Monday, February 22, 2010

Find Empty Active Directory Groups

Following one-liners will find Active Directory Groups that have no users.

** To find empty Global Security groups:
Click Start -> Run -> Cmd.exe -> OK -> Copy and Paste following statement

DSQuery * -Filter "(&(sAMAccountType=268435456)(!member=*))" -Limit 0

** You can save the output to a text file by using Dos redirection operator > with file name.

DSQuery * -Filter "(&(sAMAccountType=268435456)(!member=*))" -Limit 0 >C:\EmptyGroups.txt

Above statement will create EmptyGroups.txt file on C: drive root listing all empty security groups.

** To find empty Local Security groups:

DSQuery * -Filter "(&(sAMAccountType=536870912)(!member=*))" -Limit 0

** To find empty Distribution groups:

DSQuery * -Filter "(&(sAMAccountType=268435457)(!member=*))" -Limit 0

 ** To find ALL empty groups (either local, global Security or Distribution groups):

DSQuery * -Filter "(&(objectClass=group)(!member=*))" -Limit 0

Monday, February 15, 2010

Windows 2003 Domain Rename Guide

Domain rename operations are a serious business and involve extensive planning and lab work before implementing this process in production.

Following items must be considered before applying the procedure in production environment:
  • It is extremely important and highly recommended that you test the domain rename procedure 2 to 3 times prior to performing it in a production environment. First, perform the domain rename procedure described in this document in a test environment that has a minimum of two domains and few client machines.
  • You must ensure that you have a functioning and current backup of your Active Directory infrastructure and you have tested the recovery plan in mind if domain domain rename fail.
  • Microsoft cannot guarantee that any third-party software that is installed will function after changing the domain name. You should test and work with third-party application to ensure you understand how product will react to domain name change.
  • A domain rename will work just fine IF you know what you are doing. We have renamed test domain (2 DC's, Trust, child domain and 2 member servers). Please note this is a group project that may require a month with testing, testing and testing.
Downloads:
      1)    Farhan's Guide for Domain Rename
      2)    Step-by-Step Guide to Implementing Domain Rename
      3)    Implementing an Active Directory Domain Rename Operation

Note: If you encounter any problem in downloading the attachments kindly leave comment.

Hope this helps!

Wednesday, February 10, 2010

Servers Shared Folders Auto Backup Batch

Following batch script will make incremental backup of network share folders from different servers to one particular server. The only thing that you need is to list all shares from different servers into a text file (Shares.txt). Script will copy all data with structure to a target server share that you will provide inside the script (TargetPath variable).

Sample shares.txt file:
   \\SRV001\Finance
   \\SRV003\Users\FKazi
   \\MAILSRV001\NSF
   \\LIBSRV\eBooks\

 :: SCRIPT START ::
@ECHO OFF
SETLOCAL EnableDelayedExpansion
TITLE :: Auto Backup Batch ::

SET MM=%DATE:~4,2%
SET DD=%DATE:~7,2%
SET YYYY=%DATE:~10,4%
SET vDate=%DD%_%MM%_%YYYY%.txt

::User Editable Variables - START
SET SLFile=Shares.txt
SET TargetPath=\\DATASRV\DATA_SYNC
:: User Editable Variables - END

IF NOT EXIST "%SLFile%" ECHO ERROR: '"%SLFile%"' file not found. &PAUSE &GOTO DisconnectDrives
IF NOT EXIST "%TargetPath%" ECHO ERROR: '"%TargetPath%"' location does not exist. &PAUSE &GOTO DisconnectDrives
IF NOT EXIST "ExcludeList.txt" ECHO \NONE\>"ExcludeList.txt"

FOR /F "delims=" %%A IN ('TYPE Shares.txt') DO (
    SET LogFile=%%A
    SET LogFile=!LogFile:\\=!
    SET LogFile=!LogFile:\=_!_!vDate!.txt
   
    FOR %%I IN ("%%A") DO ECHO. &ECHO ======== EXECUTING BACKUP JOB FOR %%~nI ======== &ECHO.
    :: Source drive mapping
    CALL :GetFreeDrive
    IF /I !FreeDrv!==FALSE (
        ECHO ERROR: No free drive letter available.
        GOTO :ExitScript
    ) ELSE (SET SDrive=!FreeDrv!)
   
    ECHO Mapping source %%A with drive letter ^(!SDrive!^)
    IF NOT EXIST "%%A" ECHO ERROR: Invalid source ^(%%A^) path. &PAUSE &GOTO DisconnectDrives
    NET USE !SDrive! "%%A" /PERSISTENT:NO
   
    :: Target drive mapping
    CALL :GetFreeDrive
    IF /I !FreeDrv!==FALSE (
        ECHO ERROR: No free drive letter available.
        GOTO :ExitScript
    ) ELSE     (SET TDrive=!FreeDrv!)
   
    ECHO Mapping target !TargetPath! with drive letter ^(!TDrive!^)
    IF NOT EXIST "!TargetPath!\%%~nA" MD "!TargetPath!\%%~nA"
    NET USE !TDrive! "!TargetPath!\%%~nA" /PERSISTENT:NO
           
    :: Copying files
    ECHO Copying files from drive !SDrive! to !TDrive!, please wait...
    XCOPY !SDrive! !TDrive! /D /E /C /S /H /R /Y /EXCLUDE:ExcludeList.txt
   
    ECHO. &ECHO File Copying Finish.
    ECHO Closing Network Connection... &ECHO.
    PING -n 20 -l 5 127.0.0.1 >NUL
    IF EXIST "!LogFile!" (
        FOR %%R IN ("!LogFile!") DO IF %%~zR EQU 0 DEL /F /Q "!LogFile!")
    CALL :DisconnectDrives)
GOTO :ExitScript

:GetFreeDrive
SET FreeDrv=
SET FreeDrv=TRUE
SET DriveLtrs=C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z

FOR %%a IN (!DriveLtrs!) DO (
    SET FreeDrv=TRUE
    FOR /F "delims=:" %%b IN ('WMIC LOGICALDISK GET Name ^|FIND ":"') DO IF /I "%%a"=="%%b" SET FreeDrv=FALSE
    IF /I "!FreeDrv!"=="TRUE" (
        SET FreeDrv=%%a:
        EXIT /B 0))
   
:DisconnectDrives
IF EXIST !SDrive! ECHO Disconnecting Mapped Drive (!SDrive!) &NET USE !SDrive! /DELETE /Y
IF EXIST !TDrive! ECHO Disconnecting Mapped Drive (!TDrive!) &NET USE !TDrive! /DELETE /Y
EXIT /B 0

:ExitScript
EXIT /B 0
:: SCRIPT END ::