Professional Documents
Culture Documents
Administeringad ch7
Administeringad ch7
Books
Contents
Chapter 7 Command-Line, Support, and
Microsoft Windows Server 2003 Resource Kit Tools . . . . . . . . . . . . . . . . . 123
Windows 2003 Built-In Command-Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Built-In Command-Line Event-Log Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Eventcreate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Eventquery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Eventtriggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Built-In AD Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Dsadd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Dsadd User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Dsquery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Dsquery User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Windows 2003 Support Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Support Tools Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
AD Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Dcdiag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Dcdiag with Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Dcdiag with Dcpromo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Replmon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Windows 2003 Resource Kit Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Active Directory Users and Computers Enancement Tools . . . . . . . . . . . . . . . . . . . . 139
Acctinfo.dll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Rcontrolad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Event Manipulation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Custreasonedit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
EventCombMT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Next: Special Domain Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
123
Chapter 7:
Figure 7.1
The Help and Support Center list of command-line tools
j Tip
Typically, to reach the list of command-line utilities, I type
command line reference
You can also immediately locate the Help and Support Center list of command-line utilities by
opening a command prompt and typing
hh ntcmds.chm
Windows 2003 offers a bevy of command-line tools – almost too many. To keep the command-
line tool section of the chapter manageable, I’ll limit my discussion to those tools that help you
manage the event log and Active Directory (AD).
n Note Don’t let the myriad options that each tool offers befuddle you. Almost every tool has a /?
option that lists the tool’s options. Alternatively, you can click the name of a tool listed in
Figure 7.1 to display that tool’s command-line options.
Eventcreate
Eventcreate lets an administrator create a custom event in a specified event log. If you’re a batch file
junky, and you want to have the status of your jobs reported to the event log, you’ll want to use the
Eventcreate tool.
The Eventcreate syntax from the Help file reads
eventcreate [/s Computer [/u Domain\User [/p Password]] {[/l {APPLICATION | SYSTEM}] |
[/so SrcName]} /t {ERROR | WARNING | INFORMATION} /id EventID /d Description
n Note According to Microsoft’s formatting legend, italics indicate information the user must supply;
boldface indicates something the user must type exactly as shown; an ellipsis indicates a
parameter that can be repeated in a command; brackets indicate optional items; braces
indicate choices from which the user must choose one only; and Courier font indicates code or
program output.
Figure 7.2 shows a sample batch file script that, if a flag file is found, reports the finding to
the event log.
Figure 7.2
Deploying Eventcreate
When the script reports the finding to the event log, the result appears in the format that
Figure 7.3 shows.
Figure 7.3
Result of an Eventcreate finding
The Eventcreate tool is handy, but it becomes even handier when you use it with utilities such as
Eventquery and EventCombMT. (I discuss EventCombMT in the Windows 2003 resource kit utilities
section toward the end of the chapter.)
Eventquery
Eventquery’s purpose is to query event logs on Windows 2003 servers for information already in the
logs – including information you set the event logs to capture through Eventcreate. However, if you
try to use the Eventquery tool without preparation, you get the message that Figure 7.4 shows. You
first need to change the default command processor.
Figure 7.4
Changing the default command processor
which changes the command processor from the interactive GUI script processor to CScript.
The Eventquery syntax from the Help file reads
eventquery[.vbs] [/s Computer [/u Domain\User [/p Password]]] [/fi FilterName] [/fo {TABLE |
LIST | CSV}] [/r EventRange [/nh] [/v] [/l [APPLICATION] [SYSTEM] [SECURITY] ["DNS server"]
[UserDefinedLog] [DirectoryLogName] [*] ]
If I want to query all events that have event ID 106 in the Application log of the server I’m currently
on, for example, I can type
eventquery.vbs /FI “ID eq 106” /l Application
and get the results that Figure 7.5 shows. Note that the response is available because I entered event
ID 106 onto this server with Eventcreate.
Figure 7.5
Querying a server with Eventquery
Eventtriggers
The Eventtriggers tool ties your event-management efforts together. That is, when an event you want
to monitor pops into the event log, you can have Eventtriggers notify you or set a command to
execute automatically. It’s like having someone dedicated to monitoring the server logs and acting
upon them if necessary.
The Eventtriggers tool includes three commands:
• Eventtriggers create
• Eventtriggers query
• Eventtriggers delete
For monitoring and notification to occur, you must first create the Eventtrigger, which will then
monitor and act upon the occurrence of logged events that meet the criteria you set up. After you
create some triggers, you can see them at work by using the Eventtriggers query command. You can
delete Eventtriggers with the Eventtriggers delete command.
