Solved

Free Active directory tools or scripts?

Posted on 2009-05-16
8
573 Views
Last Modified: 2012-05-07
Does anyone know if there are any good/free Active directory tools/scripts that can be shared or downloaded?

Specifically, I am most interested in reporting and creating users from templates.

One report in particular that I am very interested in:
I would like a report that tells me all the users, all the groups those users belong to, and all the shares those groups belong to.
Not asking for much huh?  :-)
0
Comment
Question by:Miahmichno
8 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24404753
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24405193
Yeah so I'm also a huge joeware find, one of his tools is adfind
So for a user dump use
adfind -default -f  "&(objectcategory=person)(objectclass=user)" samaccountname, givenname sn memberof -csv -nodn > c:\users.csv
That will create the csv on your C drive
You can also use powershell for things like that (Quest AD cmdlets come in handy)
As for shares you will have to scan them and look at the ACLs some free tools for that are ShareEnum from Microsoft
http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx
dumpsec from somarsoft
http://www.somarsoft.com/
Thanks
Mike
 
0
 
LVL 5

Expert Comment

by:qf3l3k
ID: 24406647
0
 
LVL 7

Expert Comment

by:crokeefe28
ID: 24416094
try this for the reporting....another script to follow for perms
Option Explicit 
 

Dim objConnection, objCommand, objRootDSE, strDNSDomain, strQuery 

Dim objRecordSet, strDN, objGroup 

Dim FileSystem, oFile 

' Open Text File for Output 

Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject") 

Set oFile = FileSystem.CreateTextFile("GroupMemebrshipNew.html", True) 
 

oFile.writeLine "<HTML><HEAD><TITLE>Group Membership for MyDomain.com</TITLE><HEAD><BODY>" 

oFile.writeLine "<h4><TABLE width=100% border=0 padding=0 cellspacing=0 valign=top>" 
 
 

' Use ADO to search Active Directory. 

Set objConnection = CreateObject("ADODB.Connection") 

Set objCommand = CreateObject("ADODB.Command") 

objConnection.Provider = "ADsDSOObject" 

objConnection.Open "Active Directory Provider" 

Set objCommand.ActiveConnection = objConnection 
 

' Determine the DNS domain from the RootDSE object. 

Set objRootDSE = GetObject("LDAP://RootDSE") 

strDNSDomain = objRootDSE.Get("defaultNamingContext") 
 

' Search for all groups, return the Distinguished Name of each. 

strQuery = "<LDAP://" & strDNSDomain _ 

& ">;(objectClass=group);distinguishedName;subtree" 

objCommand.CommandText = strQuery 

objCommand.Properties("Page Size") = 100 

objCommand.Properties("Timeout") = 30 

objCommand.Properties("Cache Results") = False 
 

Set objRecordSet = objCommand.Execute 

If objRecordSet.EOF Then 

Wscript.Echo "No groups found" 

objConnection.Close 

Set objRootDSE = Nothing 

Set objConnection = Nothing 

Set objCommand = Nothing 

Set objRecordSet = Nothing 

Wscript.Quit 

End If 
 

' Enumerate all groups, bind to each, and document group members. 

Do Until objRecordSet.EOF 

strDN = objRecordSet.Fields("distinguishedName") 

Set objGroup = GetObject("LDAP://" & strDN) 
 

' OUTPUT 

oFile.writeLine "<TR>" 

oFile.writeLine "<TD width=20% valign=top bgcolor=black><font color=white><strong><u>" & "Group Name:" &_ 

"</u></strong></font></TD><TD width=80% valign=top><strong>" &_ 

objGroup.SAMaccountName & "</strong></TD>" 

oFile.writeLine "</TR><TR>" 

oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Distinguished Name:" &_ 

"</u></strong></font></TD><TD valign=top><strong>" &_ 

objGroup.distinguishedName & "</strong></TD>" 

oFile.writeLine "</TR><TR>" 

oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Description:" &_ 

"</u></strong></font></TD><TD valign=top><strong>" &_ 

objGroup.description & "</strong></TD>" 

oFile.writeLine "</TR><TR>" 

oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Type:" & "</u></strong></font></TD><TD valign=top><strong>" & GetType(objGroup.groupType) & "</strong></TD>" 

oFile.writeLine "</TR>" 
 

oFile.writeLine "<TR><TD valign=top bgcolor=black><font color=white><strong><u>Members:</font></TD><TD align=left valign=top>" 

oFile.writeLine "<TABLE width=70% border=0 cellspacing=0 cellpadding=0>" 

oFile.writeLine "<Tr>" 

oFile.writeLine " <TD valign=top><strong><u> Name </u></strong></TD>" 

oFile.writeLine " <TD valign=top><strong><u> Account </u></strong></TD>" 

oFile.writeLine " <TD valign=top><strong><u> Type </u></strong></TD>" 

oFile.writeLine "</Tr>" 

Call GetMembers(objGroup) 

oFile.writeLine "</TABLE>" 
 

oFile.writeLine "</TD></TR>" 
 

oFile.writeLine "<TR><TD COLSPAN=2><hr width=90%></TD></TR>" 
 
 

objRecordSet.MoveNext 
 

Loop 

oFile.writeLine "</TABLE></BODY></HTML>" 
 

msgBox "Done !!!" 
 

