Category: Active Directory



So yesterday my customer want to export user objects on their AD, but only on Deleted Objects container which can be seen from LDP or other tools.

So the simple answer is you can use ldifde

ldifde -f output.txt -s <dc name> -d "cn=deleted objects,dc=domain,dc=com" -r (objectclass=user) -p subtree -x -l DN, samaccountname

-l switch is for limiting amount of information, in this case I use DN and samaccountname. You can export it to txt or csv also. Smile

Btw, they still running Windows 2003 forest, so cannot use AD Recycle Bin, but can reanimate the deleted object.

Advertisements

Metadata Clean Up


I know all of you must have experiencing this situation, AD Server got crash and you cannot do a decommission so you have to do a metadata cleanup using ntdsutil. Now if your environment running Windows Server 2008 / 2012, you just can easily do it from GUI ADUC Smile.

Just right click the effected Domain Controller server, and choose delete, click Yes one more time and it will prompt this window like the following picture.

image

More information, came across here : http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx


Thanks God MS already create a built in AD Recycle Bin UI for Windows Server 2012, on Windows Server 2008 R2 it really pain in the arse using LDP.exe though there are plenty free third party UI for it Smile.

OK, lets move on, to make it happen your forest must be 2008 R2 mode, if you not in that mode you have to raise it, and remember raising forest/domain functional not reversible.

To check it just type Get-ADForest

image

After that you have to enable Recycle Bin feature

image

Create user and delete it from ADUC, now open Active Directory Administrative Center (ADAC) then go to Deleted Objects container, you will find deleted user which you delete it a moment ago.

image

Right click the object then you have a choice to Restore or Restore to

image

  • Restore: This option will restore the object directly to its original location.
  • Restore to: This option will ask for a location to restore the deleted object to.

I’ve already download Windows Server 8 Beta and installed it on top Hyper-V 3.0 and try to lab new features about it. First thing first is AD DS, I don’t hesitate it and execute classic command DCPROMO , and see what happen ? Sarcastic smile

image

Yep, DCPROMO deprecated! Open-mouthed smile

So I go to the following link given, and try to continue install AD DS from Server Manager

, from the Dashboard > Add roles and features.image

Click Next, if you want to read it first I don’t mind Smile

image

Then you choose Role-based, next

image

I select the current server from server pool.

image

Check Active Directory Domain Services, and you will prompt this wizard

image

Click Next

image

Click Next twice then choose Install

image

Click Close if the installation succeeded Smile

image

Then if you go to server manager there’s an exclamation mark, click it, and it will give you an option to promote the server as Domain Controller

image

Because this is my first AD, I’ll choose Add a new forest, Next

image

By default the forest and domain functional level are Windows Server 8, but I’ll change it to Win2k8R2, cause I want try to install Exchange 2010 Open-mouthed smile

image

Just ignore the error, and click Next

image

verify the NetBIOS name, Next

image

I leave the default setting for AD DS database.

image

You can view the script and try to install using Power Shell

image

When the prerequisites checks passed, Install! Open-mouthed smile

image

It will restart after you finish Smile

image

Login and you can see AD DS & DNS at the Dashboard Open-mouthed smile

image


Everyone must be forgetting about Active Directory Administrative Center (ADAC), including me Smile with tongue out , so yesterday I have need to move Computer object to specific OU but in condition only Windows client OS.

And everybody know that if we join domain it will by default located at Computers OU, then hey how on earth we create a query/filter to know what OS version of the computer ? It’s EASY, we will use ADAC Open-mouthed smile

Just open ADAC from Administrative Tools, choose your domain and you can Add criteria, then select Operating system and Operating system version. Add it Smile

image

After that you will see new column which identify your Computer OS version Smile

image


If you need a mimic of LDAP structure for your lab, you can export OU using tools LDIFDE, it’s a built-in tools if you already install Active Directory, here it goes:

Export:

Ldifde –f exportOU.ldf –s SERVERProd –d “DC=CONTOSO,DC=com” –p subtree –r “(objectCategory=organizationalUnit)” –l “cn,objectclass,ou”

the command export the result into *.LDF file that we will use it again for importing to Server Lab

Import:

ldifde -i -f exportOu.ldf -s SERVERLab

Finish..!! Nerd smile

Blog at WordPress.com.
[ Back to top ]