Here is my dilemma. We have a server with a path, say \server1\data$\foo\bar\stuff. I'm using Windows 2005 Server for this. Now, for \stuff, I'd like to add something like 150 users that I have in a CSV file (can get it from Excel).
I can parse the CSV file rather easily (most languages have libraries for this), but I don't know anything about Windows permissions (used Linux for quite a bit of my career prior).
Can I do this in PHP?
You can do this from the command line via active directory commands through DOS or Powershell. I list some references and examples from references below.
I would suggest adding these users to a group. This example adds a user to a group:
dsmod group "CN=csvpeeps,OU=Distribution Lists,DC=Contoso,DC=Com" -addmbr "CN=jimmyCrackedCorn,CN=Users,DC=Contoso,DC=Com"
Reference: http://technet.microsoft.com/en-us/library/cc732423(WS.10).aspx
To create a group, see the dsadd command. Example of creating a group:
dsadd group cn=csvpeeps,cn=users,dc=northwindtraders,dc=com
One option on Windows, through DOS is Cacls, iCacls, and other variants. This example adds Read permissions to a resource for the group, 'Power Users':
CACLS \server1\data$\foo\bar\stuff. /E /G "csvpeeps":R
Reference: http://ss64.com/nt/cacls.html
I have read that CACLS can be buggy, so you may want to look into another variant of CACLS. I highly recommend http://ss64.com
If you don't know the exact OU/CN, etc for users or groups, you can check it out with something like this:
dsquery user -name jimmyCrackedCorn
Similarly for groups
dsquery group -name csvpeeps
Let me know if you get stuck and I can put more effort into this. Powershell is another option worth looking into.
Ok, here's my approach. After looking at the issue. I think PowerShell is the way to go. I have a CSV file as mentioned above which is delimited with commas and have a the following format:
Last Name, First Name
Smith, Bob
Corn Amy
Etc.
What I'd like to do is find out the AD usernames of these people (Amy Corn will be acorn according to our internal format) and then insert them into a specific directory so that read-only directory has those users that can view its contents. Any help is appreciated.
Related
I want to write a shell script to bulk add users to a group in eDirectory. The trouble is, I'm not sure where to begin regarding LDAP calls and whatnot for this task. Can anyone point me to a helpful resource or demonstrate a method for accomplishing this task?
Using straight-up LDAP would be fine, but I imagine that there must exist faster utilities/constructs that can be used in shell.
NetIQ's LDAPConfig or NDSConfig utilities seemed promising, but I don't see anything about adding a user to a group in the documentation.
Turns out, I don't have to code a solution to this. Instead of selecting each item and adding them to a group, there's a tool buried deep inside iManager that allows you to select all users matching a set of conditions and add them to a group.
How do I manually create short file names in Windows if by default short file name is not assigned?
When we run command as below c:\dir x we can see the list of short file name.
But I want to create new short file name if not exist in list.
If you are asking about Windows not generating SFNs in general, then that question belongs on SuperUser instead of here. For the record, you can turn the registry entry back on as so:
fsutil disable8dot3 set 0
If you are asking about selecting specific SFNs instead of letting Windows automatically generate them, you can do that too:
fsutil file setshortname *LFN* *SFN*
Alternately, you can do it programmatically with the SetFileShortName command.
These only work with NTFS volumes. On FAT volumes, there is no practical way to specify the SFN. You would need to directly edit the directory entry, making sure to update the LFN checksums.
What are all the possible MacID("filetype")
I need the one specifically for CSV but i couldn't find a list anywhere online surprisingly.
Just a little aside for this thread.
Yes there are few places to find details of the MacIDs, but beware.
If a file is create on a PC it may not have its MacID set correctly, or at all for that matter.
I am working with Excel files created on both platforms. The XLSX ID is correct if the file is made on Mac but is empty if made on PC.
I have found the best solution is to ignore both forms of wildcards for the two platforms and instead just load all files and use the extension .xlsx
Hope this helps someone
Bob J.
First run:
mdls "FileName"
Find the TypeCode in the Output:
kMDItemFSTypeCode = "TEXT"
You can use:
Dir(Path,MacID("TEXT"))
What is the cleanest (and fastest) way to get ALL groups that a single user is a member of.
Im using PowerShell 2.0 to count the logged in users in Citrix and devide them into groups from the Active Directory. All users are member of 1 of the subgroups of a group called "VDI-Billing", but the number of nested groups between the user and the VDI-Billing group is not always the same. So i want to be able to get all groups (including nested ones) to compare to the list of members from the VDI-Billing group (1st level) so i get an overview.
Example:
VDI-Billing has a member group NL-VDI-T-Systems. That has multiple groups (that by themselves have multiple groups). But the overview must count all users (sub)member of NL-VDI-T-Systems.
So in the overview i should get:
NL-VDI-T-Systems: 22
ITA-VDI-T-Systems: 25
And so forth.
Anyone know a neat little trick?
We write scripts that do this at my work all the time! With the Quest ActiveRoles Management Tools, a free snapin that makes working with Active Directory objects in Powershell WAY easier.
Install the free Quest ActiveRoles Management Tools from Quest
Add the PSSnapin to your profile so that you can access all the Powershell AD tools from the console - Add-PSSnapin Quest.ActiveRoles.ADManagement. If you want to write scipts that use the AD tools, simply add the command to the first line of your script.
Run the following command to get all direct and nested group that a user is a member of: Get-QADUser 'DOMAIN\USER' | foreach -Process {$_.memberof, $_.nestedmemberof} you can pipe this to a text file or CSV if you want by adding the Out-CSV or Out-File cmdlets at the end of the command.
This works like a charm for me. Let me know if you have any questions!
~Dan
The best way to do it is to take advantage of the TokenGroups attribute, instead of performing the recursive expansion on your own. You can find examples here and here.
EDIT: A more succinct example
We are using a proprietary application for inventory management and have discovered this application is unable to interpret spaces in file paths. For example:
C:\Google Drive\Invoices
Does not work, whereas
C:\Google\Invoices
does work.
Is there a special way to represent a space in Windows much like a URL string can use %20? For example C:\Google%20\Drive\Invoices.
Use 8.3 short name.
Try dir /x c:\
Google Drive should have a short name, probably like GOOGLE~1
Then you can use C:\GOOGLE~1\Invoices
You can use short names if supported. Type dir /x and it's in the middle column.
However it only works if short names aren't turned off. If short names aren't available the only way is making a junction point or a symbolic link1.
Run cmd as admin and type either of the following
mklink /J C:\ggdrive "C:\Google Drive"
mklink /D C:\ggdrive "C:\Google Drive"
This will create a link from ggdrive to the real Google Drive folder and now you can access Google Drive as ggdrive
However it's highly probable that you've used the path incorrectly. In some places you need to quote paths with spaces like this "C:\Google Drive\Invoices". But if an application in the last 15-20 years doesn't support long file names then it is rubbish anyway. Use a better program or report to the developer to fix it.
1 The differences between them is like this
What is the difference between NTFS Junction Points and Symbolic Links?
“directory junction” vs “directory symbolic link”?