|
|
< Day Day Up > |
|
The focus of this chapter is on managing domain computer accounts, which control access to the network and its resources. Like user accounts, domain computer accounts have attributes that you can manage, including names and group memberships. You can add computer accounts to any container or OU in the Active Directory directory service. However, the best containers to use are Computers, Domain Controllers, and any OUs that you’ve created. The standard Microsoft Windows tool for working with computer accounts is Active Directory Users And Computers. At the command line, you have many commands; each with a specific use. Whether you are logged on to a Windows XP Professional or Windows Server 2003 system, you can use the techniques discussed in this chapter to manage computer accounts and domain controllers.
Two sets of command-line utilities are available for managing domain computer accounts. The first set can be used with any type of computer account, including workstations, member servers, and domain controllers. The second set of commands is used only with domain controllers and designed to help you manage their additional features and properties.
In addition to DSQUERY computer discussed in the previous chapter, the general computer account commands include
DSADD computer Creates a computer account in Active Directory.
DSGET computer Displays the properties of a computer account using one of two syntaxes. The syntax for viewing the properties of multiple computers is
dsget computer ComputerDN ... [-dn] [-samid] [-sid] [-desc] [-loc]
[-disabled] [{-s Server | -d Domain}] [-u UserName] [-p {Password
| *}] [-c] [-q] [-l] [{-uc | -uco | -uci}] [-part PartitionDN
[-qlimit] [-qused]]
The syntax for viewing the membership information of a single computer is
dsget computer ComputerDN [-memberof [-expand]] [{-s Server | -d
Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [-l] [{-uc
| -uco | -uci}]
DSMOD computer Modifies attributes of one or more computer accounts in the directory.
dsmod computer ComputerDN ... [-desc Description] [-loc Location]
[-disabled {yes | no}] [- reset] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [{-uc | -uco | - uci}]
| Tip |
For any of the computer and server commands, you can use input from DSQUERY to specify the object or objects you want to work with. If you want to type the distinguished names (DNs) for each object you want to work with, you can do this as well. Simply separate each DN with a space. |
In addition to DSQUERY server, discussed in the previous chapter, the utilities for managing the additional features of domain controllers include
DSGET server Displays the various properties of domain controllers using one of three syntaxes. The syntax for displaying the general properties of a specified domain controller is
dsget server ServerDN ... [-dn] [-desc] [-dnsname] [-site] [-isgc]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c]
[-q] [-l] [{-uc | -uco | -uci}]
The syntax for displaying a list of the security principals who own the largest number of directory objects on the specified domain controller is
dsget server ServerDN ... [{-s Server | -d Domain}] [-u User
Name] [-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
[-topobjowner NumbertoDisplay]
The syntax for displaying the DNs of the directory partitions on the specified server is
dsget server ServerDN ... [{-s Server | -d Domain}] [-u User
Name] [-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
[-part]
DSMOD serverModifies properties of a domain controller.
dsmod server ServerDN ... [-desc Description] [-isgc {yes | no}]
[{-s Server | -d Domain}] [- u UserName] [-p {Password | *}] [-c]
[-q] [{-uc | -uco | -uci}]
| Note |
Another useful command for working with domain controllers and Active Directory is NTDSUTIL. NTDSUtil is a text-mode command interpreter that you invoke so that you can manage directory services using a separate command prompt and internal commands. You invoke the NTDSUtil interpreter by typing ntdsutil in a command window and pressing Enter. |
|
|
< Day Day Up > |
|