subject:"\[ActiveDir\] Interesting Scripting Task....."

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-21 Thread Al Mulnick

Last I checked, it's not a bad practice to use commas.  It's a bit more work 
to use the names if you have to escape the commas, but it's not a best 
practice.  In fact, in a displayname, I do want to use commas, but I think 
you meant in the CN you wouldn't want a comma.  I frequently do want them, 
but mostly because I've always worked with Exchange and the upgrade from 5.5 
will often cause that.  It's valid, it's not against any best practices, but 
it can be a pain to work with.


You found a workaround, but I wonder if there's another way to handle the 
special characters?


Just curious mostly.



From: Smith, Brad [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.
Date: Thu, 20 Oct 2005 15:16:59 +0100

All, Just thought a quick update might save a bit of pain for those of you
that ever want to use the CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf scripts from GPMC.  I found a snag where
CreateEnvironmentFromXML.wsf can't import user accounts where the name
contains a comma (and probably othe special characters).  I know it is bad
practice to use these in display names, but it is supported by dsa.msc and
so inevitably has been used.  There are a few ways around this, I got past
it by changing line 596 from

szName = User.Get(name);

To

szName = User.Get(samAccountName);


This could be done a lot smarter I know, but for a quick fix this works and
is all I need for now.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 12 October 2005 13:16
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

The script Darren pointed out seem to be working just fine, now I need to
configure a decent migtable ;-)

Thanks again for the heads up Darren.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: 10 October 2005 17:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Yes, Microsoft has attempted it. Check out the scripts directory under the
GPMC install. It has two scripts:

CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf

That do pretty much everything that you've described below.

Darren

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our 
testing

needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, 
Users

and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-21 Thread Smith, Brad

There is bound to be a way round, possibly to escape the character in
question, in this case, the evil comma. I say it is bad practise but really
I mean it isn't something I would want as opposed to the problems it can
create (like this one).  It comes down to a trade off between the bit more
work and how beneficial/satisfying having a comma there is. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: 21 October 2005 14:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Last I checked, it's not a bad practice to use commas.  It's a bit more work
to use the names if you have to escape the commas, but it's not a best
practice.  In fact, in a displayname, I do want to use commas, but I think
you meant in the CN you wouldn't want a comma.  I frequently do want them,
but mostly because I've always worked with Exchange and the upgrade from 5.5
will often cause that.  It's valid, it's not against any best practices, but
it can be a pain to work with.

You found a workaround, but I wonder if there's another way to handle the
special characters?

Just curious mostly.


From: Smith, Brad [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.
Date: Thu, 20 Oct 2005 15:16:59 +0100

All, Just thought a quick update might save a bit of pain for those of 
you that ever want to use the CreateXMLFromEnvironment.wsf and 
CreateEnvironmentFromXML.wsf scripts from GPMC.  I found a snag where 
CreateEnvironmentFromXML.wsf can't import user accounts where the name 
contains a comma (and probably othe special characters).  I know it is 
bad practice to use these in display names, but it is supported by 
dsa.msc and so inevitably has been used.  There are a few ways around 
this, I got past it by changing line 596 from

szName = User.Get(name);

To

szName = User.Get(samAccountName);


This could be done a lot smarter I know, but for a quick fix this works 
and is all I need for now.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 12 October 2005 13:16
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

The script Darren pointed out seem to be working just fine, now I need 
to configure a decent migtable ;-)

Thanks again for the heads up Darren.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-Elia
Sent: 10 October 2005 17:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Yes, Microsoft has attempted it. Check out the scripts directory under 
the GPMC install. It has two scripts:

CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf

That do pretty much everything that you've described below.

Darren

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of 
development environments.  The problem I am hoping to solve is that a 
lot of our testing needs to be done in an environment where all our 
Ous, GPOs, Groups and so forth are present.  Recreating this is a 
nightmare,  so to alleviate this I want to write an import/export 
script that dumps all the OU's, Groups, Users and GPO's (including 
security) and then restores them in a different target domain 
(different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication 
is strictly prohibited. Unless otherwise expressly agreed in writing, 
nothing stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: 
http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: 
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-21 Thread joe

I am against commas and spaces and other special characters in any
attributes that get used for RDNs. It shouldn't require quotes and escaping
to be able to use a DN in my opinion. Since those names are seen by admins,
they don't necessarily have to be nice. 

If you make an application and you build a container/OU structure in your
app. Allow people to specify a different structure that doesn't have spaces,
commas, and other crap in it cough Exchange cough. 

Folks who tend to like that putting that stuff in DNs (and folder and file
names as well) have normally, from what I have seen, spent most if not all
of their time in the GUI. 

I completely agree that displayname is fine and quite normal with commas. I
much prefer see names in the GAL as last, first than first last. 


