Note: OU administrators should use this script to pre-create the computer account in CalNetAD before joining the computer to the domain. For detailed instructions on joining machines to CalNetAD, refer to Kerberos Member Server and Workstation Setup.

Required arguments:

• host: fully qualified DNS name of the computer, e.g. foo.iir.berkeley.edu
• ou: ou container for the computer account

Example: To create a computer account, test.ias.berkeley.edu, under the Servers OU in the IAS OU, the syntax is:

cscript create-computer.wsf /host:test.berkeley.edu /ou:OU=Servers,OU=IAS

Purpose: Map drives specified in a input file. The script can be run manually from the command line or specified on a logon script Group Policy.

Required Argument:

• f: name of input file

Example: To map drives listed in the file drives.txt, use the following syntax:

cscript mapDrives.wsf /f:drives.txt

Purpose: Automates the domain join process. This script should be launched on the machine to be joined to the domain. Since this is a batch file, the order of the parameters is important. After completion, you will need to reboot the machine to complete the join process.

Syntax:

joinDomain   hostname   target-domain   adminAccount

where:

hostname        = fully qualified domain name of machine
                           example: server.yourdomain.berkeley.edu
target-domain = domain to join
                            example: campus
adminAccount  = CaNetAD administrator account
                            example: !ouadmin-oa

Dependency:

NETDOM.EXE - should be installed in a directory path included in the PATH environment variable or located in the same directory as the joinDomain.cmd batch file. For your convenience, we have included the NETDOM.EXE utility in the zip file so you can extract it along with the batch file. If this version does not work, you can get it from the Server CD under Support\Tools or download it from the Microsoft website (Support Tools).

Notes:

1. Specify the correct order for the parameters, otherwise, you will get an error message.
2. During the domain join process, you will be prompted for your
   CalNetAD administrator password. If you provide the incorrect password, just re-run the batch file.
3. After completion of the script, you will need to reboot the machine to complete the domain join process.
4. You should be logged on as local administrator of the machine to be joined to the domain.
5. Make sure that NETDOM.EXE is available on the machine. It should be in a directory included in the PATH environment variable or in the same directory as the script. For your convenience, we have included the NETDOM.EXE utility in the zip file so you can extract it along with the batch file. If this version does not work, you can get it from the Server CD under Support\Tools or download it from the Microsoft website (Support Tools).
   

Example: To join a machine, testserver.yourdomain.berkeley.edu, to the campus domain, run the batch file using the following syntax. Remember, the correct order of the parameters is important!

   joinDomain   testserver.yourdomain.berkeley.edu   campus   youradminaccount

Purpose: Enumerates TCP/IP configuration of the specified host. Works for local or remote hosts.

Syntax:

cscript getIP.wsf   /host:example.berkeley.edu

where:

/host: fully qualified domain name of the target machine. For the local machine, you can specify "." (dot without the quotes)

setprofile

usmt_setup.exe

Purpose: This utility automates the registry hack allowing a new user account to use an existing profile.

Due to security updates by Microsoft this work around no longer functions as intended. If the user profile that needs to be migrated is not an administrator on the computer, then the user does not have sufficient rights to needed locations in the registry.

Therefore the Active Directory Team recommends the use of Microsoft provided tools.

User State Migration Tool (USMT) from the Windows 2000 Resource Kit or the File and Settings Transfer Wizard in Windows XP.

Purpose: Creates a user account in the current domain.

Required arguments:

• logon: Windows 2000 logon name
• OU: target OU, partial LDAP name

Optional arguments:

• preW2K: SAMAccount name, NT-style logon name, defaults to logon parameter, if not specified
• cn: common name, defaults to logon parameter, if not specified
• fname: first name
• lname: last name
• desc: description
• passwd: password, if not specified, a random 14-character password is assigned
• homedrv: assigns home drive letter
• homeshr: assigns home directory path
• log: assign log file name, default create-user.log

Example: To create a user !jdoe-oa in the Users OU under IST-CCS with the following arguments:

logon: !jdoe-oa
OU: OU=Users,OU=IST-CCS
cn: John Doe
fname: John
lname: Doe
desc: John Doe's OU admin account
homedrv: Z:
homeshr: \\campus.berkeley.edu\calnetdfs\ou admin tools

the syntax is:

cscript create-user.wsf /logon:!jdoe-oa /ou:ou=users,ou=ist-ccs /cn:"John Doe" /fname:John /lname:Doe /desc:"John Doe's OU admin account" /homedrv:Z /homeshr:"\\campus.berkeley.edu\calnetdfs\ou admin tools"

Purpose: Creates a group in the curent domain.

Required arguments:

• name: group name
• OU: OU container, partial LDAP name

Optional arguments:

• type: group type, g = global, u = universal, l = domain local, defaults to global
• desc: group description
• preW2K: pre-Windows 2000 name, defaults to name argument

Example: To create a global group named CCS-OU Users-gs in Global Groups OU under the OU=IST-CCS container, the syntax is:

cscript create-group.wsf /name:"CCS-All Users-gs" /OU:"OU=Global Groups,OU=IST-CCS" /desc:"All CCS Users"

Example: To create a universal group named UC-Forest Users-us in the Groups OU under the OU=IST-CCS container, the syntax is:

cscript create-group.wsf /type:u /name:"CCS-All Users-gs" /OU:"OU=Global Groups,OU=IST-CCS" /desc:"All CCS Users"

Purpose: Add, remove, or display group memberships in the current domain.