As an example, I’ll create an Eventtrigger for event ID 106. That is, if event ID 106 appears in the
Application log, Eventtriggers fires off a batch file in response. In this example, I use the syntax
eventtriggers /create /tr “FilePresent” /l application /eid 106 /tk
\\vmserver2\share\gobatch.cmd
which Figure 7.6 shows. This syntax creates a trigger named FilePresent and checks the Application
log for event ID 106. If Eventtriggers finds event ID 106, it automatically triggers the command
gobatch.cmd
Figure 7.6
Deploying Eventtriggers to trigger actions based on events
n Note You also have available the command Evntcmd, which converts events to SNMP traps, or
notifications. Evntcmd might be useful if you have many SNMP-related devices – and a
management station that’s configured to address SNMP traps. For more information about
SNMP traps, refer to my eBook The Definitive Guide to Enterprise Manageability, which NetIQ
also sponsors. You’ll find the eBook at http://www.netiq.com/offers/ebook/default.asp and the
SNMP information in Chapter 5.
To test my Eventtrigger command syntax, I used the same command that I used when I
experimented with Eventcreate. That is, I created an event with event ID 106, then watched my
trigger react and execute the batch file. (The batch file that Eventtrigger triggers might send an email,
display a pop-up, or perform any number of actions.)
Although I lack the space to explore all the built-in tools and their commands in detail, I’ll show
you the essential “ropes” with two of the tools and you can take it from there. I’ll discuss the Dsadd
tool’s Dsadd user command and the Dsquery tool’s Dsquery user command.
Dsadd
Dsadd gives you a simple way to add several kinds of entities to AD quickly. The six Dsadd
commands are
• Dsadd computer
• Dsadd contact
• Dsadd group
• Dsadd OU
• Dsadd user
• Dsadd quota
Dsadd User
The Dsadd user syntax from the Help file looks a little daunting. It reads
dsadd user UserDN [-samid SAMName] [-upn UPN] [-fn FirstName] [-mi Initial] [-ln LastName]
[-display DisplayName] [-empid EmployeeID] [-pwd {Password | *}] [-desc Description]
[-memberof Group;...] [-office Office] [-tel PhoneNumber] [-email Email] [-hometel
HomePhoneNumber] [-pager PagerNumber] [-mobile CellPhoneNumber] [-fax FaxNumber]
[-iptel IPPhoneNumber] [-webpg WebPage] [-title Title] [-dept Department] [-company Company]
[-mgr Manager] [-hmdir HomeDirectory] [-hmdrv DriveLetter:] [-profile ProfilePath] [-loscr
ScriptPath] [-mustchpwd {yes | no}] [-canchpwd {yes | no}] [-reversiblepwd {yes | no}]
[-pwdneverexpires {yes | no}] [-acctexpires NumberOfDays] [-disabled {yes | no}] [{-s Server |
-d Domain}] [-u UserName] [-p {Password | *}] [-q] [{-uc | -uco | -uci}]
Don’t let the extreme set of options deter you from deploying this command. You’ll find that
Dsadd goes well beyond the capabilities of the old Net user command. With Dsadd, you can set
virtually every option typically found in a user object.
For example, you can create a new user object for Jane Martin in DomainA’s marketing
organizational unit (OU). In this example, her first name is Jane, her middle initial is A, and her last
name is Martin. She is a member of the Backup Operators group, and her telephone number is
302-555-1212. You would use the syntax
Dsadd user cn=Jane_Martin,ou=marketing,dc=domaina,dc=com -fn Jane mi A -ln Martin
display “Jane Martin” memberof “cn=Backup Operators,cn=builtin,dc=domaina,dc=com”
tel “302-555-1212”
Figure 7.7
Deploying Dsadd user to add user accounts anywhere in AD
j Tip
Dsadd is particular about its input requirements, especially when you specify the distinguished
name (DN) of the account you want to create and the group or groups to which you want to
add that user account. When you use Dsadd, you’ll need to be precise.
Dsquery
The powerful Dsquery tool lets you search all of AD for specific object types. The Dsquery tool’s
commands are
• Dsquery computer
• Dsquery contact
• Dsquery group
• Dsquery OU
• Dsquery site
• Dsquery server
• Dsquery user
• Dsquery quota
• Dsquery partition
You can also use Dsquery * – which provides a global search through your entire AD.
Again, because I don’t have unlimited space for examples, I’ll restrict my example to one
Dsquery command – Dsquery user.
Dsquery User
You’ll probably use the Dsquery user command often. This useful command helps you locate user
objects in the directory.
The syntax from the Help file reads
dsquery user [{StartNode | forestroot | domainroot}] [-o {dn | rdn | upn | samid}] [-scope
{subtree | onelevel | base}] [-name Name] [-desc Description] [-upn UPN] [-samid SAMName]
[-inactive NumberOfWeeks] [-stalepwd NumberOfDays] [-disabled] [{-s Server | -d Domain}]
[-u UserName] [-p {Password | *}] [-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]
The best news is that you can keep this syntax very short to get a quick result back. For
example, if you want to check the location of all the users in your domain named Jane, you would
simply type
dsquery user name Jane*
Figure 7.8 shows the results of that query: all the DNs in your domain that include “Jane” in the
name. This kind of DN-related query is particularly handy for backup and recovery purposes should
you need to perform an authoritative restore, which I discussed in the Chapter 6.