The 5.5 issue is with the ADC. You can disable the ADC from changing the CNs
like that. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Friday, October 21, 2005 9:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Last I checked, it's not a bad practice to use commas.  It's a bit more work
to use the names if you have to escape the commas, but it's not a best
practice.  In fact, in a displayname, I do want to use commas, but I think
you meant in the CN you wouldn't want a comma.  I frequently do want them,
but mostly because I've always worked with Exchange and the upgrade from 5.5
will often cause that.  It's valid, it's not against any best practices, but
it can be a pain to work with.

You found a workaround, but I wonder if there's another way to handle the
special characters?

Just curious mostly.


From: Smith, Brad [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.
Date: Thu, 20 Oct 2005 15:16:59 +0100

All, Just thought a quick update might save a bit of pain for those of 
you that ever want to use the CreateXMLFromEnvironment.wsf and 
CreateEnvironmentFromXML.wsf scripts from GPMC.  I found a snag where 
CreateEnvironmentFromXML.wsf can't import user accounts where the name 
contains a comma (and probably othe special characters).  I know it is 
bad practice to use these in display names, but it is supported by 
dsa.msc and so inevitably has been used.  There are a few ways around 
this, I got past it by changing line 596 from

szName = User.Get(name);

To

szName = User.Get(samAccountName);


This could be done a lot smarter I know, but for a quick fix this works 
and is all I need for now.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 12 October 2005 13:16
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

The script Darren pointed out seem to be working just fine, now I need 
to configure a decent migtable ;-)

Thanks again for the heads up Darren.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-Elia
Sent: 10 October 2005 17:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Yes, Microsoft has attempted it. Check out the scripts directory under 
the GPMC install. It has two scripts:

CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf

That do pretty much everything that you've described below.

Darren

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of 
development environments.  The problem I am hoping to solve is that a 
lot of our testing needs to be done in an environment where all our 
Ous, GPOs, Groups and so forth are present.  Recreating this is a 
nightmare,  so to alleviate this I want to write an import/export 
script that dumps all the OU's, Groups, Users and GPO's (including 
security) and then restores them in a different target domain 
(different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication 
is strictly prohibited. Unless otherwise expressly agreed in writing, 
nothing stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: 
http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-21 Thread Al Mulnick

I'm sure you're not indicating that you believe I am a GUI junky, but I'll 
leave that conversation for another time :)



I disagree joe.  There will always be a reason to use special characters in 
those fields.  While I *can* change that, and often should find something 
that is unique across all OU's regardless of the immediate need (think about 
a worldwide deployment that has more than one jsmith; they should have a 
guaranteed unique logon name at the minimum because you never know when they 
plan to use UPN or plan to move to another location that breaks your OU 
structure.  I know there are other ways to modify this behavior..but a logon 
id should be globally unique wherever possible; that would be a best 
practice in my mind.) I may as well just bite the bullet and realize that 
I'll often need special characters and that it could show up in my DN. May 
as well code for that eventuality and be done with it.


Worrying about special characters in a DN is well and good, but I don't see 
that as a best practice or a requirement. Just a nice to have if you feel 
like programmatically handling admin and get to a point where you want to be 
extra efficient (or lazy) with the number of keystrokes.


Should displayname and CN be the same?  Depends on the person being asked. 
It's a LDAP thing.

And ldap based directories face the same issue.

5.5 and ADC are things that can be modified.  Done that many times.  Also 
had to go back and modify the DN's many times for many customers, but that's 
not as a best practice.  That was because they didn't have international 
needs and because they had efficient programmers.


-ajm






From: joe [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.
Date: Fri, 21 Oct 2005 10:06:54 -0400

I am against commas and spaces and other special characters in any
attributes that get used for RDNs. It shouldn't require quotes and escaping
to be able to use a DN in my opinion. Since those names are seen by admins,
they don't necessarily have to be nice.

If you make an application and you build a container/OU structure in your
app. Allow people to specify a different structure that doesn't have 
spaces,

commas, and other crap in it cough Exchange cough.

Folks who tend to like that putting that stuff in DNs (and folder and file
names as well) have normally, from what I have seen, spent most if not all
of their time in the GUI.

I completely agree that displayname is fine and quite normal with commas. I
much prefer see names in the GAL as last, first than first last.


The 5.5 issue is with the ADC. You can disable the ADC from changing the 
CNs

like that.


  joe


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Friday, October 21, 2005 9:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Last I checked, it's not a bad practice to use commas.  It's a bit more 
work

to use the names if you have to escape the commas, but it's not a best
practice.  In fact, in a displayname, I do want to use commas, but I think
you meant in the CN you wouldn't want a comma.  I frequently do want them,
but mostly because I've always worked with Exchange and the upgrade from 
5.5
will often cause that.  It's valid, it's not against any best practices, 
but

it can be a pain to work with.

