Wednesday, November 23, 2011

Runas Different Credentials In Command Prompt

Sometimes you need to run an executable as a different user via command prompt:
- in scripts
- in Windows 2008 (not 2008 R2), you cannot use shift right click to "run as different user"

Windows come with a command line tool called "runas", which allow users to execute anything as a different user, in the following syntax
runas /user domain\username "full path to exe"

ie.
runas /user domain\username "c:\temp\temp.exe /a /l /r"

Tuesday, November 15, 2011

Active Directory MMCs and Command Line Tools

Administration Tools on your Windows XP/7:
If you need to manage/export data from AD outside of your windows server, install:
- the "Windows Server 2003 Administration Tools Pack" (for windows 2003 AD servers)
http://www.microsoft.com/download/en/details.aspx?id=16770

OR

- the "Remote Server Administration Tools for Windows 7" (for windows 2008 AD servers)
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=7887

They provide Active Directory related MMCs and Directory Services command line tools.

Quickly Exporting AD Information
Dsquery.exe allows you to find any users/groups/OUs/computers etc based on their name/attributes
http://technet.microsoft.com/en-us/library/cc732952(WS.10).aspx

Examples:
To retrieve all AD Groups with the prefix "foo"
dsquery group -name foo*

To retrieve all the users in the container "Users", domain "microsoft.com"
dsquery user cn=users,dc=microsoft,dc=com

Other AD Command Line Tools
Microsoft has also allowed you to perform most basic AD operations such as adding users/groups, resetting passwords, deleting accounts/groups via the command-line tools
http://support.microsoft.com/kb/322684