breednet

Long time between posts, and I wanted to provide some info for a common issue. Say you are an IT admin and a user calls the helpdesk, but they cannot remember their login name. You also want to see their group memberships as well in Active Directory. You can even reset that user’s password.

There are a set of tools from Microsoft called DSTOOLS that can help you with performing the following tips if you are not on a Windows Server. You can run these from Windows XP.

You could ask them to hit CTRL+ALT+DELETE and look there, but instead of having them feel stupid, you could also run the following command on your Directory Server (you can query by their last name). All of these commands are run without quotes. The quotes are there to identiy areas where YOU need to supply your own information on the command line.

DSQUERY USER -name “last_name” | DSGET USER -samid -display

If you also want to get their full name, you can run the following (once you get their login_name from above:

DSQUERY USER -samid “login_name” | DSGET USER -samid -display

Also, if you have the login_name, you can then see all of their group memberships by running:

DSQUERY USER -samid “login_name” | DSGET USER -memberof -expand

Finally, if you want to reset their password, you can even do that by running:

DSQUERY USER -samid “login_name” | DSMOD USER -pwd “type_a_new_password”

The Windows XP setupp.ini file controls how the installation media behaves. Is the install source an OEM version or retail copy of WIndows XP? First, locate the setupp.ini file in the \i386 directory on your Windows XP CD. Open in a text editor, and the contents will look something like this:

ExtraData=707A667567736F696F697911AE7E05
Pid=55034000

The Pid value is what we’re interested in. What’s there now looks like a standard default. There are special numbers that determine if it’s a retail, OEM, or volume license edition. First, we break down that number into two parts.

The first five digits determines how the CD will behave. Is the CD a retail CD that will allow either a clean install or upgrade, or an OEM CD that only allows a clean install?

The last three digits determines what CD key it will accept. You are able to mix and match these values. For example, you could make a Windows XP CD that acted like a retail CD, yet accepted OEM keys.

Now, for the actual values. Remember the first and last values are interchangeable, but usually you’d keep them as a pair:

Retail = 51882 335
Volume License = 51883 270
OEM = 82503 OEM

So if you wanted a retail CD that took retail keys, the last line of your setupp.ini file would read:

Pid=51882335

And if you wanted a retail CD that accepts OEM keys, you’d use:

Pid=51882OEM

Note that this does NOT get rid of Windows XP activation. Changing the Pid to a Volume License will not bypass activation. You must have a volume license (corporate) key to do so.

I will soon post a guide for how to slipstream all of the WIndows XP SP3+Updates into a new ISO image. Stay tuned.

I had a need to build a quick and simple shell script to quickly gather all of the user email addresses and descriptions from a MS Active Directory Domain Controller, so I could cross-reference with some user security rights and user identity tracking I was doing for a customer.

First, I had a CentOS 5.3 server that I need to get the ldapsearch binary installed. To do this, all you need to do is install the openldap-clients RPM package by running yum install openldap-clients from a command line.

Once this finishes, create a new file (vi newfile.sh) and add the following (change the bolded areas to suit your needs):

#!/bin/sh

ldapsearch -x -LLL -E pr=200/noprompt -h 1.2.3.4 -D “administrator@subdomain.somedomain.com” -w somepassword -b “ou=Some Users, dc=subdomain, dc=somedomain, dc=com” -s sub “(cn=*)” cn mail description

Escape then :wq! to save in vi. Be sure to chmod +x newfile.sh to make executable.

The output of this script will spit out full CN path, email address and the description field within MS Active Directory, which administrators often use as a free-text field for job title or description.

Recently, I had the need to create a large number of Active Directory users. I had an Excel spreadsheet with all the necessary info (CN, sAMAccountname, First and Last Name, email, phone number, job description), and I remembered reading on Microsoft Technet years ago for how to do this.

Sure enough, there is an article out there called “Create User Accounts from Information in an Excel Spreadsheet“. I very quickly was able to get 300+ users plugged into AD, customizing this for my needs.

If you use Windows Servers and Mac OS X in the same environment and share files, more than likely you have encountered seeing a bunch of .DS_Store files and files that start with ._ on your Windows file servers and SMB shares.

There are several ways you can take care of this on both the Mac OS X client and the Windows Server side.

On your Mac OS X, you can prevent creation of .DS_Store files by opening Terminal and typing the following command:

defaults write com.apple.desktopservices DSDontWriteNetworkStores true

You will need to hit return and restart your Mac for changes to take effect.

More information is detailed in the following KB article from Apple Support.

On your Windows Server, there are a variety of tools, scripts and utilities you can use to both run through your drive and delete these files or even monitor in real-time for their creation and deletion. One easy way to do this is to write a simple batch file to delete these files.

The batch file would look something like this, assuming you wanted to clean up Drive H:

@ECHO OFF
:: DotClean version 0.1
:: 9/20/2009
:: breednet.net – any rights reserved, but free to use and enjoy
::
:: Deleting DS_Store and dot underscores from removable drives H: and I:

ECHO Cleaning up Mac DS_Store files on Drive H: …
del /q /s “H:\*.DS_Store”

ECHO Cleaning up Mac “dot underscore” files on Drive H: …
del /q /s “H:\._*”

You can also run a VBScript on your Windows server to detect and delete the file creation in real-time. There is a great article here that covers this, as well as the source code for DotUnderscore.vbs.