You found a workaround, but I wonder if there's another way to handle the
special characters?

Just curious mostly.


From: Smith, Brad [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.
Date: Thu, 20 Oct 2005 15:16:59 +0100

All, Just thought a quick update might save a bit of pain for those of
you that ever want to use the CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf scripts from GPMC.  I found a snag where
CreateEnvironmentFromXML.wsf can't import user accounts where the name
contains a comma (and probably othe special characters).  I know it is
bad practice to use these in display names, but it is supported by
dsa.msc and so inevitably has been used.  There are a few ways around
this, I got past it by changing line 596 from

szName = User.Get(name);

To

szName = User.Get(samAccountName);


This could be done a lot smarter I know, but for a quick fix this works
and is all I need for now.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 12 October 2005 13:16
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

The script Darren pointed out seem to be working just fine, now I need
to configure a decent migtable ;-)

Thanks again for the heads up Darren.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren
Mar-Elia
Sent: 10 October 2005 17:40
To: ActiveDir

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-21 Thread joe

 to escape the slash? I have fought with this in my own tools. Cover
for people who have no clue or piss off people who do have a clue and handle
the situation themselves? For instance... Is there a problem with this
pseudo-code


_VldapserverV_=someservername
_VbaseV_=some branch in namespace
_VscopeV_=subtree
_VservernameV_=get servername from user
_VqueryV_=((objectcategory=person)(objectclass=user)(homeDirectory=\\_Vser
vernameV_\*))
Submit_Query [_VldapserverV_,_VbaseV_,_VscopeV_,_VqueryV_]

Does it work for all name values that could be submitted, say all valid
servers are in a dropdown and the user can't type their own names. Given all
the possible valid servernames would this code have a possible issue?

Yes. If the server name starts with the characters A-F or 0-9 (Hex character
set). Correct way to write that filter is

((objectcategory=person)(objectclass=user)(homeDirectory=\5c\5c_Vservername
V_\5c*))[3]

I have seen that one in the wild a ton of times. What is the general
solution I have seen? Why to forget about the slashes and simply wildcard
the first part of the query like

((objectcategory=person)(objectclass=user)(homeDirectory=*_VservernameV_\*)
)

Yeah that is efficient[4]. I would be willing to bet lunch that there is
some professionally written code somewhere in this world that does exactly
that. Why? Because I have seen it multiple times in non-pro code and people
like to cut and paste. In many cases the difference in professional code and
other code is that you pay for one and not the other.  


So how do you handle it generically? Was the double slash to escape the
second slash or was double slash intended so it should be escaped to \5c\5c?
Or was it supposed to be slash and then an escaped hex A through F? Since
you know specifically what this field is for above you can add extra logic
to protect against bad things, that doesn't work in the generic case though
say where someone is constructing the LDAP query or some portion of it. I
know, this doesn't apply to DNs... But doesn't it? You can query on DNs and
you can query on the various RDN values, they have to be handled in
different ways. It can be confusing for people who do understand what is
going on let alone those that are simply trying to make someone else's c#,
perl, or vbscript code work.


Quoting generally isn't too confusing as long as you are aware that if you
have special characters at the command line or spaces, you need to quote the
params. However, I get at least literally 800-1000 emails a year from people
who say one of the tools isn't working and it is simply due to the fact that
they have no idea that you need to quote params with spaces or characters
such as pipe or ampersand, etc. It especially makes me laugh when they talk
about what an expert they are and how they can do anything so there is
something obviously wrong with my program because if they can't get it to
work, it just must be wrong. ;o)


  joe




[1] It's a word now, deal with it. ;o)

[2] I certainly don't believe you have to be formally trained to become a
entry level or even great programmer. But someone who has learned on their
own is often not in a position to have learned programming fundamentals as
that probably wasn't on their goal sheet. If they are really bright and have
been doing it for some time they probably will have developed a sense of
what those fundamentals are or may be though through trial and error or
looking at issues they kept hitting in an objective scientific manner. 
 
[3] If anyone just said huh, go here
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/s
earch_filter_syntax.asp

[4] http://www.google.com/search?nq=define%3A+sarcasm

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Friday, October 21, 2005 11:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

I'm sure you're not indicating that you believe I am a GUI junky, but I'll
leave that conversation for another time :)


I disagree joe.  There will always be a reason to use special characters in 
those fields.  While I *can* change that, and often should find something 
that is unique across all OU's regardless of the immediate need (think about

a worldwide deployment that has more than one jsmith; they should have a 
guaranteed unique logon name at the minimum because you never know when they

plan to use UPN or plan to move to another location that breaks your OU 
structure.  I know there are other ways to modify this behavior..but a logon

id should be globally unique wherever possible; that would be a best 
practice in my mind.) I may as well just bite the bullet and realize that 
I'll often need special characters and that it could show up in my DN. May 
as well code for that eventuality and be done with it.

