Wednesday, November 23, 2011

Runas Different Credentials In Command Prompt

Sometimes you need to run an executable as a different user via command prompt:
- in scripts
- in Windows 2008 (not 2008 R2), you cannot use shift right click to "run as different user"

Windows come with a command line tool called "runas", which allow users to execute anything as a different user, in the following syntax
runas /user domain\username "full path to exe"

runas /user domain\username "c:\temp\temp.exe /a /l /r"

Tuesday, November 15, 2011

Active Directory MMCs and Command Line Tools

Administration Tools on your Windows XP/7:
If you need to manage/export data from AD outside of your windows server, install:
- the "Windows Server 2003 Administration Tools Pack" (for windows 2003 AD servers)


- the "Remote Server Administration Tools for Windows 7" (for windows 2008 AD servers)

They provide Active Directory related MMCs and Directory Services command line tools.

Quickly Exporting AD Information
Dsquery.exe allows you to find any users/groups/OUs/computers etc based on their name/attributes

To retrieve all AD Groups with the prefix "foo"
dsquery group -name foo*

To retrieve all the users in the container "Users", domain ""
dsquery user cn=users,dc=microsoft,dc=com

Other AD Command Line Tools
Microsoft has also allowed you to perform most basic AD operations such as adding users/groups, resetting passwords, deleting accounts/groups via the command-line tools