RE: [ActiveDir] Two little tools ...

Mon, 14 Feb 2005 15:52:33 -0800

Title: Message
Neil quickly observed that the script wasn't written to deal with W2K ... for those interested, I've enclosed a version that is.
 
Dean

--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil
Sent: Friday, February 11, 2005 10:14 AM
To: '[email protected]'
Subject: RE: [ActiveDir] Two little tools ...

I have not had time to debug the FFL script, but it reports incorrect data when run in my environment.
 
All domains are at w2k native mode, yet the script reports w2k mixed.
 
Log file contents below.
 
Any ideas?
 
neil 
PS I appreciate the disclaimer, but thought the feedback might be of some help :)
 
 
 
dn: CN=Partitions,CN=Configuration,DC=xxx,DC=com
changetype: add
 
dn: CN=wwww,CN=Partitions,CN=Configuration,DC=xxx,DC=com
changetype: add
nCName: DC=wwww,DC=xxx,DC=com
 
dn: CN=yyyy,CN=Partitions,CN=Configuration,DC=xxx,DC=com
changetype: add
nCName: DC=yyyy,DC=xxx,DC=com
 
dn: CN=zzzz,CN=Partitions,CN=Configuration,DC=xxx,DC=com
changetype: add
nCName: DC=zzzz,DC=xxx,DC=com
 
dn: CN=xxx,CN=Partitions,CN=Configuration,DC=xxx,DC=com
changetype: add
nCName: DC=xxx,DC=com
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: 09 February 2005 18:13
To: Send - AD mailing list
Subject: [ActiveDir] Two little tools ...

I've enclosed two shell scripts (as text files) that I was either asked or volunteered to write, I find them useful and thought you might too ... so here they are.
 
Hopefully, the enclosed zip won't get stripped by Tony "I HATE FILE ENCLOSURES" Murray .... just teasing Tony! :-)
 
fll - functional level list tool
    * self explanatory methinks
 
dirsize - scans supplied drive/directory for directories > or < supplied size
    * if nothing is supplied, just lists sizes
 
Hope they prove useful!
 
DISCLAIMER - They might erase everything on your entire hard drive ... or phrased another way; run at your own risk!
 
Deano

--
Dean Wells
MSEtechnology
( Tel: +1 (954) 501-4307
* Email: dwells@msetechnology.com
http://msetechnology.com
 

==============================================================================
This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.
==============================================================================

:: List Forest/Domain Functional levels / Dean Wells / MSEtechnology / Feb. 2005

@echo off

if "%1"=="" goto :HELP
if "%1"=="/?" goto :HELP

setlocal ENABLEDELAYEDEXPANSION

cls
echo/

:: Locate critical executables
for %%e in (ldifde.exe findstr.exe find.exe) do (
        set where="%%~$PATH:e"
        if "!where!"=="""" (
                echo ERROR - Required executable, "%%e", not located within the 
path
                goto :END
        )
)

set TEMPFILE1=%TEMP%\~fllone.tmp
set TEMPFILE2=%TEMP%\~flltwo.tmp
set FQDN=%1
set ROOT=DC=%fqdn:.=,DC=%
set W2M=Windows 2000 Mixed
set W2N=Windows 2000 Native
set W2K30=Windows 2000 or '0'
set W2K31=Interim or '1'
set W2K32=2003 Native or '2'
set NUMBERDOMS=ERROR [non-root Domain?]
set SCHEMAREV=ERROR [non-root Domain?]

:: Obtain list of domain partitions from the forest
echo STATUS - Determining configuration for Forest: %ROOT%

:: Determine schema revision
ldifde -j %TEMP% -w 10 -s %FQDN% -p base -d "cn=schema,cn=configuration,%ROOT%" 
-r "objectClass=dMD" -l objectVersion -f %TEMPFILE1% >nul
if errorlevel 1 (
        echo/
        echo ERROR - LDAP query failed determining schema revision from Forest: 
%ROOT%
        goto :END
)

for /f "tokens=2 delims=: skip=2" %%v in (%TEMPFILE1%) do (
        set /a SCHEMAREV=%%v-1+1
)