Worrying about special characters in a DN is well and good, but I don't see 
that as a best practice or a requirement. Just

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-21 Thread Al Mulnick

As for there being a good reason for having funky characters and spaces in
RDNs I would always question the reason it was said it was needed. I haven't
seen a good reason yet for a comma or a space in an RDN other than to make
it pretty. Again, these are admin level constructs, they don't need to be
pretty. That is why you have a displayName attribute in the first place.  

Ok I can be persuaded, but I'm taking issue with the idea that it's a best
practice.   I'm not convinced it's a best practice.  As evidence, I'd say
there would be no other need for special character escaping in that
construct.  I don't have a great reason unless the characters are in need of
being escaped. Spaces don't belong period. 



Your uniqueness argument confuses me. If you have multiple jsmith IDs
around the world, you already have a uniqueness issue. The solution is to
not have multiple jsmith IDs. You have jsmith, jsmith1, jsmith2 or some
other mechanism for creating unique IDs. Are you suggesting we use special
characters instead? Obviously I have some level of Enterprise experience,
using display names as the CN doesn't get you uniqueness, heck when I was at
MSU there were two of us on campus with EXACTLY the same first, middle, and
last names. Heck of a coincidence. The only people who had an issue with it
was the postal folks since the primary uniqueness key outside of address was
display name. So something addressed to my name at MSU actually had two
possible delivery locations. It had to have more info like building or room
and building to definitely get a unique hit (and even then they often
screwed up the delivery).

In rereading it, sometimes it confuses me :)  My point was that CN's should
be unique globally and should NOT match the displayname attribute as they
tend to do if you follow the GUI wizard as many will. 

Personally, I figure the right tool for the job.  If you have few
administrative issues you'll tend to use the native and easier tools.  If
you have more tasks, automation becomes a big deal.  Size matters as well,
since you'll want to automate more if you have more targets. In both
scenarios, you'd want to automate if you disliked the options presented by
the native tools. 

Interesting joe; not sure I'm convinced yet though.  



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, October 21, 2005 6:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.


Not picking on you Al.

However, Exchange people in general are GUI junkies. That is how they were
born and bred by MS, it is not entirely the fault of the admin. And if they
were command line junkies in a life prior to Exchange, MS thoroughly beat it
out of them with the dearth of any serious command line tools for Exchange.
Heck the more I deal with Exchange the more I find myself in LDP wandering
around versus command line because of the horrible layout in the config
container. I will probably end up writing a GUI version of adfind just
because of Exchange and my level of irkedness[1]. 

Anyway, I will let you answer if you are a GUI junkie or not, I have never
seen you work so I don't know if the command prompt windows out-number your
GUI windows or if you have a problem with a user if you first go to aduc or
the command line. Not trying to insult you or anyone else, if someone likes
the GUI, they like the GUI. I don't think admin work is generally as
efficient if always done with the GUI but that is for each admin to figure
out on their own. If you have two admins side by side who are both just as
good at solving problems but admin 2 takes 30 seconds to add some 50 new OUs
and admin 1 spends more time trying to get ADUC open to the right location
you can see where that is going to go long term. I am glad that Microsoft as
a whole realized prior to Windows Server 2003 that the command line was
important. It seems the Exchange team has made that discovery now for E12
though I still question some of what I have been seeing as they still seem
to be dragging the GUI fat for info retrieval with them with some of the
MONAD stuff, only there is no GUI to require it.  

As for there being a good reason for having funky characters and spaces in
RDNs I would always question the reason it was said it was needed. I haven't
seen a good reason yet for a comma or a space in an RDN other than to make
it pretty. Again, these are admin level constructs, they don't need to be
pretty. That is why you have a displayName attribute in the first place. 

Your uniqueness argument confuses me. If you have multiple jsmith IDs around
the world, you already have a uniqueness issue. The solution is to not have
multiple jsmith IDs. You have jsmith, jsmith1, jsmith2 or some other
mechanism for creating unique IDs. Are you suggesting we use special
characters instead? Obviously I have some level of Enterprise experience,
using display names as the CN doesn't get you uniqueness

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-21 Thread Al Mulnick

Good point.  Personally, I don't see a value for a comma or a space in this
section.  Some apps might though (they tend to be very old apps). 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Friday, October 21, 2005 9:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

There is bound to be a way round, possibly to escape the character in
question, in this case, the evil comma. I say it is bad practise but really
I mean it isn't something I would want as opposed to the problems it can
create (like this one).  It comes down to a trade off between the bit more
work and how beneficial/satisfying having a comma there is. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: 21 October 2005 14:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Last I checked, it's not a bad practice to use commas.  It's a bit more work
to use the names if you have to escape the commas, but it's not a best
practice.  In fact, in a displayname, I do want to use commas, but I think
you meant in the CN you wouldn't want a comma.  I frequently do want them,
but mostly because I've always worked with Exchange and the upgrade from 5.5
will often cause that.  It's valid, it's not against any best practices, but
it can be a pain to work with.

