Without further ado, this is the command:

dsquery * -scope subtree -attr “cn” “operatingSystem” “operatingSystemServicePack”  -filter “(&(objectclass=computer)(objectcategory=computer)(operatingSystem=Windows XP*))” -limit 100000

The output of this command would be as follows:

cn                 operatingSystem                      operatingSystemServicePack
WRK001    Windows XP Professional     Service Pack 1
WRK002    Windows XP Professional     Service Pack 2
WRK003    Windows XP Professional     Service Pack 3

Where, cn is the workstation name and the others are self explanatory.

Share your handy little tips and tricks!

Related posts:

1. Get list of machines by OS type from Active Directory
2. Diskpart.exe Warning when expanding drive
3. Active Directory Password Expiry Reminder Email
4. The WinRoute tool

Here is my mini how to – I have tried to keep it as simple as possible:

Backing Up Active Directory

Active Directory depends on the system state and the NTDS database among other things. So it is important to back these up on your domain controller. It is critically important to ensure that the system state data on a domain controller is backed up regularly since this contains all the core system files that are required to run a domain controller. Manually selecting what needs to be backed up will be extremely complicated and could be error prone – stay away from that path – just backup the entire system state.

What needs to be backed up? – System State

What kind of Backup needs to be run? – Full backup of the system state.

How often is good enough? – Daily – You will thank me for this

Restoring Active Directory (for experts who just need the short version)

There are two types of restores:

1. Normal Restore – This was also called the Non-Authoritative restore. This is generally performed when you need to restore a domain controller that has failed and there are other domain controllers on the domain. Another option would be to just reinstall the domain controller, clean up the AD metadata of all references to the failed DC and then promote the new server to a DC and replicate. If you are in a situation where you cannot do that, to perform a normal (or Non-Authoritative restore) you would:

a. Boot the domain controller into the Domain Services Restore Mode .

b. Restore system state

c. Reboot into the normal mode.

d. Replicate from other domain controllers.

2. Authoritative Restore – This would be performed in cases where you make a mistake like, say, delete an OU. In this case, a normal restore would not help since the OU that you just restored would get deleted again when you replicate changes with other domain controllers. An authoritative restore would help you undo a big mistake by ensuring that you are taken back to a working copy of AD. However, changes that you made since the last full backup would be lost. (So run your full backups daily!). To perform an authoritative restore:

a. Perform a normal restore.

b. Don’t reboot after the restore.

c. Use ntdsutil to get into the authoritative restore mode.

d. Specify if you want to mark the entire database or just a subtree as authoritative.

e. Quit the utility and reboot the server

3. Primary Restore – This restore is only used when you have a major disaster (read complete meltdown) and you have no working domain controllers. In such a case, you will have restore the entire domain from backups. The working process is very similar to the Normal Restore procedure mentioned above. This is how you would do it:

a. Boot the domain controller into the Domain Services Restore Mode .

b. Restore system state – ensure that the advanced option ‘Mark the restored data as the primary data for all replicas’ is checked.

c. Reboot into the normal mode.

Restoring Active Directory (for the rest of us)

1. Normal Restore – Here’s the step by step.

a. Reboot Server

b. During startup press F8 and choose, ‘Directory Services Restore Mode (Windows DCs only)

c. Choose the OS to be started, hit enter.

d. Hit OK at the Safe Mode login.

e. Open up the NTBackup utility.

f. Click next on the welcome page.

g. Select ‘Restore Files and Settings’ from the backup or restore page. Click Next.

h. Choose the backup you want to restore from the ‘What to restore’ page. Click Next.

i. Click Finish to start the restore. (Advanced options are best left untouched for a normal restore unless you want to save the backup elsewhere.)

j. Reboot server.

2. Authoritative Restore –

a. Perform a normal restore as mentioned before.

b. Do not reboot server after the restore.

c. Click on start -> run -> type ntdsutil.

d. Now type ‘authoritative restore’

e. Now specify the components you want to make authoritative. Enter either ‘restore database’ or ‘restore subtree’ along with the DN of the AD object you want to make authoritative.

f. Confirm your actions when prompted.

g. Type quit until the utility exits.

h. Reboot server.