Figure 7.8
Deploying Dsquery user to locate users in AD
Figure 7.9
Locate SUPTOOLS.MSI
j Tip
Note that this tools folder also holds automated deployment tools – in Deploy.cab – which you
can explore if you feel adventurous.
After you’ve installed Suptools.msi, you’ll see the results in the Start menu as Windows Support
Tools. You won’t find the specific tools listed. You’ll need to launch the Suptools.msi Help file, which
then displays the list of tools, as Figure 7.10 shows.
Figure 7.10
List of Support Tools in the Help and Support Center
n Note You can get to the screen that Figure 7.10 shows either by starting with Suptools.msi in the
Start menu (then launching Suptools.msi’s Help file) or by going to the Help and Support
Center.
AD Tools
Many of the support tools exist to help you manage AD. You can get a list of AD-related tools by
clicking the Active Directory Management Tools subset, which you can see in Figure 7.10. The tools
listed in the Active Directory Management Tools subset tools are deeply capable; exploring one or
two tools in any depth could fill a chapter.
Some of the tools that I consider AD management tools don’t appear in this tool subset but in
other categories. Dcdiag, the first tool I discuss, is a case in point.
j Tip
You’ll want to examine the Alphabetical List of Tools highlighted in Figure 7.10 to get a feel for
all the tools available.
With your custom toolkit in mind, I’ll discuss a few of the most important tools for day-to-day
AD management. After I discuss Dcdiag, I’ll discuss its Active Directory Management Tools subset
diagnostic counterpart: Active Directory Replication Monitor (Replmon).
Dcdiag
Dcdiag is the Swiss Army knife of AD testing. You carry out most tests by using the syntax
dcdiag /test: <test>
you get results that resemble those shown in Figure 7.11. Results that indicate individual replication
problems can help you gauge the extent of the overall problem (in this case, no replication problems
exist).
Figure 7.11
Deploying Dcdiag
If you suspect replication problems, you can also carry out the test with the /v switch. This
switch enables verbose output, which can help you see precisely where problems lie.
Dcdiag with Dcpromo
When you bring up new DCs at other sites, you might face a familiar challenge: problems that might
be either on the server that you want to promote or in the domain itself. All you know is that
something is preventing the promotion of the server to DC. Dcdiag with the /test:DCPROMO switch
can help. If you want to create a new replica DC, you use the syntax
from the machine you want to promote to DC. If your DC-to-be passes all tests to be promoted,
you’ll see the results that Figure 7.12 shows. You can then proceed knowing that the promotion is
likely to work.
Figure 7.12
Deploying Dcdiag with the /test:DCPROMO switch
Replmon
If Dcdiag is the Swiss Army knife of command-line AD diagnostics, then Replmon fills a similar role –
but with a GUI. You begin deploying Replmon by loading all the DCs in the domain. You do so by
clicking Edit, clicking Add Monitored Server, and continuing through the Add Monitored Server
Wizard. After you’ve loaded all DCs, you’re prepared to run some tests. For example, you can
right-click a DC and run a test that generates a report, such as Check Replication Topology, which
Figure 7.13 shows.
Figure 7.13
Deploying Replmon for AD diagnostics
You can use Replmon to perform a host of validation tests. One powerful function is Synchronize
Each Directory Partition with All Servers, which you see listed in Figure 7.13. When you select and
initiate this function, the Synchronizing Naming Context with Replication Partners dialog box that you
see in Figure 7.14 will appear and offer three synchronization options.
Figure 7.14
The Synchronize Naming Context with Replication Partners dialog box
AD replication is usually “pull only” – that is, each DC in a site will pull the latest data from its
partners. You can change the replication mode by selecting the Push mode option that Figure 7.14
shows. Additionally, instead of waiting for replication to occur more widely, you can force replication
over site boundaries by selecting the Cross site boundaries option that Figure 7.14 shows.
n Note Replmon lets you perform a one-time “push” replication through the Push mode option that
Figure 7.14 shows.
d Caution
I’ve never encountered a need to use the first option that Figure 7.14 shows, Disables transitive
replication. I typically want replication to occur everywhere, so I don’t select that option.
You’ll want to familiarize yourself with Replmon, which is one of the most useful tools for
troubleshooting AD problems. Be aware, however, that the Help function in Replmon is nonexistent.
