Tải bản đầy đủ (.pdf) (74 trang)
  1. Trang chủ
    2. >>
  2. Công Nghệ Thông Tin
    3. >>
  3. Kỹ thuật lập trình

mcsa mcse exam 70-292 study guide phần 9 pdf

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (400.81 KB, 74 trang )

554 Appendix A • MCSA Command-Line Reference
Table A.21 dsquery site Parameters
Switch Function
-o {dn | rdn } Specifies the output format for the search results.
-name Name Searches for objects whose CN attributes match the specified
value.
-desc Description Searches for objects whose descriptions match the specified value.
-r Specifies the search to use recursion or follow referrals during the
search process.
-gc Specifies that the search is to use the Global Catalog.
-limit NumberOfObjects Specifies a limit to the number of matches that are returned for
the search.
dsquery server
The dsquery server command is used query Active Directory for information about domain con-
trollers and uses the following syntax:
dsquery server [-o {dn | rdn}] [-forest] [-domain DomainName]
[-site SiteName] [-name Name] [-desc Description]
[-hasfsmo {schema | name | infr | pdc | rid}] [-isgc]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
[-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]
Table A.22 details the parameters associated with the dsquery server command.
Table A.22 dsquery server Parameters
Switch Function
-o {dn | rdn } Specifies the output format for the search results.
-forest Searches for all domain controllers in the current forest.
-domain DomainName Searches for all domain controllers in the specified domain.
-site SiteName Searches for all domain controllers in the specified site.
-name Name Searches for objects whose CN attributes match the specified value.
-desc Description Searches for objects whose descriptions match the specified value.
-hasfsmo {schema | Searches for the domain controller(s) that hold the specified opera-
name | infr | pdc | rid} tions master role.


-isgc Searches for all domain controllers specified in the scope that are
Global Catalog servers.
-r Specifies the search to use recursion or follow referrals during the
search process.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 554
MCSA Command-Line Reference • Appendix A 555
Table A.22 dsquery server Parameters
Switch Function
-gc Specifies that the search is to use the Global Catalog.
-limit NumberOfObjects Specifies a limit to the number of matches that are returned for the
search.
dsquery user
The dsquery user command is used query Active Directory for information about users and uses
the following syntax:
dsquery user [{StartNode | forestroot | domainroot}]
[-o {dn | rdn | upn | samid}] [-scope {subtree | onelevel | base}]
[-name Name] [-desc Description] [-upn UPN] [-samid SAMName]
[-inactive NumberOfWeeks] [-stalepwd NumberOfDays] [-disabled]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
[-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]
Table A.23 details the parameters associated with the dsquery user command.
Table A.23 dsquery user Parameters
Switch Function
StartNode | forestroot | Specifies where the search should start.
domainroot
-o {dn | rdn | upn | Specifies the output format for the search results.
samid }
-scope {subtree | Specifies the scope of the search.

onelevel | base}
-name Name Searches for objects whose CN attributes match the specified
value.
-desc Description Searches for objects whose descriptions match the specified
value.
-upn UPN Searches for objects whose UPN matches the specified value.
-samid SAMName Searches for objects whose SAM names match the specified value.
-inactive NumberOfWeeks Searches for inactive users for the specified time value.
stalepwd NumberOfDays Searches for users that have not changed their password for the
specified time value.
-disabled Searches for users with disabled accounts.
-r Specifies the search to use recursion or follow referrals during the
search process.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 555
556 Appendix A • MCSA Command-Line Reference
Table A.23 dsquery user Parameters
Switch Function
-gc Specifies that the search is to use the Global Catalog.
-limit NumberOfObjects Specifies a limit to the number of matches that are returned for
the search.
dsquery quota
The dsquery quota command is used query Active Directory for information about quota speci-
fications and uses the following syntax:
dsquery quota {domainroot | ObjectDN} [-o {dn | rdn}] [-acct Name]
[-qlimit Filter] [-desc Description] [{-s Server | -d Domain}]
[-u UserName] [-p {Password | *}] [-q] [-r] [-gc] [-limit NumberOfObjects]
[{-uc | -uco | -uci}]
Table A.24 details the parameters associated with the dsquery quota command.

Table A.24 dsquery quota Parameters
Switch Function
domainroot | ObjectDN Specifies where the search should start.
-o {dn | rdn } Specifies the output format for the search results.
-acct Name Specifies the search to locate quota specifications assigned to the
specified security principal.
-qlimit Filter Searches for quota limits that match a specified value.
-desc Description Searches for objects whose descriptions match a specified value.
-r Specifies the search to use recursion or follow referrals during the
search process.
-gc Specifies that the search is to use the Global Catalog.
-limit NumberOfObjects Specifies a limit to the number of matches that are returned for
the search.
dsquery partition
The dsquery partition command is used query Active Directory for information about partition
objects and uses the following syntax:
dsquery partition [-o {dn | rdn}] [-part Filter] [{-s Server | -d Domain}]
[-u UserName] [-p {Password | *}] [-q] [-r] [-gc] [-limit NumberOfObjects]
[{-uc | -uco | -uci}]
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 556
MCSA Command-Line Reference • Appendix A 557
Table A.25 details the parameters associated with the dsquery partition command.
Table A.25 dsquery partition Parameters
Switch Function
-o {dn | rdn } Specifies the output format for the search results.
-part Filter Searches for partition objects whose common name matches the
specified value.
-r Specifies the search to use recursion or follow referrals during the
search process.