You found a workaround, but I wonder if there's another way to handle the
special characters?

Just curious mostly.

From: Smith, Brad [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.
Date: Thu, 20 Oct 2005 15:16:59 +0100

All, Just thought a quick update might save a bit of pain for those of
you that ever want to use the CreateXMLFromEnvironment.wsf and 
CreateEnvironmentFromXML.wsf scripts from GPMC.  I found a snag where 
CreateEnvironmentFromXML.wsf can't import user accounts where the name 
contains a comma (and probably othe special characters).  I know it is 
bad practice to use these in display names, but it is supported by 
dsa.msc and so inevitably has been used.  There are a few ways around 
this, I got past it by changing line 596 from

szName = User.Get(name);

To

szName = User.Get(samAccountName);

This could be done a lot smarter I know, but for a quick fix this works
and is all I need for now.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 12 October 2005 13:16
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

The script Darren pointed out seem to be working just fine, now I need
to configure a decent migtable ;-)

Thanks again for the heads up Darren.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren
Mar-Elia
Sent: 10 October 2005 17:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Yes, Microsoft has attempted it. Check out the scripts directory under
the GPMC install. It has two scripts:

CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf

That do pretty much everything that you've described below.

Darren

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of
development environments.  The problem I am hoping to solve is that a 
lot of our testing needs to be done in an environment where all our 
Ous, GPOs, Groups and so forth are present.  Recreating this is a 
nightmare,  so to alleviate this I want to write an import/export 
script that dumps all the OU's, Groups, Users and GPO's (including 
security) and then restores them in a different target domain 
(different forest too).  Has anyone attempted/achieved this before?

Brad

This email and any attached files are confidential and copyright 
protected. If you are not the addressee, any dissemination of this 
communication is strictly prohibited. Unless otherwise expressly agreed 
in writing, nothing stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: 
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-20 Thread Smith, Brad

All, Just thought a quick update might save a bit of pain for those of you
that ever want to use the CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf scripts from GPMC.  I found a snag where
CreateEnvironmentFromXML.wsf can't import user accounts where the name
contains a comma (and probably othe special characters).  I know it is bad
practice to use these in display names, but it is supported by dsa.msc and
so inevitably has been used.  There are a few ways around this, I got past
it by changing line 596 from

szName = User.Get(name);

To 

szName = User.Get(samAccountName);


This could be done a lot smarter I know, but for a quick fix this works and
is all I need for now.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: 12 October 2005 13:16
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

The script Darren pointed out seem to be working just fine, now I need to
configure a decent migtable ;-)

Thanks again for the heads up Darren. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: 10 October 2005 17:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Yes, Microsoft has attempted it. Check out the scripts directory under the
GPMC install. It has two scripts:

CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf

That do pretty much everything that you've described below.

Darren 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Users
and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-12 Thread Smith, Brad

Did groups that have not been created that are a member of a group that has
been created pose a problem?  IE, if the LDf restores Group A, and group A
has Groups B  C as members, but Group C doesn't exist yet.how did that
work ? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: 11 October 2005 16:29
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

To automate the import of the .ldf files you need to shell to a command
prompt and run the ldif import commands appropriate for what you want to do.
A batch file would work as well.  If you wanted to automate it all, you
could use the batch/.cmd file completely to do this. 

Al

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jensen, Ken
Sent: Tuesday, October 11, 2005 10:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

There must be a scriptable way of automating the import of .ldf files as
well. We have had good success re-creating our production environment using
server imaging and exports of our OU, groups and user fields. We did have a
bit of trouble with users and groups but found it was the order in which we
did it that mattered. As long as all the groups are done before users, we
didn't have a lot of issues and could break, err , test things quite
realistically.

Regards,

Ken Jensen
Capistrano Unified School District
San Juan Capistrano, California
I tell ya, if that did it for me,
I'd be the happiest man on earth...

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Tuesday, October 11, 2005 1:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Thanks all for the replies  

Darren- I wil linvestigate the scripts you mention and see how I get on.

Al/Ed- I need to run this on the same network as the production domain
(W2K)
and hence need to use a different domain name
Kamlesh- The original post of that tool is what got me started thinking this
is possible.  I didn't have much louck using Xsync unfortunately, it seemed
a bit lacking functionality as it didn't do GPO's at all and needed the
logon/password credentials in each domain to be identical...weird but
annoying.

