NormalizeSID(objMatch.value) REM Wscript.Echo "SID after escaping: " & strSID Set objUser = objWMIService.Get _ ("Win32_SID.SID='" & strSID & "'") next FindUser=objUser.ReferencedDomainName & "\" & objUser.AccountName End Function It works fine, but I would like to do it via Active Directory instead of going via WMI. Can you help me?

    Read the article

  • Searching global catalog

    - by Will I Am
    If I do a query (I plan to use SDS.P) against the global catalog, what should the starting path be so I can search the entire GC? I want to enumerate all users in GC, for example. Let's say my gc has users for 3 domains (one parent, two children): TEST.COM ONE.TEST.COM TWO.TEST.COM and i'm on a computer in ONE.TEST.COM. I do not want to hardcode DC=XXX,DC=yyy, I would like to determine that at runtime. TIA! -Will

    Read the article

  • Windows Server 2008 R2: ASP queries to IIS fail with UAC enabled

    - by MisterZimbu
    I have some ASP code that creates a virtual directory in IIS. However, when running on IIS7 in Windows Server 2008 R2, the call to GetObject fails with "permission denied". This only occurs when UAC is enabled; the entire process works perfectly if UAC is disabled. Set objIIS = GetObject("IIS://localhost/W3SVC/" & siteNumber & "/Root") siteNumber itself is a valid parameter (as the system works fine if UAC is off). Any ideas of a workaround I can make for this? Unfortunately turning off UAC at this point is not an option.

    Read the article

  • Creating an HTTP-Redirected Virtual Directopry in IIS 6.0 without specifying physical path & WMI/ADS

    - by Steve Johnson
    My question is : Is it possible to create a working IIS 6.0 Virtual Directory with providing Physical Path of the Virtual Directory.? I know that manually, it is not possible via IIS but programmatically such a virtual directory can be created. If an HTTPRedirect is set on that virtual directory but the site physical path is not specified, then will it work? Simply stated, how to create an HTTp-redirected Virtual Directory , directly without specifying any physical path to a folder or network share. Here is my code. Try If Directory.Exists(HomeDirectory) = False And Path.StartsWith("http://") = False Then Directory.CreateDirectory(HomeDirectory) End If Dim website As DirectoryEntry website = New DirectoryEntry("IIS://" & IISServer & "/W3SVC/" & WebsiteId & "/Root") Dim NewVDir As DirectoryEntry = website.Children.Add(VDirName, "IIsWebVirtualDir") If Path.StartsWith("http://") = False Then NewVDir.Properties("Path")(0) = Path NewVDir.Properties("HttpRedirect").Clear() Else NewVDir.Properties("HttpRedirect")(0) = Path End If If ((Perm And Permission.Read) = Permission.Read) Then NewVDir.Properties("AccessRead")(0) = True End If If ((Perm And Permission.Write) = Permission.Write) Then NewVDir.Properties("AccessWrite")(0) = True End If If ((Perm And Permission.DirBrowse) = Permission.DirBrowse) Then NewVDir.Properties("EnableDirBrowsing")(0) = True End If If ((Perm And Permission.CreatetApplication) = Permission.CreatetApplication) Then NewVDir.Invoke("AppCreate", True) End If If ((Perm And Permission.ScriptOnly) = Permission.ScriptOnly) Then NewVDir.Properties("AccessScript")(0) = True End If If ((Perm And Permission.ScriptNExecute) = Permission.ScriptNExecute) Then NewVDir.Properties("AccessExecute")(0) = True End If NewVDir.Properties("AuthAnonymous")(0) = True NewVDir.Properties("AuthNTLM")(0) = True NewVDir.Properties("AnonymousUserName")(0) = AnonUserName NewVDir.Properties("AnonymousUserPass")(0) = AnonPassword NewVDir.Properties("AppFriendlyName")(0) = AppFriendlyName NewVDir.CommitChanges() website.CommitChanges() NewVDir.Close() website.Close() Success = True Catch Err As Exception Throw New Exception("My Custom Exception Here: " & Err.Message) End Try

    Read the article

  • Active directory logonCount is 0, though the user has logged in

    - by Arun
    For a user in active directory, the properties hold values for lastlogontime & lastlogontimestamp but the logoncount is 0. I am having only one domain controller in that domain. I found from surfing, that logonCount value of 0 indicates that the value is unknown. But I am totally confused with why it is unknown. Is that an issue with AD.