3. Primary Restore –

a. Reboot Server

b. During startup press F8 and choose, ‘Directory Services Restore Mode (Windows DCs only)

c. Choose the OS to be started, hit enter.

d. Hit OK at the Safe Mode login.

e. Open up the NTBackup utility.

f. Click next on the welcome page.

g. Select ‘Restore Files and Settings’ from the backup or restore page. Click Next.

h. Choose the backup you want to restore from the ‘What to restore’ page. Click Next.

i. Click Advanced.

j. Ensure that on the ‘Where to Restore’ page, the default setting ‘Original Location’ is selected. Click Next.

k. On the How to Restore page, ensure that ‘Replace existing files’ is selected. Click Next.

l. On the Advanced Restore Options page – enable the ‘When restoring replicated data sets, mark the restored data as the primary data for all replicas’ option. Click Next.

m. Click Finish to start the primary restore.

n. Reboot server.

o. Go to sleep

PS: As always, please exercise due diligence when using the instructions in a live environment. Kindly do not blame me if something doesn’t work if Microsoft decides to change their code.

Related posts:

1. Setting up Split Brain DNS in Windows Server 2003
2. Symantec Backup Exec Error 0xe00084af (All Versions)
3. Active Directory Audit Script
4. Get list of machines by OS type from Active Directory
5. Active Directory Password Expiry Reminder Email

I recently was in this situation and had to write a script to intimate users about an impending password expiry. Here is what the script does:

The script queries your domain for all users and checks for the last password change date. This value is compared against you max password age value and then sends an email reminder to the user that is password is about to expire in x days. This email reminder is sent 9, 6 and 3 days before the actual password expiry date, giving the user enough time to reset the password without getting locked out.

You can schedule the script to run every day in which case you will need to write a simple batch file to call this script and maybe even log the output to a file. The script can be run under the system account. You can save the following line as a batch file that can be used to call the script:

cscript “Path\to\the\vbs\script” > PwdExpyEmail.log

You can download the script here.

Note: You will have to edit the values between the **** to suit your environment.

Related posts:

1. Active Directory Audit Script
2. Script to kill processes older than x days.
3. How to Backup and Restore Active Directory
4. Get list of machines by OS type from Active Directory

dsquery * domainroot -filter “(&(objectCategory=computer)(operatingSystem=Windows XP*))”

The command above would give you a list of all computers that have a Windows XP operating system. For Windows Servers, change the command as follows:

dsquery * domainroot -filter “(&(objectCategory=computer)(operatingSystem=Windows Server*))”

The output of the commands above would look something like this:

samid

server1$

server2$

server3$

dsget succeeded

Note the ‘samid’ at the head and ‘dsget succeeded’ at the end and the ‘$’ at the end tail of every server name.

If you are like me, and you would like just get a nice clean output with only server names, you can run this command:

for /f “Tokens=1 delims=$” %a in (‘dsquery * domainroot -filter “(&(objectCategory=computer)(operatingSystem=Windows Server*))”^| dsget computer -samid^|find /V “samid” ^| find /V “dsget”‘) do echo %a

The output of the command shown above would be:

server1

server2

server3

… and can be used as input to a file or another command etc…

Related posts:

1. DSQuery Operating System Service Pack Version
2. How to Backup and Restore Active Directory
3. Active Directory Audit Script
4. Active Directory Password Expiry Reminder Email
5. Diskpart.exe Warning when expanding drive

I have slightly modified this script and added a few lines to get information like the email address and the exchange home server of the user using the mail and msExchHomeServerName attributes.

You can download the modified script here.

How the script works:

It queries Active Directory using LDAP for a bunch of known user attributes and writes them to a .csv file in the same directory as the script. The file is will be named yyyymmdd_audit.csv

NOTE: I am NOT the original author of this script. Please give all credit to Paul Bergson who is an MVP for Directory Services.

Related posts:

1. Active Directory Password Expiry Reminder Email
2. Get list of machines by OS type from Active Directory
3. How to Backup and Restore Active Directory
4. Script to Hot Backup VMWare ESX Virtual Machines
5. Script to kill processes older than x days.