Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

W O R K S H O P

AD School of Hard Knocks

September 4, 2003
By Dan Wohlbruck

>> continued from previous page

Customizing Your Script

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	Customizing Your Script
	The ABCs of AD

You'll need to customize some elements of the script to match your installation. Specifically, where the script shows tech.gulfcoast.edu, put the name of your domain. The script has all passwords set to "gccc," so have the user create the initial password and regularly change it.

We tested this script by building two domain controllers and a single user in a separate network that wasn't attached to the production environment. We recommend lifting the script as shown, building input for a single user and creating a test user account. That way, you'll know that all the parts--AD, the scripting engines and interfaces, and the script itself--work. You can then delete the test user and make your changes.

If your installation uses AD groups, they must be built before you add users. Code Box 2 shows how to create AD groups.

Code Box 2

click to enlarge

Once we had created and tested the entire script, it was time to make the input file. We wanted to develop a process that could be duplicated and run at a scheduled frequency. We first deployed the export function in the AD MMC (Microsoft Management Console) snap-in. Although we created several different files, none provided the range of data we needed, such as a list of all the workstations for a specific user. So we turned to the two command-line utilities in Windows 2000 server--LDIFDE (LDAP Data Interchange Format Data Exchange) and CSVDE (CSV Data Exchange).

LDIFDE is a utility program that can be used to import and export AD objects using LDIF-formatted files. It includes several command-line switches that direct the import or export operation. Although LDIFDE is intended to assist in the migration of data, with the right combination of switches we were able to use it as our backup facility (see "The Command-Line Syntax").

By using filters to choose Users or Groups and selecting or omitting attributes as needed, you can create a nearly complete backup file. In our case, the file we created using LDFIDE still requires regular review and minor changes to support the script (see Code Box 3).

Code Box 3

click to enlarge

The CSVDE utility, meanwhile, imports and exports data from AD using files that store data in the CSV format. This utility operates identically to LDIFDE. Applications such as Microsoft Excel can read and save data in the CSV format, which consists of one or more lines of data with each value separated by a comma. Only the first line contains the names of each attribute in the same order as the data in any line following it. We preferred the LDIFDE format where every field is identified.

Chances Are ...

If you think instituting an AD backup plan with separate backup and recovery for users and groups requires extra effort, you're right on. Creating input files for the two scripts we developed lets the installation recover them in the event of a catastrophic failure, such as the one we experienced. Since there's no way to know for sure the chances of a major loss in your directory implementation, try measuring the risk against the cost of rebuilding your AD from scratch. Then you can decide whether opting for the backup and recovery setup is worthwhile.

Dan Wohlbruck is assistant systems administrator and an adjunct instructor at Gulf Coast Community College in Panama City, Fla. Write to him at dwohlbruck@aol.com.

Post a comment or question on this story.