Active Directory Value Scripts

      Yorum yok Active Directory Value Scripts

Active Directory Value Scripts

Batch Dosya

C:\Batch>Create %1 kullanıcı sicili ve diğer değişkenler %2 , %3 %4 , %5 olarak girilir.

 Create User

dsadd user "cn=%2 %3,cn=users,dc=itmakale,dc=com,dc=tr" -samid %1 -upn %1@itmakale.com.tr -fn %2 -ln %3 -display "%2 %3" -pwd %1 -mustchpwd yes -email "%5@itmakale.com.tr"
dsadd user "cn=%2 %3,cn=users,dc=itmakale,dc=com,dc=tr" -samid %1 -upn %1@itmakale.com.tr -fn %2 -ln %3 -display "%2 %3" -profile "\\asyafs\profiles\%1" -pwd %1 -mustchpwd yes -email "%4@itmakale.com.tr"

Disable User

dsquery user -samid %1  DC=itmakale,DC=com,DC=tr | dsmod user -disabled yes
 dsquery user -samid %1 DC=itmakale,DC=com,DC=tr | dsmove -newparent "ou=Disable Users,DC=itmakale,DC=com,DC=tr"

Update User Field (Email)

dsquery user -samid user | dsmod user -email "user@itmakale.com.tr"

Update User Field (Multiple)

dsquery user -samid user1 |dsmod user -dept "Insan Kaynaklari" -desc "Personel" -title "Kurumsal Personel" -company "IT MAKALE" -mobile "0 5XX xx xx xx" -email "user1@itmakale.com.tr" -office "Bolge Mud."
netdom query fsmo

Open a PowerShell prompt (Run as administrator) on a Domain Controller. Then perform the following PowerShell commands

Logon Scripts (bat – cmd dosyası olarak kaydedilir)

IF %computername%==RDSTS1 ( 
    echo Logon;%username%;%computername%;%date%;%time% >> \\logserver.itmakale.com.tr\Logonlogs$\RDSTS1\RDSTS1.txt
    ) ELSE (
    echo Logon %username% %computername% %date% %time% >> \\logserver.itmakale.com.tr\Logonlogs$\%username%.txt    
    )

 

Logoff Scripts

IF %computername%==RDSTS1 ( 
    echo Logoff;%username%;%computername%;%date%;%time% >> \\logserver.itmakale.com.tr\Logonlogs$\RDSTS1\RDSTS1.txt
    ) ELSE (
    echo Logoff %username% %computername% %date% %time% >> \\logserver.itmakale.com.tr\Logonlogs$\%username%.txt    
    )

 

 

Import-Module ActiveDirectory
$users = Get-ADUser -ldapfilter “(objectclass=user)” -searchbase “ou=companyusers,dc=enterpriseit,dc=co”
ForEach($user in $users)
{
    # Binding the users to DS
    $ou = [ADSI](“LDAP://” + $user)
    $sec = $ou.psbase.objectSecurity
    if ($sec.get_AreAccessRulesProtected())
    {
        $isProtected = $false ## allows inheritance
$preserveInheritance = $true ## preserver inhreited rules
        $sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
        $ou.psbase.commitchanges()
        Write-Host “$user is now inherting permissions”;
    }
    else
    {
        Write-Host “$User Inheritable Permission already set”
    }
}

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir