2. Simplify IT Management with AD Scripting Chalermrath K. (MCSE: Security) Jirat B. (MCSE, RHCE) Technology Specialists Microsoft Thailand

3. Agenda Why Scripting? Scripting Basics Windows Script Host Scripting Tools Testing with Scripts Scripting Security Automate AD Tasks

4. Why Scripting

5. Scenario 1 - Migration 360,000 Objects 2,500 Clients Servers 2,000 Active Users Only a weekend to down servers (You will be in trouble if CEO can’t login on Monday) What will you do?

6. Scenario 2 - Merging Your company just acquire Contoso 20,000 new users need to be added 5,000 users need to be disabled All passwords need to be random What will you do?

7. Scenario 3 – New to the Job You just join a big firm as System Admin Former admin quit without documents AD is damn slow with no reason You need to draw present infrastructure diagram You need to solve AD performance problem What will you do?

8. Scripting Basics

9. Windows Script Host WScriptGUI-basedDefault%systemroot%\system32\wscript.exeCScriptText-based%systemroot%\system32\cscript.exe Setting CScript //H:CScript

10. WSF File Format Header <package>…</package>

11. WSF File Format Job …</job>

12. WSF File Format Code <![CDATA[…]]>

13. WSF File Format Block Comment <comment>…</comment> Line Comment ‘ ………………..

14. VBScript Concepts Class Data Member Member Function Object Class Instance Many Instantiated Objects for One Class

15. VBScript Concepts Doing a task Instantiate relevant object Set data member Call function member

16. VBScript Concepts Sample (create a text file) <![CDATA[ Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.CreateTextFile("C:\FSO\ScriptLog.txt") ]]>

17. Scripting Tools Scriptomatic 2.0 Tool for generating VBScript, Jscript, Python, Perl, and XML ADSI Scriptomatic Generate ADSI script for managing complicate AD infrastructure Portable Script Center Helpful CHM file for scripting

18. Use Scripts for Testing Simulate Production Environment Uses Virtual PC or Virtual Server Applies Configuration Scripts Performs Test (Configuration) Prepare Testing & Rollback Scripts, then Test The Rollback Real Deployment Schedules Down-time Applies Configuration Scripts Runs Test Scripts & Verifies The Results If Unfavorable, Invokes Rollback Scripts

19. Securing Your Scripts Utilize PKI Signing Scripts with Digital Certificate Relevant Registry Keys (Older Windows) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\UseWINSAFER HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\SilentTerminate HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy

20. Automate AD Tasks

21. Computer Accounts Join a Computer to a Domain Join a Computer to a Domain List FSMO Role Holders List FSMO Role Holders Verify a Global Catalog Server Verify a Global Catalog Server

22. User Accounts List All Disabled/Enabled Accounts List All Disabled/Enabled Accounts Disable/Enable User Accounts Disable/Enable User Accounts Move a User to New Domain Move a User to New Domain

23. Sites & Subnets List All AD Sites List All AD Sites List All Domain Controllers List All Domain Controllers List Subnets in All Sites List Subnets in All Sites

24. Monitoring Monitor AD Replication Monitor AD Replication Monitor AD Database Performance Monitor AD Database Performance Monitor DC Performance Monitor DC Performance Monitor NTDS Performance Monitor NTDS Performance

25. Scripts Summary Assure quality of services Iterate testing process Reduce servicing down-time Reduce human errors Reduce cost

26. References Windows Administrator’s Automation Toolkit, Microsoft Press, 2005, USA Microsoft’s Scripting Web: http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnanchor/html/scriptinga.asp http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnanchor/html/scriptinga.asp http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnanchor/html/scriptinga.asp Microsoft’s AD Sample Scripts: http://www.microsoft.com/technet/scriptcenter/scripts/ad/default.mspx http://www.microsoft.com/technet/scriptcenter/scripts/ad/default.mspx VBScript Fundamental: http://msdn.microsoft.com/library/default.asp?url=/library/en- us/script56/html/vtorivbscriptfundamentals.asp http://msdn.microsoft.com/library/default.asp?url=/library/en- us/script56/html/vtorivbscriptfundamentals.asp http://msdn.microsoft.com/library/default.asp?url=/library/en- us/script56/html/vtorivbscriptfundamentals.asp

27. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.