' Clean up. 

objConnection.Close 

Set objRootDSE = Nothing 

Set objGroup = Nothing 

Set objConnection = Nothing 

Set objCommand = Nothing 

Set objRecordSet = Nothing 
 

Function GetType(intType) 

' Function to determine group type from the GroupType attribute. 

If (intType And &h01) <> 0 Then 

GetType = "Built-in" 

ElseIf (intType And &h02) <> 0 Then 

GetType = "Global" 

ElseIf (intType And &h04) <> 0 Then 

GetType = "Local" 

ElseIf (intType And &h08) <> 0 Then 

GetType = "Universal" 

End If 

If (intType And &h80000000) <> 0 Then 

GetType = GetType & "/Security" 

Else 

GetType = GetType & "/Distribution" 

End If 

End Function 
 

Sub GetMembers(objADObject) 

' Subroutine to document group membership. 

' Members can be users or groups. 

Dim objMember, strType 

For Each objMember In objADObject.Members 

If UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP" Then 

strType = "Group" 

Else 

strType = "User" 

End If 
 

' OUTPUT 
 

oFile.writeLine "<TR>" 

oFile.writeLine "<TD valign=top>" & objMember.displayName & _ 

"</TD><TD valign=top>" & objMember.SAMaccountName & _ 

"</TD><TD valign=top>" & strType & "</TD>" 

oFile.writeLine "</TR>" 

' Wscript.Echo " Member: " & objMember.sAMAccountName & " (" & strType & ")" 

Next 

Set objMember = Nothing 

End Sub

Open in new window

0
 
LVL 7

Accepted Solution

by:
crokeefe28 earned 50 total points
ID: 24416183
The dsrevoke syntax is as follows

Using Dsrevoke
Dsrevoke.exe has the following syntax:

dsrevoke/report|/remove[/domain:domainname] [/username:username]

[/password:password|*] [/root:domain/OU] securityprincipal

Descriptions for each option are as follows:

/report: Reports the explicit ACEs that are currently set for the specified security principal on OU objects in the specified domain or an OU subtree. By default, the command dsrevoke /report starts at the domain root and searches every OU below that root for explicit ACEs that are granted to the specified security principal. If you are sure that the permissions for a security group are set only on or below a specific OU, you can specify the scope of the search by using the /OU switch to make the search more efficient.

/remove: Reports all explicit ACEs and then, after prompting for confirmation, removes the ACEs that are currently set for the security principal, including all inherited ACEs.

/domain: The DNS or NetBIOS name of the domain in which the permissions are to be removed. This value must be specified only when the ACEs that you want to remove are set on OUs in a domain other than the domain of the logged-on user.

/username: The user name of the user who is using the tool. This value is required when:

The user is not logged on as an administrator.

ACEs are being removed in a domain other than the domain of the logged-on user.

/password: The password of the tool user. If the command is entered with an asterisk (*) in place of a password, the tool prompts the user for a password.

/root: The OU or domain root at which to start the search for ACEs. If no value is specified, the search begins at the root of the specified domain. If no domain is specified, the search begins at the root of the domain of the logged-on user. When specifying a root domain or OU, you must use the distinguished name (for example, /root:OU=BusUnits=DC=DomainA,DC=com). If spaces occur in any part of the distinguished name, enclose the entire option in quotation marks (for example, /root:OU=Product Development,OU=Delegation,OU=Business Units,DC=DomainA,DC=com).

/securityprincipal: The identity of the user or group in the form DomainName\UserName or DomainName\GroupName. Use the DNS name or NetBIOS name of the domain

0
 

Expert Comment

by:Hellbentmaster
ID: 26379321
As for good Active Directory tools, try Adaxes from Softerra (<a href="http://adaxes.com>www.adaxes.com</a>). But it is free for 30 days only.
0
 

Expert Comment

by:Hellbentmaster
ID: 26397523
As for good Active Directory tools, try Adaxes from Softerra http://adaxes.com. But it is free for 30 days only.
0
 

Expert Comment

by:somi5
ID: 32817852
thats really fantasic, it works with me
0

Join & Write a Comment

Suggested Solutions

If like me you are one who spends a lot of time working and scripting with cmd.exe, sometimes it is handy to be able to quickly view a calendar for a given month and year. This script will quickly do just that!  Save the code posted below to a .bat …
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now