Simplify IT Management with AD Scripting Chalermrath K. (MCSE: Security) Jirat B. (MCSE, RHCE) Technology Specialists Microsoft Thailand
Agenda Why Scripting? Scripting Basics Windows Script Host Scripting Tools Testing with Scripts Scripting Security Automate AD Tasks
Why Scripting
Scenario 1 - Migration 360,000 Objects 2,500 Clients Servers 2,000 Active Users Only a weekend to down servers (You will be in trouble if CEO can’t login on Monday) What will you do?
Scenario 2 - Merging Your company just acquire Contoso 20,000 new users need to be added 5,000 users need to be disabled All passwords need to be random What will you do?
Scenario 3 – New to the Job You just join a big firm as System Admin Former admin quit without documents AD is damn slow with no reason You need to draw present infrastructure diagram You need to solve AD performance problem What will you do?
Scripting Basics
Windows Script Host WScriptGUI-basedDefault%systemroot%\system32\wscript.exeCScriptText-based%systemroot%\system32\cscript.exe Setting CScript //H:CScript
WSF File Format Header <package>…</package>
WSF File Format Job …</job>
WSF File Format Code <![CDATA[…]]>
WSF File Format Block Comment <comment>…</comment> Line Comment ‘ ………………..
VBScript Concepts Class Data Member Member Function Object Class Instance Many Instantiated Objects for One Class
VBScript Concepts Doing a task Instantiate relevant object Set data member Call function member
VBScript Concepts Sample (create a text file) <![CDATA[ Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.CreateTextFile("C:\FSO\ScriptLog.txt") ]]>
Scripting Tools Scriptomatic 2.0 Tool for generating VBScript, Jscript, Python, Perl, and XML ADSI Scriptomatic Generate ADSI script for managing complicate AD infrastructure Portable Script Center Helpful CHM file for scripting
Use Scripts for Testing Simulate Production Environment Uses Virtual PC or Virtual Server Applies Configuration Scripts Performs Test (Configuration) Prepare Testing & Rollback Scripts, then Test The Rollback Real Deployment Schedules Down-time Applies Configuration Scripts Runs Test Scripts & Verifies The Results If Unfavorable, Invokes Rollback Scripts
Securing Your Scripts Utilize PKI Signing Scripts with Digital Certificate Relevant Registry Keys (Older Windows) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\UseWINSAFER HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\SilentTerminate HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy
Automate AD Tasks
Computer Accounts Join a Computer to a Domain Join a Computer to a Domain List FSMO Role Holders List FSMO Role Holders Verify a Global Catalog Server Verify a Global Catalog Server
User Accounts List All Disabled/Enabled Accounts List All Disabled/Enabled Accounts Disable/Enable User Accounts Disable/Enable User Accounts Move a User to New Domain Move a User to New Domain
Sites & Subnets List All AD Sites List All AD Sites List All Domain Controllers List All Domain Controllers List Subnets in All Sites List Subnets in All Sites
Monitoring Monitor AD Replication Monitor AD Replication Monitor AD Database Performance Monitor AD Database Performance Monitor DC Performance Monitor DC Performance Monitor NTDS Performance Monitor NTDS Performance
Scripts Summary Assure quality of services Iterate testing process Reduce servicing down-time Reduce human errors Reduce cost
References Windows Administrator’s Automation Toolkit, Microsoft Press, 2005, USA Microsoft’s Scripting Web: us/dnanchor/html/scriptinga.asp us/dnanchor/html/scriptinga.asp us/dnanchor/html/scriptinga.asp Microsoft’s AD Sample Scripts: VBScript Fundamental: us/script56/html/vtorivbscriptfundamentals.asp us/script56/html/vtorivbscriptfundamentals.asp us/script56/html/vtorivbscriptfundamentals.asp
© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.