-gc Specifies that the search is to use the Global Catalog.
-limit NumberOfObjects Specifies a limit to the number of matches that are returned for the
search.
dsquery *
The dsquery * command is used query Active Directory for information about objects using the
specified criteria for an LDAP query and uses the following syntax:
dsquery * [{ObjectDN | forestroot | domainroot}]
[-scope {subtree | onelevel | base}] [-filter LDAPFilter]
[-attr {AttributeList | *}] [-attrsonly] [-l] [{-s Server | -d Domain}]
[-u UserName] [-p {Password | *}] [-q] [-r] [-gc] [-limit NumberOfObjects]
[{-uc | -uco | -uci}]
Table A.26 details the parameters associated with the dsquery * command.
Table A.26 dsquery * Parameters
Switch Function
ObjectDN | forestroot | domainroot Specifies where the search should start.
-scope {subtree | onelevel | base} Specifies the scope of the search.
-filter LDAPFilter Specifies an explicit LDAP search filter.
-attr {AttributeList | *} Specifies the attributes to display in the search output.
-attrsonly Specifies the attribute types to display in the search
output.
-l Specifies search output to be displayed in a list instead
of table format.
-r Specifies that the search is to use recursion or follow
referrals during the search process.
-gc Specifies that the search is to use the Global Catalog.
-limit NumberOfObjects Specifies a limit to the number of matches that are
returned for the search.
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 557
558 Appendix A • MCSA Command-Line Reference

dsget
The dsget command can be used to display the selected properties of Active Directory objects.
dsget has the following top-level options:

dsget computer

dsget contact

dsget group

dsget ou

dsget site

dsget server

dsget user

dsget subnet

dsget site

dsget quota

dsget partition
dsget computer
The dsget computer command is used display the properties of a specified computer in Active
Directory and has two possible usage variations.The first allows you to view the properties for
multiple computers, while the second allows you to view the membership information for a
single computer.The dsget computer command uses the following syntax:

dsget computer ComputerDN [-dn] [-samid] [-sid] [-desc] [-loc]
[-disabled] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
[-c] [-q] [-l] [{-uc | -uco | -uci}] [-part PartitionDN [-qlimit] [-qused]]
dsget computer ComputerDN [-memberof [-expand]] [{-s Server | -d Domain}]
[-u UserName] [-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
Table A.27 details the parameters associated with the dsget computer command.
Table A.27 dsget computer Parameters
Switch Function
ComputerDN Specifies the distinguished name of the computer information you want
to view.
-dn Displays the distinguished name of the computer.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 558
MCSA Command-Line Reference • Appendix A 559
Table A.27 dsget computer Parameters
Switch Function
-samid Displays the SAM account name of the computer.
-sid Displays the SID of the computer.
-desc Searches for objects whose description matches the specified value.
-loc Displays the location of the computer.
-disabled Searches for computers with disabled accounts.
-l Specifies search output to be displayed in a list instead of a table
format.
-c Specifies the command is to continue processing in the event of an error.
-part PartitionDN Connects to the specified directory partition.
-qlimit Displays the quota limit in place on the object.
-qused Displays the quota used by the object.
-memberof Displays the group memberships of the computer.
-expand Specifies that group recursion is to occur when locating groups the

computer is a member of.
dsget contact
The dsget contact command is used display the properties of a specified contact in Active
Directory and uses the following syntax:
dsget contact ContactDN [-dn] [-fn] [-mi] [-ln] [-display] [-desc]
[-office] [-tel] [-email] [-hometel] [-pager] [-mobile] [-fax] [-iptel]
[-title] [-dept] [-company] [{-s Server | -d Domain}] [-u UserName]
[-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
Table A.28 details the parameters associated with the dsget contact command.
Table A.28 dsget contact Parameters
Switch Function
ContactDN Specifies the distinguished name of the contact information you want to view.
-dn Displays the distinguished name of the contact.
-fn Displays the first name of the contact.
-mi Displays the middle initial of the contact.
-ln Displays the last name of the contact.
-display Displays the display name of the contact.
-desc Displays the description of the contact.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 559
560 Appendix A • MCSA Command-Line Reference
Table A.28 dsget contact Parameters
Switch Function
-office Displays the office location of the contact.
-tel Displays the telephone number of the contact.
-email Displays the e-mail address of the contact.
-hometel Displays the home telephone number of the contact.
-pager Displays the pager phone number of the contact.
-mobile Displays the mobile phone number of the contact.