    Read the article

  • Zenoss Setup for Windows Servers

    - by Jay Fox
    Recently I was saddled with standing up Zenoss for our enterprise.  We're running about 1200 servers, so manually touching each box was not an option.  We use LANDesk for a lot of automated installs and patching - more about that later.The steps below may not necessarily have to be completed in this order - it's just the way I did it.STEP ONE:Setup a standard AD user.  We want to do this so there's minimal security exposure.  Call the account what ever you want "domain/zenoss" for our examples.***********************************************************STEP TWO:Make the following local groups accessible by your zenoss account.Distributed COM UsersPerformance Monitor UsersEvent Log Readers (which doesn't exist on pre-2008 machines)Here's the Powershell script I used to setup access to these local groups:# Created to add Active Directory account to local groups# Must be run from elevated prompt, with permissions on the remote machine(s).# Create txt file should contain the names of the machines that need the account added, one per line.# Script will process machines line by line.foreach($i in (gc c:\tmp\computers.txt)){# Add the user to the first group$objUser=[ADSI]("WinNT://domain/zenoss")$objGroup=[ADSI]("WinNT://$i/Distributed COM Users")$objGroup.PSBase.Invoke("Add",$objUser.PSBase.Path)# Add the user to the second group$objUser=[ADSI]("WinNT://domain/zenoss")$objGroup=[ADSI]("WinNT://$i/Performance Monitor Users")$objGroup.PSBase.Invoke("Add",$objUser.PSBase.Path)# Add the user to the third group - Group doesn't exist on < Server 2008#$objUser=[ADSI]("WinNT://domain/zenoss")#$objGroup=[ADSI]("WinNT://$i/Event Log Readers")#$objGroup.PSBase.Invoke("Add",$objUser.PSBase.Path)}**********************************************************STEP THREE:Setup security on the machines namespace so our domain/zenoss account can access itThe default namespace for zenoss is:  root/cimv2Here's the Powershell script:#Grant account defined below (line 11) access to WMI Namespace#Has to be run as account with permissions on remote machinefunction get-sid{Param ($DSIdentity)$ID = new-object System.Security.Principal.NTAccount($DSIdentity)return $ID.Translate( [System.Security.Principal.SecurityIdentifier] ).toString()}$sid = get-sid "domain\zenoss"$SDDL = "A;;CCWP;;;$sid" $DCOMSDDL = "A;;CCDCRP;;;$sid"$computers = Get-Content "c:\tmp\computers.txt"foreach ($strcomputer in $computers){    $Reg = [WMIClass]"\\$strcomputer\root\default:StdRegProv"    $DCOM = $Reg.GetBinaryValue(2147483650,"software\microsoft\ole","MachineLaunchRestriction").uValue    $security = Get-WmiObject -ComputerName $strcomputer -Namespace root/cimv2 -Class __SystemSecurity    $converter = new-object system.management.ManagementClass Win32_SecurityDescriptorHelper    $binarySD = @($null)    $result = $security.PsBase.InvokeMethod("GetSD",$binarySD)    $outsddl = $converter.BinarySDToSDDL($binarySD[0])    $outDCOMSDDL = $converter.BinarySDToSDDL($DCOM)    $newSDDL = $outsddl.SDDL += "(" + $SDDL + ")"    $newDCOMSDDL = $outDCOMSDDL.SDDL += "(" + $DCOMSDDL + ")"    $WMIbinarySD = $converter.SDDLToBinarySD($newSDDL)    $WMIconvertedPermissions = ,$WMIbinarySD.BinarySD    $DCOMbinarySD = $converter.SDDLToBinarySD($newDCOMSDDL)    $DCOMconvertedPermissions = ,$DCOMbinarySD.BinarySD    $result = $security.PsBase.InvokeMethod("SetSD",$WMIconvertedPermissions)     $result = $Reg.SetBinaryValue(2147483650,"software\microsoft\ole","MachineLaunchRestriction", $DCOMbinarySD.binarySD)}***********************************************************STEP FOUR:Get the SID for our zenoss account.Powershell#Provide AD User get SID$objUser = New-Object System.Security.Principal.NTAccount("domain", "zenoss") $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) $strSID.Value******************************************************************STEP FIVE:Modify the Service Control Manager to allow access to the zenoss AD account.This command can be run from an elevated command line, or through Powershellsc sdset scmanager "D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;CCLCRPRC;;;PUT_YOUR_SID_HERE_FROM STEP_FOUR)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)"******************************************************************In step two the script plows through a txt file that processes each computer listed on each line.  For the other scripts I ran them on each machine using LANDesk.  You can probably edit those scripts to process a text file as well.That's what got me off the ground monitoring the machines using Zenoss.  Hopefully this is helpful for you.  Watch the line breaks when copy the scripts.

