Scripting & Command line

Hi all,
Hope everyone is doing well and studying hard.

I am in the area of my studies that deals with scripting. I have been out of the admin area for a while and have a question....
In practical application (real life) how often do you use scripting or the command line to add users, modify permissions?

thanks

Find more posts tagged with

Comments

undomiel

I haven't had a need to use scripting for adding users or modifying permissions but on the other hand I have used scripting in application deployment, network drives & VPN set up, and certain other miscellaneous tasks that would otherwise be very repetitive and I can just take a bit of time to write a script for instead of doing it by hand myself.

Mishra

Scripting becomes extremely important if you are an outside the box thinker. When you are trying to come up with solutions to a monotonous activity then scripts is almost always the ONLY way to go.

You can get away with not scripting much in an environment but it just makes your life harder and really takes away the power that your IT infrastructure could have.

sprkymrk

I script a lot of things, but not permissions (to easy to screw a lot of things up) and not adding users, as we only have about 400+/- and the turn over rate is easily handled through ADUC.

Also want to mention your username made me chuckle.

astorrs

Lots of the time. In a large environment being able to do something with a script to thousands of users is very important. As is being able to do something the same way more than once.

cheesecoupons

sprkymrk wrote:

I script a lot of things, but not permissions (to easy to screw a lot of things up) and not adding users, as we only have about 400+/- and the turn over rate is easily handled through ADUC.

Also want to mention your username made me chuckle.

Thanks for the responses! Okay so the part I am studying is probably for exposure (as far as adding users). I can see using a script to implement a group policy or something - but to add users seemed labor intensive and ,as mentioned, too much room for error.
Seem like any script, in the generic sense, has been written and all they need is some modification.

I'm just looking to be a jr sys admin so hopefully I will get a job someday and have one of you high spped folks to mentor me a bit

btw, the name is an unfortunate side effect of needing Chuck e Cheese coupons sent to something other than my mail mail box (Spam city)

Any other comments or tips would be wonderful.

Take care and good luck all!

andysmeg

Hi Cheesey,

I've only ever scripted once. The organisation I work for acquired another business and we needed to import the users' (inc. e-mail addresses) from their existing server onto one of ours. Each user had approx. 10 e-mail addresses so this was going to be a bit of a ball ache. I used the following script as a template to complete this task:

Ldifde -d "DC=domain,DC=co,DC=uk" -r "(&(mailnickname=*))" -l proxyAddresses -f emailaddresses.txt

Apart from that I personally don't tend to script but can definately see the advantages if you know what you're doing.

Andy

Rikku

I like working with the script examples in the Active Directory Cookbook from Oreilly. (over 325 recipes!:P )

Oh god, I've sunk to a new low..why am I endorsing for free?

Hope this helps

Slowhand

Scripting comes in very handy, especially if you're good at it. You have no idea how easy your life can be once you've automated a few tasks with scripts or you've created some workarounds for otherwise frustrating problems. For example, one of my clients has a program called XWall installed on their SBS box. This program is supposed to filter mail as it comes and goes, and runs on port 25, delegating Exchange to port 24. There are no instructions on how to remove this software, or how to undo the settings it creates once it's installed. The other issue is that it creates daily log files that are anywhere from 150MB to 200MB, which fills up the hard drive in a hurry. When trying to remove XWall, Exchange will do everything except send mail. We've had several messaging gurus look at the problem, and they all come back with the same response: "XWall is a piece of crap. Rebuild the server."

The solution I came up with was to create a PowerShell script that runs once a week, deleting any XWall log files that are more than a day old. The script also writes an entry in the event log every time it runs, notifying of a successful delete or if there was an error. Because of this, we are able to monitor this script through our management software, [url=]Kaseya[/url], and I don't have to log into the machine every week just to look at a script. If I didn't know any scripting, I'd have to go an delete those logs every week. . . or, I'd have to rebuild the server in order to get everything working again.

RobertKaucher

cheesecoupons wrote:

Hi all,
In practical application (real life) how often do you use scripting or the command line to add users, modify permissions?

I only use the command line/script permissions when there is a large problem. For example a few weeks ago we migrated to a new domain. We recreated each and every user account and did not create any sort of trust relationship. So the problem became how to reset the permissions on users' home directories... 150 users... That's A LOT of time. So I wrote a Perl script that read the user profile root into an array. Since the name of the uers' folders was the same as their username I used that to call cacls in the Perl script and reset the permissions so that only the domain admin and the user had any permissions on the folders. Worked pretty well. There were some errors and a few had to be done by hand.

I also use cacls when I am doing data recovery on a foreign disc. Attach the drive to my PC, run cacls on the root and walk away. Much faster than using the GUI.

az_golfer

I'm pretty proud of this project.

I wrote a C# application that managed all of our user accounts for the school district I was working for. I would export all of the relevant student data from our student information system nightly. I would then export all of our employee data from our personnel database nightly.

After the exports I executed a series of logic statements that would:
- disable user accounts if they were no longer employees or students
- move users to the correct OU if they changed schools or positions
- create user accounts for new students or employees

After that process completed I used more dstool commands to repopulate security groups so users modified from previous steps had the correct permissions when they showed up in the morning.

This can be very powerful!