ADModify.NET is here!
A quick intro to ADModify: ADModify is a tool that was (and is still) developed and maintaned out of our Support Services (aka PSS) team, and was created to make it easier to modify / import / export objects in Active Directory in bulk. The tool has been available on the FTP site for download for a while, but with recent release of new version (ADModify.NET or v2.0) - we have decided to create a gotdotnet workspace for it too to make it easier for you to give us feedback on it :) So - recently, Marc and I have released ADModify.NET. ADModify.NET (v2.0) was written from the ground up using Visual C# .NET 2003. When benchmarked against its predecessor, it made the same modifications in less than half the time. Its new feature set allows administrators to bulk modify any AD attribute from any AD partition with almost limitless flexibility. Administrators will also find that they are no longer restricted by the attributes hard coded into the tool, as ADModify now contains the ability to modify any attribute just simply given its name and value. ADModify is also no longer restricted to literal values; it is now possible to dynamically build values based off of current AD attributes. Logging and Error handling has also improved dramatically. All logging is now done using XML, making it much easier for administrators to manipulate and store the data and even take advantage of features such as Undo. Keeping with the Windows 2003 initiative that everything that can be done in the GUI should be available via command line, a command line version of the tool that contains all of the same features is included as well. It is worth noting that ADModify.NET requires the .NET Framework. It also is worth noting that it will not run across a network drive. Here is the download point: http://www.codeplex.com/admodify The rest of this blog covers the major new features that are available in ADModify.NET over the old version ADModify 1.6. Terminal Server Attributes It is now possible to modify Terminal Server attributes using ADModify.NET. All TS attributes that are available in the Windows 2003 Active Directory Users and Computers users property page are available. ADModify utilizes the TSUserExLib Library, so Windows 2003 or later is required to make Terminal Server setting modifications. You do not have to be running a Windows 2003 domain; you will just simply need to run the program from a Windows 2003 Server for this specific functionality. Mailbox Rights Mailbox Rights are also now available for bulk modification. There are 4 options when dealing with mailbox rights: - Dump Mailbox Rights - Import Mailbox Rights - Bulk Add a User to Mailbox Rights - Bulk Remove a User From Mailbox Rights Since CDOEXM is utilized, Exchange 2000 or later ESM must be installed on the machine that ADModify.NET is run on to be supported. Dump Mailbox Rights This option will export all of the ACE's in a users mailbox rights to an XML file, separated by inherited and non-inherited rights. This file can be used as a way for administrators to track mailbox rights and can also be used to import. Undo is not supported when using this option, as it is a read only operation. Import Mailbox Rights As long as a valid export of mailbox rights has been completed, the Import Mailbox Rights option can be used to import them. All that is required is a valid mbxrights.xml file. Undo is also not supported here. Bulk Add a User to Mailbox Rights With this option it is possible to add a user with specific rights to multiple mailboxes at the same time. For example, you could grant the user DOM\user1 Full Mailbox Access to a specific subset of users with relative ease. Undo for this operation is supported. Bulk Remove a User From Mailbox Rights Same as the Bulk Add option except this option will remove the specified user from mailbox rights. Undo for this operation is supported. Name that attribute! Possibly the most robust new feature of ADModify is the flexibility to simply name the attribute you wish to modify. Any attribute that contains a string, Boolean (true/false), or integer value can be modified in this fashion (attributes that contain data types such as SIDs and Long Integer are not supported). In here, simply fill in the attribute name and value. For multivalued operations, be sure to choose append or remove. The reason is simply this: if you modify a multivalued attribute and do not choose the multivalued option, the attribute will be overwritten with the new value, not appended. Using Variables Administrators are no longer restricted to using literal values when bulk modifying users. ADModify now supports the use of variables. What are variables? They simply allow you build a value for an attribute based off of one or more current attributes. The syntax is simple. Simply enclose the value in single ticks (') to treat it as a variable. If you wish to build an attribute using both variables and literal values, just remember that variables need to be separated from literal values using the percent sign (%). You can also take the first x number of characters from an attribute and use that as well. Example: Syntax for using the description attribute as your value: 'description' Syntax for using two attributes, givenName and sn (separated by a space): %'givenName'% %'sn'% Syntax for using multiple attributes and literal values: h:\homefolders\%'sAMAccountName'%\%'givenName'%\ Syntax for taking the first character of an attribute: %1'givenName'%.