I will report back when I have looked into Darren's scripts

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: 10 October 2005 23:45
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

I've written that, and it's actually rather straightforward if you're
willing to tackle VBScript and ADSI.

Another option you might consider is Microsoft Virtual Server or VMware,
where you can build a VM with your environment, save it as a golden
master, and use it as the base when you need to rebuild your lab.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Users
and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad

This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This communication and any documents, files, or previous e-mail messages
attached to it constitute an electronic communication within the scope of
the Electronic Communication Privacy Act, 18 USCA 2510.  This communication
may contain

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-12 Thread Smith, Brad

I guess it could restore the groups first, then configure the
memberships 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: 11 October 2005 16:29
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

To automate the import of the .ldf files you need to shell to a command
prompt and run the ldif import commands appropriate for what you want to do.
A batch file would work as well.  If you wanted to automate it all, you
could use the batch/.cmd file completely to do this. 

Al

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jensen, Ken
Sent: Tuesday, October 11, 2005 10:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

There must be a scriptable way of automating the import of .ldf files as
well. We have had good success re-creating our production environment using
server imaging and exports of our OU, groups and user fields. We did have a
bit of trouble with users and groups but found it was the order in which we
did it that mattered. As long as all the groups are done before users, we
didn't have a lot of issues and could break, err , test things quite
realistically.

Regards,

Ken Jensen
Capistrano Unified School District
San Juan Capistrano, California
I tell ya, if that did it for me,
I'd be the happiest man on earth...

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Tuesday, October 11, 2005 1:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Thanks all for the replies  

Darren- I wil linvestigate the scripts you mention and see how I get on.

Al/Ed- I need to run this on the same network as the production domain
(W2K)
and hence need to use a different domain name
Kamlesh- The original post of that tool is what got me started thinking this
is possible.  I didn't have much louck using Xsync unfortunately, it seemed
a bit lacking functionality as it didn't do GPO's at all and needed the
logon/password credentials in each domain to be identical...weird but
annoying.

I will report back when I have looked into Darren's scripts

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: 10 October 2005 23:45
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

I've written that, and it's actually rather straightforward if you're
willing to tackle VBScript and ADSI.

Another option you might consider is Microsoft Virtual Server or VMware,
where you can build a VM with your environment, save it as a golden
master, and use it as the base when you need to rebuild your lab.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Users
and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad

This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This communication and any documents, files, or previous e-mail messages
attached to it constitute an electronic communication within the scope of
the Electronic Communication Privacy Act, 18 USCA 2510.  This communication
may contain non-public, confidential, or legally privileged information
intended for the sole use of the designated recipient(s).  The unlawful
interception, use

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-12 Thread Smith, Brad

The script Darren pointed out seem to be working just fine, now I need to
configure a decent migtable ;-)

Thanks again for the heads up Darren. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: 10 October 2005 17:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Yes, Microsoft has attempted it. Check out the scripts directory under the
GPMC install. It has two scripts:

CreateXMLFromEnvironment.wsf and
CreateEnvironmentFromXML.wsf

That do pretty much everything that you've described below.

Darren 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Users
and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad

This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-11 Thread Smith, Brad

Thanks all for the replies  

Darren- I wil linvestigate the scripts you mention and see how I get on.  
Al/Ed- I need to run this on the same network as the production domain (W2K)
and hence need to use a different domain name
Kamlesh- The original post of that tool is what got me started thinking this
is possible.  I didn't have much louck using Xsync unfortunately, it seemed
a bit lacking functionality as it didn't do GPO's at all and needed the
logon/password credentials in each domain to be identical...weird but
annoying.

I will report back when I have looked into Darren's scripts

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: 10 October 2005 23:45
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

I've written that, and it's actually rather straightforward if you're
willing to tackle VBScript and ADSI.

Another option you might consider is Microsoft Virtual Server or VMware,
where you can build a VM with your environment, save it as a golden
master, and use it as the base when you need to rebuild your lab.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Users
and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-11 Thread Al Mulnick

Yep, if you need to have it on the same network and accessible via the same
network for multiple machines (can't just remote to it) then you'll
certainly want the scripting route.  LDAP/ADSI (as Ed also mentioned) is
pretty easy as long as you get the order correct, while the GPO's might take
a little more work that that. If those scripts work out, you're pretty much
home free after you do the transform.  

Another option would be to use something like MIIS to achieve these goals
and keep things in sync. Scripts would be more useful for large scale
changes (wipe and reload scenarios) while MIIS (or similar) would be much
easier for incremental changes. 

Al



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Tuesday, October 11, 2005 4:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.


