|
Enclosed as a text file ... rename to a .CMD
...
-- http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Sunday, June 19, 2005 2:10 PM To: [email protected] Subject: RE: [ActiveDir] FW: Batch Script Fun Hmmm…. Let me
think….. YES!
;o) Rick From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Dean
Wells I appreciate the
compliment Rick ... nothing interesting this time I'm afraid
... Anybody interested in a
script that resets every DC's DSRM password to the same value?
;-) -- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Rick
Kingslan Heh…. I see that
Dean has already answered this, so I’m most interested to see what the “Wizard
of the Shell Script” has come up with…. Rick From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Brian
Desmond Maybe
this didn’t go through this morning? From: Brian
Desmond [mailto:[EMAIL PROTECTED] Ok,
her’s what I need to do from within a .cmd file (this is the only hook I have
into a process that runs on every workstation once an hour – no I can’t use a
_vbscript_ or any of that): Check
device’s domain If
Domain <> MyDomain
Run netdom and remove
Reboot Otherwise
Quit Now
I figured out a way to use wmic to get the domain, but it returns multiple lines
of text, and I don’t have a clue how I would parse that in a batch
file. The
output of “wmic computersystem get domain” looks like
this: Z:\Files\PsTools>wmic
computersystem get domain Domain WORKGROUP Z:\Files\PsTools> I
just need that “WORKGROUP”. Ideally
my script needs to work on NT and newer. I’ll settle for 2000 & newer and
the field guys can do the NT ones by hand if need be. The NT inventory
purportedly has WMI installed, which I presume means wmic would work. I’m all up
for a different way of doing this – I don’t know of an environment variable or
similar holding the machine’s domain. Anyone
got a way I can make this work? --brian |
:: Forest wide DSRM password reset script / Dean Wells / MSEtechnology / Jun. 2005
:: Script determines all DCs within a specified forest and resets their DSRM
password to the supplied value
:: - script depends upon SETPWD.EXE found ONLY in Windows 2000
@echo off
if "%1"=="SPAWNRESET" goto :SPAWNRESET
if "%2"=="" goto :HELP
if "%2"=="/?" goto :HELP
if not "%3"=="" goto :HELP
setlocal ENABLEDELAYEDEXPANSION
cls
echo/
:: Locate critical executables
for %%e in (setpwd.exe ldifde.exe find.exe mode.com) do (
set where="%%~$PATH:e"
if "!where!"=="""" (
echo ERROR - Required executable, "%%e", not located within the
path
goto :EOF
)
)
set DSADNS=
set FQDN=%1
set ROOT=dc=%fqdn:.=,dc=%
set PWD=%2
echo STATUS - Attempting DSRM reset on all DCs within Forest "%FQDN%" ...
echo/
echo * Running on %COMPUTERNAME%
echo * Obtaining list of Domain Controllers from "%ROOT%"
echo/
ldifde -j %TEMP% -s %FQDN% -d cn=configuration,%ROOT% -r (objectClass=server)
-l dnshostname -f %TEMP%\servers.log >nul
if errorlevel 1 (
echo ERROR - LDAP query failed enumerating list of Domain Controllers
goto :EOF
)
title DSRM forest-wide password reset ...
:: Parse the servers and trigger all processes
for /f "tokens=2 delims=: " %%h in ('type %TEMP%\servers.log ^| find /i
"dnshostname: "') do (
set DSADNS=%%h
if not "!DSADNS!"=="" (
call :SPAWNRESET !DSADNS!
)
)
:: All done
echo/
echo STATUS - Process complete.
title Command Prompt
goto :EOF
:SPAWNRESET
set /p = - !DSADNS! ... <nul
setpwd /s:%1 /p:%PWD% >nul
if not errorlevel 1 (
echo SUCCEEDED
) else (
echo FAILED^!
)
goto :EOF
:HELP
echo/
echo SYNTAX - %0 ^<Forest Root FQDN^> ^<DSRM password^>
echo/
echo PURPOSE - Script determines all DCs in the supplied forest and
echo resets their DSRM password to the supplied value.
echo/
echo * Requires Windows 2000 SETPWD.EXE within path
echo * Requires sufficient security context
goto :EOF
