Solved

Free Active directory tools or scripts?

Posted on 2009-05-16
8
579 Views
Last Modified: 2012-05-07
Does anyone know if there are any good/free Active directory tools/scripts that can be shared or downloaded?

Specifically, I am most interested in reporting and creating users from templates.

One report in particular that I am very interested in:
I would like a report that tells me all the users, all the groups those users belong to, and all the shares those groups belong to.
Not asking for much huh?  :-)
0
Comment
Question by:Miahmichno
8 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24404753
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24405193
Yeah so I'm also a huge joeware find, one of his tools is adfind
So for a user dump use
adfind -default -f  "&(objectcategory=person)(objectclass=user)" samaccountname, givenname sn memberof -csv -nodn > c:\users.csv
That will create the csv on your C drive
You can also use powershell for things like that (Quest AD cmdlets come in handy)
As for shares you will have to scan them and look at the ACLs some free tools for that are ShareEnum from Microsoft
http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx
dumpsec from somarsoft
http://www.somarsoft.com/
Thanks
Mike
 
0
 
LVL 5

Expert Comment

by:qf3l3k
ID: 24406647
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 7

Expert Comment

by:crokeefe28
ID: 24416094
try this for the reporting....another script to follow for perms
Option Explicit 
 
Dim objConnection, objCommand, objRootDSE, strDNSDomain, strQuery 
Dim objRecordSet, strDN, objGroup 
Dim FileSystem, oFile 
' Open Text File for Output 
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject") 
Set oFile = FileSystem.CreateTextFile("GroupMemebrshipNew.html", True) 
 
oFile.writeLine "<HTML><HEAD><TITLE>Group Membership for MyDomain.com</TITLE><HEAD><BODY>" 
oFile.writeLine "<h4><TABLE width=100% border=0 padding=0 cellspacing=0 valign=top>" 
 
 
' Use ADO to search Active Directory. 
Set objConnection = CreateObject("ADODB.Connection") 
Set objCommand = CreateObject("ADODB.Command") 
objConnection.Provider = "ADsDSOObject" 
objConnection.Open "Active Directory Provider" 
Set objCommand.ActiveConnection = objConnection 
 
' Determine the DNS domain from the RootDSE object. 
Set objRootDSE = GetObject("LDAP://RootDSE") 
strDNSDomain = objRootDSE.Get("defaultNamingContext") 
 
' Search for all groups, return the Distinguished Name of each. 
strQuery = "<LDAP://" & strDNSDomain _ 
& ">;(objectClass=group);distinguishedName;subtree" 
objCommand.CommandText = strQuery 
objCommand.Properties("Page Size") = 100 
objCommand.Properties("Timeout") = 30 
objCommand.Properties("Cache Results") = False 
 
Set objRecordSet = objCommand.Execute 
If objRecordSet.EOF Then 
Wscript.Echo "No groups found" 
objConnection.Close 
Set objRootDSE = Nothing 
Set objConnection = Nothing 
Set objCommand = Nothing 
Set objRecordSet = Nothing 
Wscript.Quit 
End If 
 
' Enumerate all groups, bind to each, and document group members. 
Do Until objRecordSet.EOF 
strDN = objRecordSet.Fields("distinguishedName") 
Set objGroup = GetObject("LDAP://" & strDN) 
 
' OUTPUT 
oFile.writeLine "<TR>" 
oFile.writeLine "<TD width=20% valign=top bgcolor=black><font color=white><strong><u>" & "Group Name:" &_ 
"</u></strong></font></TD><TD width=80% valign=top><strong>" &_ 
objGroup.SAMaccountName & "</strong></TD>" 
oFile.writeLine "</TR><TR>" 
oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Distinguished Name:" &_ 
"</u></strong></font></TD><TD valign=top><strong>" &_ 
objGroup.distinguishedName & "</strong></TD>" 
oFile.writeLine "</TR><TR>" 
oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Description:" &_ 
"</u></strong></font></TD><TD valign=top><strong>" &_ 
objGroup.description & "</strong></TD>" 
oFile.writeLine "</TR><TR>" 
oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Type:" & "</u></strong></font></TD><TD valign=top><strong>" & GetType(objGroup.groupType) & "</strong></TD>" 
oFile.writeLine "</TR>" 
 
oFile.writeLine "<TR><TD valign=top bgcolor=black><font color=white><strong><u>Members:</font></TD><TD align=left valign=top>" 
oFile.writeLine "<TABLE width=70% border=0 cellspacing=0 cellpadding=0>" 
oFile.writeLine "<Tr>" 
oFile.writeLine " <TD valign=top><strong><u> Name </u></strong></TD>" 
oFile.writeLine " <TD valign=top><strong><u> Account </u></strong></TD>" 
oFile.writeLine " <TD valign=top><strong><u> Type </u></strong></TD>" 
oFile.writeLine "</Tr>" 
Call GetMembers(objGroup) 
oFile.writeLine "</TABLE>" 
 
oFile.writeLine "</TD></TR>" 
 
oFile.writeLine "<TR><TD COLSPAN=2><hr width=90%></TD></TR>" 
 
 
objRecordSet.MoveNext 
 
Loop 
oFile.writeLine "</TABLE></BODY></HTML>" 
 
msgBox "Done !!!" 
 