Thanks all for the replies  

Darren- I wil linvestigate the scripts you mention and see how I get on.  
Al/Ed- I need to run this on the same network as the production domain (W2K)
and hence need to use a different domain name
Kamlesh- The original post of that tool is what got me started thinking this
is possible.  I didn't have much louck using Xsync unfortunately, it seemed
a bit lacking functionality as it didn't do GPO's at all and needed the
logon/password credentials in each domain to be identical...weird but
annoying.

I will report back when I have looked into Darren's scripts

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: 10 October 2005 23:45
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

I've written that, and it's actually rather straightforward if you're
willing to tackle VBScript and ADSI.

Another option you might consider is Microsoft Virtual Server or VMware,
where you can build a VM with your environment, save it as a golden
master, and use it as the base when you need to rebuild your lab.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Users
and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-11 Thread Jensen, Ken

There must be a scriptable way of automating the import of .ldf files as
well. We have had good success re-creating our production environment
using server imaging and exports of our OU, groups and user fields. We
did have a bit of trouble with users and groups but found it was the
order in which we did it that mattered. As long as all the groups are
done before users, we didn't have a lot of issues and could break, err ,
test things quite realistically.

Regards,

Ken Jensen
Capistrano Unified School District
San Juan Capistrano, California
I tell ya, if that did it for me,
I'd be the happiest man on earth...

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Tuesday, October 11, 2005 1:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Thanks all for the replies  

Darren- I wil linvestigate the scripts you mention and see how I get on.

Al/Ed- I need to run this on the same network as the production domain
(W2K)
and hence need to use a different domain name
Kamlesh- The original post of that tool is what got me started thinking
this
is possible.  I didn't have much louck using Xsync unfortunately, it
seemed
a bit lacking functionality as it didn't do GPO's at all and needed the
logon/password credentials in each domain to be identical...weird but
annoying.

I will report back when I have looked into Darren's scripts

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley
[MVP]
Sent: 10 October 2005 23:45
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

I've written that, and it's actually rather straightforward if you're
willing to tackle VBScript and ADSI.

Another option you might consider is Microsoft Virtual Server or VMware,
where you can build a VM with your environment, save it as a golden
master, and use it as the base when you need to rebuild your lab.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our
testing
needs to be done in an environment where all our Ous, GPOs, Groups and
so
forth are present.  Recreating this is a nightmare,  so to alleviate
this I
want to write an import/export script that dumps all the OU's, Groups,
Users
and GPO's (including security) and then restores them in a different
target
domain (different forest too).  Has anyone attempted/achieved this
before?

Brad


This email and any attached files are confidential and copyright
protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing,
nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


This communication and any documents, files, or previous e-mail messages 
attached to it constitute an electronic communication within the scope of the 
Electronic Communication Privacy Act, 18 USCA 2510.  This communication may 
contain non-public, confidential, or legally privileged information intended 
for the sole use of the designated recipient(s).  The unlawful interception, 
use or disclosure of such information is strictly prohibited under 18 USCA 2511 
and any applicable laws.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-11 Thread Al Mulnick

To automate the import of the .ldf files you need to shell to a command
prompt and run the ldif import commands appropriate for what you want to do.
A batch file would work as well.  If you wanted to automate it all, you
could use the batch/.cmd file completely to do this. 

Al

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jensen, Ken
Sent: Tuesday, October 11, 2005 10:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.


There must be a scriptable way of automating the import of .ldf files as
well. We have had good success re-creating our production environment using
server imaging and exports of our OU, groups and user fields. We did have a
bit of trouble with users and groups but found it was the order in which we
did it that mattered. As long as all the groups are done before users, we
didn't have a lot of issues and could break, err , test things quite
realistically.

Regards,

Ken Jensen
Capistrano Unified School District
San Juan Capistrano, California
I tell ya, if that did it for me,
I'd be the happiest man on earth...

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Tuesday, October 11, 2005 1:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

Thanks all for the replies  

Darren- I wil linvestigate the scripts you mention and see how I get on.

Al/Ed- I need to run this on the same network as the production domain
(W2K)
and hence need to use a different domain name
Kamlesh- The original post of that tool is what got me started thinking this
is possible.  I didn't have much louck using Xsync unfortunately, it seemed
a bit lacking functionality as it didn't do GPO's at all and needed the
logon/password credentials in each domain to be identical...weird but
annoying.

I will report back when I have looked into Darren's scripts

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: 10 October 2005 23:45
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Interesting Scripting Task.

I've written that, and it's actually rather straightforward if you're
willing to tackle VBScript and ADSI.