Required arguments:

• group: name of target group
• OU: OU container, partial LDAP name

Optional arguments:

• add: add specified user to target group
• remove: remove specified user from target group
• list: display group membership

Example: To add jdoe (partial DN: CN=John Doe,ou=users,ou=IIR) to CCS-OU Users-gs group in Groups OU under IST-CCS, the syntax is:

cscript grp-members.wsf /add:"cn=john doe,ou=users,ou=iir" /group:"ccs-ou users-gs" /ou:ou=groups,ou=ist-ccs

Example: To remove jdoe (partial DN: CN=John Doe,ou=users,ou=IIR) from CCS-OU Users-gs group in Groups OU under IST-CCS, the syntax is:

cscript grp-members.wsf /remove:"cn=john doe,ou=users,ou=iir" /group:"ccs-ou users-gs" /ou:ou=groups,ou=ist-ccs

Example: To list members of CCS-OU Admins-gs group in Groups OU under IST-CCS:

cscript grp-members.wsf /list /group:"CCS-OU Admins-gs" /OU:OU=Groups,OU=IST-CCS

Purpose: Creates, moves, renames or deletes an OU in the current domain.

Required arguments:

• mode: c = create, d =delete, m = move, r = rename
• name: name of OU
• tOU: name of target OU, container for specified OU

Optional arguments:

• newname: new name of OU, required for rename
• sOU: name of source OU, required for move
• desc: OU description
• y: suppress confirmation prompt for delete mode

Example 1: Create a Users OU in IST-CCS OU

cscript ou-tool.wsf /mode:c /name:Users /desc:"Users Container" /tOU:CN=IST-CCS

Example 2: To create a Staff OU in IST-CCS OU

cscript ou-tool.wsf /mode:c /name:Staff /desc:"Staff Users" /tOU:CN=Users,CN=IST-CCS

Example 3: To delete the Staff OU in Users OU under IST-CCS

cscript ou-tool.wsf /mode:d /name:Staff /tOU:CN=Users,CN=IST-CCS

Example 4: To delete the Staff OU in Users OU under IST-CCS without prompting for confirmation

cscript ou-tool.wsf /mode:d /name:Staff /tOU:CN=Users,CN=IST-CCS /y

Example 5: To move Staff OU from Users OU in IST-CCS to Employees OU in IST-CCS

cscript ou-tool.wsf /mode:m /name:Staff /sOU:OU=Users,OU=IST-CCS /tOU:OU=Employees,OU=IST-CCS

Example 6: To rename Staff OU in Users OU under IST-CCS to Employees OU

cscript ou-tool.wsf /mode:r /newname:Employees /name:Staff /tOU:CN=Users,CN=IST-CCS

Purpose: Moves, rename, or delete a user account in the current domain.

Note: If you are moving multiple users at one time, you can use the built-in FOR command to iterate through a text file and call the user-tool script. You can get help about the FOR command by typing for /? in a command prompt window. For your convenience, we have created a sample batch file called move-users.cmd that is part of the zipped file. move-users.cmd can be used to move a group of users based on an input text file.

Required arguments:

• mode: d =delete, m = move, r = rename
• user: user name
• tgtOU: user's target OU

Optional arguments:

• srcOU: source OU, required for moves
• preW2K: SAMAccount name
• newname: new name
• y: suppress confirmation prompt for delete mode

Example: Rename jdoe, in Users OU under CCS, to !ccs-jdoe

cscript user-tool.wsf /mode:r /user:jdoe /newname:!ccs-jdoe /tgtOU:OU=Users,OU=CCS

Example: Move jdoe from Users OU under CCS to Staff OU under ASD Department OU

cscript user-tool.wsf /mode:m /user:jdoe /srcOU:"OU=Users,OU=CCS" /tgtOU:"OU=Staff,OU=ASD Department "

Example: Delete jdoe from the Staff OU under ASD Department OU

cscript user-tool.wsf /mode:d /user:jdoe /tgtOU:"OU=Staff,OU=ASD Department "

Example: Delete jdoe from the Staff OU under ASD Department OU with confirmation prompt suppressed

cscript user-tool.wsf /mode:d /user:jdoe /tgtOU:"OU=Staff,OU=ASD Department "/y

Purpose: Automate OU creation procedure performed by domain administrators for campus units joining CalNetAD. Before running the script, refer to the install section.

Note: This script is for domain administrators only. If an argument contains space(s), enclose it in quotes.

Dependencies:

• ..\INCLUDE\LIB_COMMON_FUNCTIONS.JS
• ..\CREATE-COMPUTER\CREATE-COMPUTER.WSF

Install Notes:

Unzip to a folder to a subdirectory. Run the install.cmd file if needed, to create the directory structure and install the files listed in the dependencies list above.

Required arguments:

• OU: top-level ou name
• user: cn of 1st ou admin account
• mail: ou admin mailing list
• host: name of 1st machine

Optional arguments:

• oudesc: OU description
• usrdesc: user description
• pswd: user password, randomly generated if not specified
• v: verbose mode

Example: To set up a top level OU using the information below:

• OU: CollegeA
• user: !0123458-oa
• host: abc.collegeA.berkeley.edu
• mail: ad-admin@list.berkeley.edu
• oudesc: CollegeA OU Container

the syntax is:

cscript ou-setup.wsf /ou:collegeA /user:!0123458-oa /mail:ad-admin@list.berkeley.edu /host:abc.collegeA.berkeley.edu /oudesc:"CollegeA OU container"