Hacks #17-24

Most of the time you're administering Active Directory, you're probably using the Active Directory Users and Computers console. Like most GUI tools, this console is easy to use but ill-suited for complex or repetitive tasks. That's where scripts come in, and this chapter includes a handful of VB scripts that leverage the Active Directory Services Interface (ADSI) and Windows Management Instrumentation (WMI) to make your life simple. These scripts can be used to perform tasks such as searching for old computer accounts, creating organizational units (OUs), delegating authority over OUs, and displaying information about objects stored in Active Directory. See Chapter 3 for additional scripts targeted mainly to administering users and groups with Active Directory.

As with any custom scripts, be sure to try them in a test environment before using them on your production network. Also make sure that you have the latest scripting engines on the workstation or server from which you run these scripts. You can download the latest scripting engines from the Microsoft Scripting Home Page (http://msdn.microsoft.com/scripting/). Finally, note that when you work with ADSI you must have the same applicable rights you use for running the built-in administrative tools. Typically, what this means is that you need to be a member of either the Administrators group on the machine being targeted or the Domain Admins group in an Active Directory environment.