Another option you might consider is Microsoft Virtual Server or VMware,
where you can build a VM with your environment, save it as a golden
master, and use it as the base when you need to rebuild your lab.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Users
and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


This communication and any documents, files, or previous e-mail messages
attached to it constitute an electronic communication within the scope of
the Electronic Communication Privacy Act, 18 USCA 2510.  This communication
may contain non-public, confidential, or legally privileged information
intended for the sole use of the designated recipient(s).  The unlawful
interception, use or disclosure of such information is strictly prohibited
under 18 USCA 2511 and any applicable laws.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http

[ActiveDir] Interesting Scripting Task.....

2005-10-10 Thread Smith, Brad

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Users
and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright protected. If 
you are not the addressee, any dissemination of this communication is strictly 
prohibited. Unless otherwise expressly agreed in writing, nothing stated in 
this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-10 Thread Darren Mar-Elia

Yes, Microsoft has attempted it. Check out the scripts directory under
the GPMC install. It has two scripts:

CreateXMLFromEnvironment.wsf and 
CreateEnvironmentFromXML.wsf

That do pretty much everything that you've described below.

Darren 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our
testing needs to be done in an environment where all our Ous, GPOs,
Groups and so forth are present.  Recreating this is a nightmare,  so to
alleviate this I want to write an import/export script that dumps all
the OU's, Groups, Users and GPO's (including security) and then restores
them in a different target domain (different forest too).  Has anyone
attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright
protected. If you are not the addressee, any dissemination of this
communication is strictly prohibited. Unless otherwise expressly agreed
in writing, nothing stated in this communication shall be legally
binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Interesting Scripting Task.....

2005-10-10 Thread Al Mulnick

Exporting users, groups etc and then recreating them in a new environment is 
not terribly difficult.  Getting the security settings and the GPO 
information recreated is a bit more difficult. This is not an export and 
copy, it's an export and create new that looks like the old situation if you 
do it that way.


What do you have to work with?  Is it too much to recreate the environments 
by overlaying the production, cleaning up the metadata and letting it loose? 
Or do you have workstations and servers in the environment to be concerned 
about?


Al



- Original Message - 
From: Smith, Brad [EMAIL PROTECTED]

To: ActiveDir@mail.activedir.org
Sent: Monday, October 10, 2005 11:07 AM
Subject: [ActiveDir] Interesting Scripting Task.



All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our 
testing

needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this 
I
want to write an import/export script that dumps all the OU's, Groups, 
Users
and GPO's (including security) and then restores them in a different 
target

domain (different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright 
protected. If you are not the addressee, any dissemination of this 
communication is strictly prohibited. Unless otherwise expressly agreed in 
writing, nothing stated in this communication shall be legally binding.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Interesting Scripting Task.....

2005-10-10 Thread Kamlesh Parmar

I am copying the exact post from Tiro Yann,

Hi Activedir List :)

A new free tool is now available here
http://www.yside.com/projects/tools.htm
 which name is XSync v0.2

It duplicates your real AD Domain in a test lab with no SID issues.

Thanks a lot to Chris Wall ([EMAIL PROTECTED]
) who made the
information available on the ExhcangeList with the same thread
Duplicate your AD domain with this new (free) tool.

Cheers,

Yann
On 10/10/05, Smith, Brad [EMAIL PROTECTED]
 wrote:All,I am pondering the possibility of automating the creation of development
environments.The problem I am hoping to solve is that a lot of our testingneeds to be done in an environment where all our Ous, GPOs, Groups and soforth are present.Recreating this is a nightmare,so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Usersand GPO's (including security) and then restores them in a different targetdomain (different forest too).Has anyone attempted/achieved this before?
BradThis
email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication
is strictly prohibited. Unless otherwise expressly agreed in writing,
nothing stated in this communication shall be legally binding.List info : http://www.activedir.org/List.aspxList FAQ: 
http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
-- ~~~Fortune and Love befriend the bold~~~

RE: [ActiveDir] Interesting Scripting Task.....

2005-10-10 Thread Ed Crowley [MVP]

I've written that, and it's actually rather straightforward if you're
willing to tackle VBScript and ADSI.

Another option you might consider is Microsoft Virtual Server or VMware,
where you can build a VM with your environment, save it as a golden
master, and use it as the base when you need to rebuild your lab.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Monday, October 10, 2005 8:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Interesting Scripting Task.

All,

I am pondering the possibility of automating the creation of development
environments.  The problem I am hoping to solve is that a lot of our testing
needs to be done in an environment where all our Ous, GPOs, Groups and so
forth are present.  Recreating this is a nightmare,  so to alleviate this I
want to write an import/export script that dumps all the OU's, Groups, Users
and GPO's (including security) and then restores them in a different target
domain (different forest too).  Has anyone attempted/achieved this before?

Brad


This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

[ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

Re: [ActiveDir] Interesting Scripting Task.....

Re: [ActiveDir] Interesting Scripting Task.....

RE: [ActiveDir] Interesting Scripting Task.....

20 matches

Site Navigation

Mail list logo

Footer information