AMS1780
asked on
Active Directory Script - Set Directory focus to a specific DC to make the changes on.
Hello - This is my first time on Experts Exchange.
I use the following script to disable and move my AD IIS accounts to a specific OU. I'd like to add a line in my script which sets my Directory focus to a specific DC to make the chages on. I've copied in the script for info.
@echo off
REM ### IIS Account Cleanup Batch File
REM ###
REM ### This script takes a computername as input and:
REM ### a) Disables the associated IWAM and IUSR accounts in the domain
REM ### b) Moves the associated IWAM and IUSR accounts to a separate OU.
REM ###
IF "%1" == "" GOTO ARGERROR
@Echo Disabling user IWAM_%1
dsquery user -samid IWAM_%1|dsmod user -disabled yes
@Echo Disabling user IUSR_%1
dsquery user -samid IUSR_%1|dsmod user -disabled yes
@Echo Moving user IWAM_%1
dsquery user -samid IWAM_%1|dsmove -newparent "OU=IIS Service Accounts,OU=Domain Management,DC=Child,DC=For
@Echo Moving User IUSR_%1
dsquery user -samid IUSR_%1|dsmove -newparent "OU=IIS Service Accounts,OU=Domain Management,DC=Child,DC=For
Goto :EOF
:ARGERROR
@Echo.
@Echo ERROR: This batch file must be passed the computername for which to disable the IIS accounts.
@Echo Correct Usage: LockIISUser [ComputerName]
@echo.
Goto :EOF
I use the following script to disable and move my AD IIS accounts to a specific OU. I'd like to add a line in my script which sets my Directory focus to a specific DC to make the chages on. I've copied in the script for info.
@echo off
REM ### IIS Account Cleanup Batch File
REM ###
REM ### This script takes a computername as input and:
REM ### a) Disables the associated IWAM and IUSR accounts in the domain
REM ### b) Moves the associated IWAM and IUSR accounts to a separate OU.
REM ###
IF "%1" == "" GOTO ARGERROR
@Echo Disabling user IWAM_%1
dsquery user -samid IWAM_%1|dsmod user -disabled yes
@Echo Disabling user IUSR_%1
dsquery user -samid IUSR_%1|dsmod user -disabled yes
@Echo Moving user IWAM_%1
dsquery user -samid IWAM_%1|dsmove -newparent "OU=IIS Service Accounts,OU=Domain Management,DC=Child,DC=For
@Echo Moving User IUSR_%1
dsquery user -samid IUSR_%1|dsmove -newparent "OU=IIS Service Accounts,OU=Domain Management,DC=Child,DC=For
Goto :EOF
:ARGERROR
@Echo.
@Echo ERROR: This batch file must be passed the computername for which to disable the IIS accounts.
@Echo Correct Usage: LockIISUser [ComputerName]
@echo.
Goto :EOF
WeHe
use "-s" parameter of dsquery
ASKER
Thanks WeHe,
I've tried running
dsquery server -s server1
Is this the correct syntax. All this does is list all the servers in my domain. Could you give any advice on what the syntax should be ?
Thanks in advance.
I've tried running
dsquery server -s server1
Is this the correct syntax. All this does is list all the servers in my domain. Could you give any advice on what the syntax should be ?
Thanks in advance.
syntax is right.
the result is ok too. "dsquery server" is supposed to list all servers in AD.
with the "-s server1" it queries this list from AD at server1.
the result is ok too. "dsquery server" is supposed to list all servers in AD.
with the "-s server1" it queries this list from AD at server1.
ASKER
Hmmm.
Thats not what I'm looking for. I'm trying to ge the script to hit a specific AD server so that I can make the changes. For example I'd like to hit the PDC emulator everytime I run the script. (regardless of which DC it's run from)
Thats not what I'm looking for. I'm trying to ge the script to hit a specific AD server so that I can make the changes. For example I'd like to hit the PDC emulator everytime I run the script. (regardless of which DC it's run from)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.