    Read the article

  • A tale of two useful utilities

    - by TATWORTH
    This time I want to introduce you to two utilities that both have a tail! The first is the BeaverTail ADSI browser at http://adsi.mvps.org/adsi/CSharp/beavertail.html. This is a useful utility for doing active directory queries. This is free for both personal and commercial use. The souece code is also available. The second is a windows equivalent to the unit tail command to allow easy reading of flat file logs. This is free for personal use but must be registered for commercial use. Download it from http://www.uvviewsoft.com/logviewer/

    Read the article

  • PowerShell &ndash; Recycle All IIS App Pools

    - by Lance Robinson
    With a little help from Shay Levy’s post on Stack Overflow and the MSDN documentation, I added this handy function to my profile to automatically recycle all IIS app pools.           function Recycle-AppPools {     param(     [string] $server = "3bhs001",     [int] $mode = 1, # ManagedPipelineModes: 0 = integrated, 1 = classic     )  $iis = [adsi]"IIS://$server/W3SVC/AppPools" $iis.psbase.children | %{ $pool = [adsi]($_.psbase.path);    if ($pool.AppPoolState -eq 2 -and $pool.ManagedPipelineMode -eq $mode) {    # AppPoolStates:  1 = starting, 2 = started, 3 = stopping, 4 = stopped               $pool.psbase.invoke("recycle")      }   }}

    Read the article

  • Understanding Collabnet&rsquo;s LDAP binding

    - by Robert May
    We want to use both subversion usernames and passwords as well as Active Directory for our authentication on our Collabnet subversion server. This has proven to be more of a challenge than we thought, mostly because Collabnet’s documentation is pretty poor. To supplement that documentation, I add my own. The first thing to understand is that the attribute that you specify in the LDAP Login Attribute ONLY applies to lookups done for the user.  It does NOT apply to the LDAP Bind DN field.  Second, know that the debug logs (error is the one you want) don’t give you debug information for the bind DN, just the login attempts.  Third, by default, Active Directory does not allow anonymous binds, so you MUST put in a user that has the authority to query the Active Directory ldap. Because of these items, the values to set in those fields can be somewhat confusing.  You’ll want to have ADSI Edit handy (I also used ldp, which is installed by default on server 2008), since ADSI Edit can help you find stuff in your active directory.  Be careful, you can also break stuff. Here’s what should go into those fields. LDAP Security Level:  Should be set to None LDAP Server Host:  Should be set to the full name of a domain controller in your domain.  For example, dc.mydomain.com LDAP Server Port:  Should be set to 3268.  The default port of 389 will only query that specific server, not the global catalog.  By setting it to 3268, the global catalog will be queried, which is probably what you want. LDAP Base DN:  Should be set to the location where you want the search for users to begin.  By default, the search scope is set to sub, so all child organizational units below this setting will be searched.  In my case, I had created an OU specifically for users for group policies.  My value ended up being:  OU=MyOu,DC=domain,DC=org.   However, if you’re pointing it to the default Users folder, you may end up with something like CN=Users,DC=domain,DC=org (or com or whatever).  Again, use ADSI edit and use the Distinguished Name that it shows. LDAP Bind DN:  This needs to be the Distinguished Name of the user that you’re going to use for binding (i.e. the user you’ll be impersonating) for doing queries.  In my case, it ended up being CN=svn svn,OU=MyOu,DC=domain,DC=org.  Why the double svn, you might ask?  That’s because the first and last name fields are set to svn and by default, the distinguished name is the first and last name fields!  That’s important.  Its NOT the username or account name!  Again, use ADSI edit, browse to the username you want to use, right click and select properties, and then search the attributes for the Distinguished Name.  Once you’ve found that, select it and click View and you can copy and paste that into this field. LDAP Bind Password:  This is the password for the account in the Bind DN LDAP login Attribute: sAMAccountName.  If you leave this blank, uid is used, which may not even be set.  This tells it to use the Account Name field that’s defined under the account tab for users in Active Directory Users and Computers.  Note that this attribute DOES NOT APPLY to the LDAP Bind DN.  You must use the full distinguished name of the bind DN.  This attribute allows users to type their username and password for authentication, rather than typing their distinguished name, which they probably don’t know. LDAP Search Scope:  Probably should stay at sub, but could be different depending on your situation. LDAP Filter:  I left mine blank, but you could provide one to limit what you want to see.  LDP would be helpful for determining what this is. LDAP Server Certificate Verification:  I left it checked, but didn’t try it without it being checked. Hopefully, this will save some others pain when trying to get Collabnet setup. Technorati Tags: Subversion,collabnet

    Read the article

  • OCS 2007 R2 User Properties Error Message

    - by BWCA
    When I attempted to configure one of our user’s Meeting settings using the Microsoft Office Communications Server 2007 R2 Administration Tool   I received an Validation failed – Validation failed with HRESULT = 0XC3EC7E02 dialog box error message. I received the same error message when I tried to configure the user’s Telephony and Other settings. Using ADSI Edit, I compared the settings of an user that I had no problems configuring and the user that I had problems configuring.  For the user I had problems configuring, I noticed a trailing space after the last phone number digit for the user’s msRTCSIP-Line attribute. After I removed the trailing space for the attribute and waited for Active Directory replication to complete, I was able to configure the user’s Meeting settings (and Telephony/Other settings) without any problems. If you get the error message, check your user’s msRTCSIP-xxxxx attributes in Active Directory using ADSI Edit for any trailing spaces, typos, or any other mistakes.

    Read the article

1 2  | Next Page >