If you want a graphical tool to find the DN of an Active Directory object then the free Microsoft tool LDP.exe should do the trick. The tool is included with the Windows Server OS and can be accessed from your local computer if you have the Windows Server 2003 Admin Pack or the 2008 RSAT installed.

Note: The steps below are from the 2008 R2 RSAT version of LDP, the process is very similar for the 2003 version however some of the memu names etc at a bit different.

By default when a new user is created in Active Directory the object will be created under the top level User container (CN=User), similarly when a computer is created it will be created in the top level Computers container (CN=Computers).

If you would like to change this behaviour then this is how.

Note: Your domain functional level must be at at least Windows Server 2003'

First create your desired Organisational Units for both Users and Computers.

Problem:

On one or more of you domain controllers you are receiving a message similar to the below in the System log from Netlogon with the event ID of 5807.

For some time I have been using a group policy and Active Desktop to set users Wallpapers however Active desktop is far from perfect.

So instead I have now started using the attached ADM to specify the desktop wallpaper and the desktop background colour.

The downside of not using Active Desktop is only bitmap images are allowed.
 

The below script will list the last password change date (pwdLastSet) of all users in the current domain.

Usage: cscript C:\List_User_pwdLastSet.vbs > C:\Report_Password_Changes.csv

The below script will create a single Global Security group in Active Directory.

- Change "LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com to your domain and the OU where you want the group created

- Change "cn=Test" and "sAMAccountName" to the name of the group

- Change "Just a test group" to the description of the group

The below script will create a CSV file listing the Name, Description, Operating System and Service Pack level of all computers in an Active Directory domain.

The below script will disbale all of the users accounts provided in a CSV file, the script could easily be modified to change any other properties for the list of users.

Change the values strCSV and strDomain as needed

This script creates a CSV file listing the below details for all Active Directory users. The script could be very easily extended to include any extra user properties.

sAMAccountName
displayName
description

TerminalServicesProfilePath
TerminalServicesHomeDirectory
TerminalServicesHomeDrive

ProfilePath
HomeDirectory
HomeDrive

scriptPath
msNPAllowDialin
 

File attached: You must be a member to download

The below script is an example of how using VBS and ADODB you can perform SQL like queries against Active directory to return or change properties of an object.

In this case the script returns the "Home Drive" on the user "testusername" in the domain "domainname.com"