Connect DSA.MSC console to alternate domain and domain credentials

Hello Guys,

When I was cleaning up my system content, I found a old script which I used earlier for one of the requirement.

Requirement: 

To publish script in the Citrix Web application so that service desk agents can connect to the DSA.MSC console of different domains where they are granted Delegated rights to do Password resets and Unlock accounts 

Solution: 

When this requirement came to me, first thing that stroked my mind was thinking about "RUNAS" command to do the job.
So, I started to create something simple like below

runas /netonly /user:test.dom\servicedesk1 mmc c:\windows\system32\dsa.msc" 

But I was failed and did not work as per the requirement,  so did google searches and found this useful option to use with the runas command.

runas /netonly /user:test.dom\servicedesk1 "cmd /c mmc c:\windows\system32\dsa.msc"

Note: /User:domainame\username

So, I have built simple batch script to get the domain name and credentials from the service desk while executing the script.

REM ************Script Starts here *****************
@ECHO OFF
set /P Domainn=Enter Domain Name:
set /P Usern=Enter Username:

set userunas=runas /netonly /user:%domainn%\%usern% "cmd /c mmc c:\windows\system32\dsa.msc /domain=test.pr"

%userunas%

REM ************Script ENDs here *****************

 How script works ?

1) When the script is executed, the script will prompt the domain name, username and password details like in below snapshot
 
2)Once, all the details are entered correctly, the DSA console will connect to the domain name mentioned in the CMD window with credentials entered.
Now, the service desk connected to the domain with their own credentials with their Delegated access on the particular domain.

Note: Please make sure that you have the dsa.msc console application available on the system your are running this batch script otherwise it would fail. ( You probably, have to install the RSAT to get the DSA console application )
 

Creating Multiple Groups using DSADD command- It works for Groups with spaces in it

Hello Guys,


I had requirement to create multiple groups in domain. I thought it was pretty straight forward so just used my old Script to do the job for me.

My script input file named: groups.txt ( Where you see the group name as space in it )



My Old Scripts contains following "DSADD" code with "FOR" loop



When I executed the script I got the following error popped out in the CLI window.
If you notice that the error was due to the space in the group name. The for loop script by default took the space delimited and try to create the Group named: "TestingGroupName" but it would have got succeeded first time if "TestingGroupName" does not exist. Second time onwards it will throw the below error that already a group exist.


 So, I have to manually specify the delimiter by comma instead of space in the script

New Script with delimiter by comma:  




Now with the new script, I am able to create the group name with space in it.



Hope, this might help you as well.. 

Simple Batch Script to Share and setup Share permission for Multiple Folders

Hello Everyone,

We have recently received request to share and set share permission for about 500 users home directories.

Initially, we did not thought to script it and start working to share them manually :( .  I know it was bad idea to share all the folders and set share permission manually.

Later, we thought avoid this manual work again , just in case, if we get the similar request in future. So, I have started to work on the batch scripting with "NET SHARE"  command.

Overview of Script as snapshot :

Script details :

1) Prepare “ShareFolderList.txt” input file in the c:\temp directory. Sample file is attached for reference 

Sample file : 

2) Create new File “FolderSharing.bat” in the c:\temp directory, copy the content below and save it as (.bat) file

REM ******** Start of Script *******

REM "To Share the list of folders in the input file"
REM  This script is created to share the adagility.net cluster P:Homedirectories

REM Author: Murugan Natarajan / http://techmurugan.blogspot.in/
REM Created on: 24/7/2017
REM ------------------------------------------------------------------------------------------

REM Error checking for the input file for looping


if not exist "c:\temp\ShareFolderList.txt" GOTO Error

REM if input file exist then process the command to share the folders and set share permission

If exist "c:\temp\ShareFolderList.txt" GOTO LineExecute1

:LineExecute1
 

for /F %%a in (c:\temp\ShareFolderlist.txt) do NET SHARE "%%a$"="D:\HomeDIRs\%%a"  /Grant:Everyone,Change /Grant:Administrators,Full

goto END

:Error
Echo "There is no ShareFolderList.txt file available at c:\temp path"

:END

REM   *****  END of Script ******

Note: I have add error line , just to make sure that input file is created before running the batch file. If there is no c:\temp\ShareFolderList.txt file in the path, then script will END and it will not process the "NET SHARE" command.

3) Open command prompt “Runas Administrator – if needed ”

4) In the c:\temp directory, Type “FolderSharing.bat” (without quotes) and press enter

5) Now, script runs in the command prompt with processing results in the console.

Note: For testing purpose, I suggest to try with only two folders and check the sharing and share permission. If all working without any issues, we can add more folder names to the “ShareFolderlist.txt” input file and excute the FolderSharing.bat file again.

To verify the share is created or not , we can use the command “Net share” in the command prompt window.