' Clean up. 
objConnection.Close 
Set objRootDSE = Nothing 
Set objGroup = Nothing 
Set objConnection = Nothing 
Set objCommand = Nothing 
Set objRecordSet = Nothing 
 
Function GetType(intType) 
' Function to determine group type from the GroupType attribute. 
If (intType And &h01) <> 0 Then 
GetType = "Built-in" 
ElseIf (intType And &h02) <> 0 Then 
GetType = "Global" 
ElseIf (intType And &h04) <> 0 Then 
GetType = "Local" 
ElseIf (intType And &h08) <> 0 Then 
GetType = "Universal" 
End If 
If (intType And &h80000000) <> 0 Then 
GetType = GetType & "/Security" 
Else 
GetType = GetType & "/Distribution" 
End If 
End Function 
 
Sub GetMembers(objADObject) 
' Subroutine to document group membership. 
' Members can be users or groups. 
Dim objMember, strType 
For Each objMember In objADObject.Members 
If UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP" Then 
strType = "Group" 
Else 
strType = "User" 
End If 
 
' OUTPUT 
 
oFile.writeLine "<TR>" 
oFile.writeLine "<TD valign=top>" & objMember.displayName & _ 
"</TD><TD valign=top>" & objMember.SAMaccountName & _ 
"</TD><TD valign=top>" & strType & "</TD>" 
oFile.writeLine "</TR>" 
' Wscript.Echo " Member: " & objMember.sAMAccountName & " (" & strType & ")" 
Next 
Set objMember = Nothing 
End Sub

Open in new window

0
 
LVL 7

Accepted Solution

by:
crokeefe28 earned 50 total points
ID: 24416183
The dsrevoke syntax is as follows

Using Dsrevoke
Dsrevoke.exe has the following syntax:

dsrevoke/report|/remove[/domain:domainname] [/username:username]

[/password:password|*] [/root:domain/OU] securityprincipal

Descriptions for each option are as follows:

/report: Reports the explicit ACEs that are currently set for the specified security principal on OU objects in the specified domain or an OU subtree. By default, the command dsrevoke /report starts at the domain root and searches every OU below that root for explicit ACEs that are granted to the specified security principal. If you are sure that the permissions for a security group are set only on or below a specific OU, you can specify the scope of the search by using the /OU switch to make the search more efficient.

/remove: Reports all explicit ACEs and then, after prompting for confirmation, removes the ACEs that are currently set for the security principal, including all inherited ACEs.

/domain: The DNS or NetBIOS name of the domain in which the permissions are to be removed. This value must be specified only when the ACEs that you want to remove are set on OUs in a domain other than the domain of the logged-on user.

/username: The user name of the user who is using the tool. This value is required when:

The user is not logged on as an administrator.

ACEs are being removed in a domain other than the domain of the logged-on user.

/password: The password of the tool user. If the command is entered with an asterisk (*) in place of a password, the tool prompts the user for a password.

/root: The OU or domain root at which to start the search for ACEs. If no value is specified, the search begins at the root of the specified domain. If no domain is specified, the search begins at the root of the domain of the logged-on user. When specifying a root domain or OU, you must use the distinguished name (for example, /root:OU=BusUnits=DC=DomainA,DC=com). If spaces occur in any part of the distinguished name, enclose the entire option in quotation marks (for example, /root:OU=Product Development,OU=Delegation,OU=Business Units,DC=DomainA,DC=com).

/securityprincipal: The identity of the user or group in the form DomainName\UserName or DomainName\GroupName. Use the DNS name or NetBIOS name of the domain

0
 

Expert Comment

by:Hellbentmaster
ID: 26379321
As for good Active Directory tools, try Adaxes from Softerra (<a href="http://adaxes.com>www.adaxes.com</a>). But it is free for 30 days only.
0
 

Expert Comment

by:Hellbentmaster
ID: 26397523
As for good Active Directory tools, try Adaxes from Softerra http://adaxes.com. But it is free for 30 days only.
0
 

Expert Comment

by:somi5
ID: 32817852
thats really fantasic, it works with me
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question