%'sn'%@microsoft.com If the need should arise to actually use the % or ' characters in an attribute value, simply use a preceding forward slash as an escape character. You can mix variables with literal values, even the % and ' characters as long as the correct syntax is used. Example: To assign the value "This is a percent sign: %", use this: This is a percent sign: /% To assign the value "My username is 'username' " (where username is the sAMAccountName), use this: My username is /'%'sAMAccountName'%/' Undo Feature Administrators need no longer fear making massive bulk updates to AD Users. With the exception of the "Remove Exchange Attributes" and "Import Mailbox Rights" options, every modification is undo-able. All modifications are written to a log file named after the current date and time, in MMDDYYYYHHMMSS.xml format. All modifications will not only log the new value, but the user’s previous value. As long as the log file is in tact, ADModify.NET can parse it and undo the changes that were previously done. In addition to the changes that were made being logged to the XML file, there is also an undo.log file. This file contains all users processed by undo and logs skipped users, the reason for the user being skipped, and a summary of changes. Command Line syntax: admodcmd -undo filename.xml admodcmd - ADModify.NET in Command Line admodcmd.exe is a fully functional command line version of ADModify.NET. Syntax can be obtained using admodcmd -?. However, below you will find some examples for common administrative tasks. 1. Adding a secondary SMTP address of firstinitial.lastname@company.com admodcmd -dn OU= MyOU , DC =domain,DC=com -addsmtp %1'givenName'%.%'sn'%@company.com 2. Name the attribute you wish to modify Modify the description field to contain the value "My legacyExchangeDN is (legacyExchangeDN)", where (legacyExchangeDN) is the users legacyExchangeDN: admodcmd -dn OU= MyOU , DC =domain,DC=com -custom description "My legacyExchangeDN is %'legacyExchangeDN'%" 3. Modify the display name to read last name, first name admodcmd -dn OU= MyOU , DC =domain,DC=com -custom displayName "%'sn'%, %'givenName'%" 4. Modify the users Relative Distinguished Name (CN) from firstname lastname to lastname, firstname admodcmd -dn OU= MyOU , DC =domain,DC=com -modrdn "%'sn'%, %'givenName'%" These are just a few of the examples. For more sample usage on admodcmd, consult the ADModify.NET help. - Dan WinterHow to Detect Files of the Same Size on your Computer via PowerShell
Learn how to use PowerShell to detect files of the same size on your computer quickly and easily. This article provides a script to automate the process and save storage space. Follow the step-by-step instructions and improve your file management skills with PowerShell automation.Fun with the Offline Address Book (OAB)
As companies adopt Outlook 2003 cached mode for their users, the Offline Address Book ( OAB ) becomes increasingly important. When Outlook 2003 users open the GAL or use name resolution, the OAB is used instead of making requests to a Global Catalog server. The OAB itself consists of a set of .OAB files which are attached to a message object and stored in a special public folder (commonly called a system folder). The size of these files will vary depending on how many mail-enabled users you have in the Active Directory and how many attributes are present on each object. In my travels, I find that a good back-of-the-envelope guide is 1MB per 1000 users. The OAB is typically generated once a day. OABGen, which is part of the Exchange System Attendant process (Management and Administration Daemon or MAD) runs on one nominated Exchange server. First of all it looks at the previous day's OAB, and creates a new message object with an attached changes.oab file. This includes all the changes that were made in the past 24 hours, and is the mechanism that Outlook uses to download incremental updates. Next, OABGen will refresh the main .OAB files which is a complete copy of the offline address book. The OAB system folder (called OAB Version 3a in Exchange 2003) has a default aging limit of 30 days. This means that the Exchange server retains 30 days worth of changed objects until it starts automatically removing old generations. This means that Outlook users can download incremental OAB updates at up to 30 day intervals. If you download the OAB today, then wait 35 days and attempt to download an incremental update, you won't be able to; and Outlook will automatically download the full OAB again. If you want to look at the size of your OAB files, you can use a little-known trick in ESM from Exchange 2003. Drill down to the Public Folders node, then right-click, and choose View System Folders. Once here, you can find the OAB Version 3a folder, and in the tabs on the right-hand side, choose Content. You should be able to see the last 30 days worth of changes.oab and one larger object containing the complete set of OAB files. The "inline OWA" within ESM will also tell you the file sizes of each attachment. Finally, a word of warning. There are some instances where Outlook will need to download the complete OAB, even though you expect only the changes to be downloaded. The first scenario is where more than 1/8th of the GAL has been modified in the past 24 hours. The second scenario is when you've added a new Administrative Group to your topology. The latter can be an unexpected 'gotcha' if you don't know about it. Paul Bowden