You might want to search on the tool name to access some of the many articles about deploying
Replmon.
j Tip
Also available – as a separate download – is the Microsoft Internet Information Services (IIS)
6.0 Resource Kit. For an overview of the resource kit and to download it, go to
http://www.microsoft.com/downloads/details.aspx?familyid=80a1b6e6-829e-49b7-8c02-
333d9c148e69&displaylang=en
Some of the utilities in the resource kit are command-line tools, others are GUI tools, and still
others fall into a different category. I’ll explore tools from the third category first.
Acctinfo.dll
Acctinfo.dll isn’t a program you can simply double-click and run. Rather, it attaches itself to the Active
Directory Users and Computers console to extend the console’s capabilities. Acctinfo.dll displays all
sorts of interesting account information about the most recent user logon. Previously, you would have
needed scripting to get this information.
However, to get to these account information properties, you’ll first need to complete the
following steps:
1. Copy Acctinfo.dll to \%systemroot%\system32
2. Then, use the syntax
regsvr32 acctinfo.dll
n Note You’ll need to repeat both steps to add Acctinfo.dll to each individual system.
j Tip
If you want to remove Acctinfo.dll, simply use the syntax
regsvr32 /u acctinfo.dll
After you register Acctinfo.dll, you’ll be able to see the newly available information on the
Additional Account Info tab in the dialog box that Figure 7.15 shows.
Figure 7.15
The Additional Account Info tab
Without needing to use scripting, you can access lots of information (e.g., when the user’s
password next expires, when the user most recently logged on, what the user account’s SID is).
One interesting and useful feature is the Set PW On Site DC button that you can see in Figure
7.15. When you click the Set PW On Site DC button, the dialog box that Figure 7.16 shows will
appear. You can then change the user’s password directly on the DC that the user uses for validation.
Figure 7.16
The Change Password On a DC In the Users Site dialog box
If you use the Set PW On Site DC feature to change passwords, users will be able to access their
newly changed passwords right away. They won’t need to wait for replication from the PDC-Emulator
to this DC.
Rcontrolad
Rcontrolad is a tool that lets you control another useful little tool. When you double-click Rcontrolad,
it expands into several files. First, you run the rcontrol_setup.exe program as a Domain Administrator.
Second, you copy the included rcontrol.exe to the location from which you deploy your Active
Directory Users and Computers console. You’ll then be able to right-click any XP or Windows 2003
computer and select Remote Control, as Figure 7.17 shows.
Figure 7.17
Selecting Remote Control after deploying Rcontrolad
After Rcontrolad is installed, you can control target computers remotely. When you do, you’ll be
connected through Terminal Services to the remote computer, as Figure 7.18 shows.
Figure 7.18
Connecting to the remote computer
Rcontrolad is a handy alternative to manually adding each machine to the Control Panel Remote
Desktop applet.
Custreasonedit
The Custreasonedit tool lets you extend the Server Event Tracking feature’s list of possible reasons for
shutting down and restarting a server. To use Custreasonedit to add to the list of reasons, you must
first introduce sample reasons to this computer. You do so by right-clicking the samplereasons.reg file
in Windows Explorer and selecting Merge, as Figure 7.19 shows.
Figure 7.19
Expanding the samplereason.reg file
Figure 7.20
Introducing custom reasons for shutdown
After you’ve run custreasonedit /i, you can see the sample reasons and add your own. Simply
type in the Title and Description, pick the Reason Category, select which check boxes you want to
have shown by default, and click Add. After you’ve tailored the list, click Export to export to a
registry file. Then, merge the resulting registry file back into the system registry – and your reasons
will be customized.
j Tip
The Custreasonedit process I describe customizes the reasons for this machine only. However,
the readme.chm file tells you how to distribute the updated reasons list to multiple machines.
EventCombMT
You’ve learned how to use the Eventcreate tool to capture selected events in the event log. Now,
you might want a centralized way to locate these (and other) events across multiple servers. The
EventCombMT tool lets you perform event searches easily.
After you run EventCombMT, you can right-click in the left window and select the types of
servers on which to query events, as Figure 7.21 shows (highlighted in yellow).
Figure 7.21
Selecting servers to search
As Figure 7.22 shows, you can select the log files to search (highlighted in orange), the event
types (highlighted in green), any specific event IDs or event ID ranges (highlighted in yellow), or text
within an event (highlighted in blue). In this example, I’m checking one DC for event ID 105 and
event ID 106 in the Application, System, and Security logs.
Figure 7.22
Entering the types of events for the search
When you click Search in EventCombMT, the tool will query all the servers specified for the
criteria you established. When the search is finished, the Temp directory will contain several files, and
the Temp directory window will be exposed automatically. Open up a log file, such as the file Figure
7.23 shows, to see the events returned from the search – including those you created with the
Evencreate tool.
Figure 7.23
Logged events that match the criteria you establish
n Note The resource kit tools are downloadable, but Microsoft doesn’t support them 100 percent.
Should you need assistance with them, you’ll get “best-effort” support.