My-Technet

From the command line:

dsquery computer –inactive 4 –limit 0

This will list all computer accounts that have not been active for 4 weeks.

Remove inactive computer accounts:

dsquery computer –inactive 4 –limit 0 | dsrm

Using CSVDE/LDIFDE to find an email address:

csvde -f outputfilename.csv -d "dc=domain,dc=com" -r "(&(mailnickname=*)(proxyAddresses=smtp:UserName@domain.com))" -l name

Replace "dc=domain,dc=com" with your AD domain name and suffix, and UserName@domain.com with the exact email address you’re looking for.

To find all recipients who have an email address from a particular SMTP domain, you can use a wildcard, e.g.:

csvde -f outputfilename.csv -d "dc=domain,dc=com" -r "(&(mailnickname=*)(proxyAddresses=smtp:*@domain.com))" -l name

In the above example, only the name field is exported. All CSVDE/LDIFDE queries also return the object’s distinguishedName. To add more fields to the list, insert a coma after name and type new field names separated by a coma: e.g.

name,displayName,sAMAccountName,proxyAddresses,homeMDB

Finding email addresses using the Exchange shell (Exchange Server 2007): The Exchange Server 2007 shell makes it easier (once you familiarize yourself with shell basics). To get a list of all recipients with email addresses from a particular domain:

get-recipient | where {$_.emailaddresses -match "domain.com"} | select name,emailaddresses

To get a list of recipients with a particular email address:

get-recipient | where {$_.emailaddresses -match "UserName@domain.com"} | select name,emailaddresses

Please note that ESENTUTL is doing a lossy repair. This kind of repair fixes corruption by deleting data from the database. You should only use this kind of repair as a last resort.

Furthermore, Microsoft does not support domain controllers after Esentutl is used to recover from Active Directory database corruption. If you perform this kind of repair, you must rebuild the domain controller for Active Directory to be in a supported configuration.

You should attempt all other available methods before consider using ESENTUTL:

1. Run “ntdsutil files integrity” Check the integrity of the Active Directory database

2. Perform a semantic database analysis using ntdsutil

3. If there are other functional domain controllers in the same domain, remove Active Directory from the server, and then reinstall Active Directory.

4. Restore from system state backup

5. If no system state backup is available, and there are no other healthy domain controllers in the domain, we recommend that you rebuild the domain by removing Active Directory and then reinstalling Active Directory on the server, creating a new domain.

(continue reading…)

Restart the Server – Press F8 – Enter Directory Services Restore Mode

Log into the server

(continue reading…)

From the Command Prompt: dsquery user “OU=ou1,dc=hcslab,dc=domain” | dsmod user -pwd ChangeNow! -mustchpwd yes