:: Define required attributes to be read from directory service based on schema 
revision
if "%SCHEMAREV%" LSS "30" (
        set ATTRS=nTMixedDomain
) else (
        set ATTRS=msDS-Behavior-Version,nTMixedDomain
)

:: Count domain partitions
ldifde -j %TEMP% -w 10 -s %FQDN% -p onelevel -d 
cn=partitions,cn=configuration,%ROOT% -r 
(^|(systemFlags=3)(objectClass=crossRefContainer)) -l dnsRoot -f %TEMPFILE1% 
>nul
if errorlevel 1 (
        echo/
        echo ERROR - LDAP query failed obtaining list of Domain partitions from 
Forest: %ROOT%
        goto :END
)

for /f %%c in ('type %TEMPFILE1% ^| find /i /c "dnsRoot"') do (
        if "%%c" GTR "0" set NUMBERDOMS=%%c
)
:: Obtain forest functional level if schema revision indicates forest has 2003 
or later schema
echo/
echo   Forest: %FQDN%
echo   - # of Domains: %NUMBERDOMS%
set /p=  - schema rev. : %SCHEMAREV%<nul

if "%SCHEMAREV%" GEQ "30" (
        echo/
        ldifde -j %TEMP% -w 10 -s %FQDN% -p base -d 
cn=partitions,cn=configuration,%ROOT% -r "objectClass=crossRefContainer" -l 
msDS-Behavior-Version -f %TEMPFILE2% >nul
        if errorlevel 1 (
                echo/
                echo ERROR - LDAP query failed obtaining functional level from 
Forest: %ROOT%
                goto :END
        )
        
        for /f "tokens=2 delims=: skip=2" %%f in (%TEMPFILE2%) do (
                set /a FFL=%%f+1-1
                set /p=  - functional level: <nul
                if "!FFL!"=="0" echo %W2K30%
                if "!FFL!"=="1" echo %W2K31%
                if "!FFL!"=="2" echo %W2K32%
        )
) else (
        echo  [functional levels unsupported]
)

:: Parse the partitions
for /f "tokens=2 delims=:" %%p in ('type %TEMPFILE1% ^| findstr /i "dnsRoot:"') 
do (
        set FQDN=%%p
        set FQDN=!FQDN:~1!
        set NCNAME=DC=!fqdn:.=,DC=!
                
        echo/
        echo   Domain: !FQDN!   

        ldifde -j %TEMP% -w 10 -s !FQDN! -p base -d !NCNAME! -r 
"objectClass=domainDNS" -l "%ATTRS%" -f %TEMPFILE2% >nul
        if errorlevel 1 (
                echo/
                echo ERROR - LDAP query failed obtaining functional level and 
mode from Domain: !NCNAME!
        ) else (
        
                for /f "tokens=1,2 delims=:" %%f in ('type %TEMPFILE2% ^|sort') 
do (
                        set LEAD=%%f
                        set TRAIL=%%g
                        set TRAIL=!TRAIL:~1!
        
                        if /i "!LEAD!"=="msDS-Behavior-Version" (
                                set DFL=!TRAIL!
                                set /p=  - functional level: <nul
                                if "!DFL!"=="0" echo %W2K30%
                                if "!DFL!"=="1" echo %W2K31%
                                if "!DFL!"=="2" echo %W2K32%
                        )
                        
                        if /i "!LEAD!"=="nTMixedDomain" if "!DFL!" LSS "2" (
                                set /p=  - downlevel mode  : <nul
                                if "!TRAIL!"=="" set TRAIL=0
                                if "!TRAIL!"=="0" (
                                        if "!DFL!"=="1" (
                                                echo %W2N% [domain mode 
contradicts functional level]
                                        ) else (
                                                echo %W2N%
                                        )
                                )
                                if "!TRAIL!"=="1" echo %W2M%
                        )
                )
        )
)



:: All done
echo/
echo STATUS - Process complete.

goto :END

:HELP
echo/
echo SYNTAX - %0 ^<Forest root FQDN^>
echo/
echo          Lists supplied Forest's functional levels and Domain modes.
echo/

:END
del %TEMPFILE1% %TEMPFILE2% 2>nul

Reply via email to