My-Technet

From the command line:

dsquery computer –inactive 4 –limit 0

This will list all computer accounts that have not been active for 4 weeks.

Remove inactive computer accounts:

dsquery computer –inactive 4 –limit 0 | dsrm

Using CSVDE/LDIFDE to find an email address:

csvde -f outputfilename.csv -d "dc=domain,dc=com" -r "(&(mailnickname=*)(proxyAddresses=smtp:UserName@domain.com))" -l name

Replace "dc=domain,dc=com" with your AD domain name and suffix, and UserName@domain.com with the exact email address you’re looking for.

To find all recipients who have an email address from a particular SMTP domain, you can use a wildcard, e.g.:

csvde -f outputfilename.csv -d "dc=domain,dc=com" -r "(&(mailnickname=*)(proxyAddresses=smtp:*@domain.com))" -l name

In the above example, only the name field is exported. All CSVDE/LDIFDE queries also return the object’s distinguishedName. To add more fields to the list, insert a coma after name and type new field names separated by a coma: e.g.

name,displayName,sAMAccountName,proxyAddresses,homeMDB

Finding email addresses using the Exchange shell (Exchange Server 2007): The Exchange Server 2007 shell makes it easier (once you familiarize yourself with shell basics). To get a list of all recipients with email addresses from a particular domain:

get-recipient | where {$_.emailaddresses -match "domain.com"} | select name,emailaddresses

To get a list of recipients with a particular email address:

get-recipient | where {$_.emailaddresses -match "UserName@domain.com"} | select name,emailaddresses

Please note that ESENTUTL is doing a lossy repair. This kind of repair fixes corruption by deleting data from the database. You should only use this kind of repair as a last resort.

Furthermore, Microsoft does not support domain controllers after Esentutl is used to recover from Active Directory database corruption. If you perform this kind of repair, you must rebuild the domain controller for Active Directory to be in a supported configuration.

You should attempt all other available methods before consider using ESENTUTL:

1. Run “ntdsutil files integrity” Check the integrity of the Active Directory database

2. Perform a semantic database analysis using ntdsutil

3. If there are other functional domain controllers in the same domain, remove Active Directory from the server, and then reinstall Active Directory.

4. Restore from system state backup

5. If no system state backup is available, and there are no other healthy domain controllers in the domain, we recommend that you rebuild the domain by removing Active Directory and then reinstalling Active Directory on the server, creating a new domain.

(continue reading…)

Restart the Server – Press F8 – Enter Directory Services Restore Mode

Log into the server

(continue reading…)

Create a new file called LocalAdminPwdChg.vbs.

Copy this text into the file:

Set
WshShell = WScript.CreateObject (“WScript.Shell& #34;)
wshShell.Run
“Net User administrator NewPassword“

Make sure to save the file with the extension .vbs.

Create a new Group Policy to call the LocalAdminPwdChg.vbs Script.

Configure the Script under Group Policy as follows: Computer Configuration\Windows\Settings\Scripts\Startup

 The local Admin will be the only account available when the machine comes back up without AD.

1. Change (note – values are case sensitive)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions]
“ProductType”=”LanmanNT” to
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions]
“ProductType”=”ServerNT”
2. Reboot
3. Delete the NTDS folder.

Remove references to the deleted server in any surviving replicas by using
NTDSUTIL metadata cleanup on a DC.

Use the CSVDE User Import Template to create a .csv file. Using this template requires an OU named “Import” be created in Active Directory.

Open the CMD prompt, navigate to the folder where you saved your .csv file.

Type this command: CSVDE -i -f Import.csv

From the Command Prompt: dsquery user “OU=ou1,dc=hcslab,dc=domain” | dsmod user -pwd ChangeNow! -mustchpwd yes