-fax Displays the fax phone number of the contact.
-iptel Displays the IP phone number of the contact.
-title Displays the title of the contact.
-dept Displays the department of the contact.
-company Displays the company name of the contact.
-c Specifies the command is to continue processing in the event of an error.
-l Specifies search output to be displayed in a list instead of a table format.
dsget group
The dsget grouip command is used to display the properties of a specified group in Active
Directory and has two possible variations in usage.The first allows you to view the properties
for multiple groups, while the second allows you to view the membership information for a
single group.The dsget group command uses the following syntax:
dsget group GroupDN [-dn] [-samid] [-sid] [-desc] [-secgrp] [-scope]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q]
[-l] [{-uc | -uco | -uci}] [-part PartitionDN [-qlimit] [-qused]]
dsget group GroupDN [{-memberof | -members}] [-expand]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c]
[-q] [-l] [{-uc | -uco | -uci}]
Table A.29 details the parameters associated with the dsget group command.
Table A.29 dsget group Parameters
Switch Function
GroupDN Specifies the distinguished name of the group information you want to view.
-dn Displays the distinguished name of the group.
-samid Displays the SAM account name of the group.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 560
MCSA Command-Line Reference • Appendix A 561
Table A.29 dsget group Parameters
Switch Function

-sid Displays the SID of the group.
-desc Searches for objects whose description matches the specified value.
-secgrp Displays whether or not the group is a security group.
-scope Displays information about the scope of the group.
-l Specifies search output to be displayed in a list instead of a table format.
-part PartitionDN Connects to the specified directory partition.
-qlimit Displays the object quota limit.
-qused Displays the quota used by the object.
-memberof Displays the group memberships of the group.
-members Displays the objects that are members of the group.
-expand Specifies that group recursion occurs when locating groups the group is a
member of.
-c Specifies the command is to continue processing in the event of an error.
dsget ou
The dsget ou command is used display the properties of a specified OU in Active Directory and
uses the following syntax:
dsget ou OrganizationalUnitDN [-dn] [-desc] [{-s Server | -d Domain}]
[-u UserName] [-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
Table A.30 details the parameters associated with the dsget ou command.
Table A.30 dsget ou Parameters
Switch Function
OrganizationalUnitDN Specifies the distinguished name of the OU information you want
to view.
-dn Displays the distinguished name of the OU.
-desc Displays the description of the OU.
-c Specifies the command is to continue processing in the event of an
error.
-l Specifies the search output is displayed in a list instead of a table
format.
www.syngress.com

271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 561
562 Appendix A • MCSA Command-Line Reference
dsget server
The dsget server command is used display the properties of a specified domain controller in
Active Directory and has three possible usage variations.The first allows you to view the gen-
eral properties for the specified domain controller, the second allows you to display a listing of
security principals who own the largest number of objects in the directory, and the third allows
you to display a listing of the directory partitions on the specified domain controller.The dsget
server command uses the following syntax:
dsget server ServerDN [-dn] [-desc] [-dnsname] [-site] [-isgc]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q]
[-l] [{-uc | -uco | -uci}]
dsget server ServerDN [{-s Server | -d Domain}] [-u UserName]
[-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
[-topobjowner Display]
dsget server ServerDN [{-s Server | -d Domain}] [-u UserName]
[-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}] [-part PartitionDN]
Table A.31 details the parameters associated with the dsget server command.
Table A.31 dsget server Parameters
Switch Function
ServerDN Specifies the distinguished name of the domain controller information you
want to view.
-dn Displays the distinguished name of the domain controller.
-desc Displays the description of the domain controller.
-dnsname Displays the DNS host name of the domain controller.
-site Displays the site in which the domain controller is located.
-isgc Displays whether or not the domain controller is a Global Catalog server.
-l Specifies the search output is displayed in a list instead of a table format.
-topobjowner Displays a listing of the security principals that own the largest number of
Display directory objects on the server.

-part Connects to the specified directory partition.
PartitionDN
-c Specifies the command is to continue processing in the event of an error.
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 562
MCSA Command-Line Reference • Appendix A 563
dsget user
The dsget user command is used display the properties of a specified group in Active Directory
and has two possible variations in usage.The first allows you to view the properties for multiple
users, while the second allows you to view the group membership information for a single user.
The dsget user command uses the following syntax:
dsget user UserDN [-dn] [-samid] [-sid] [-upn] [-fn] [-mi] [-ln]
[-display] [-empid] [-desc] [-office] [-tel] [-email] [-hometel] [-pager]
[-mobile] [-fax] [-iptel] [-webpg] [-title] [-dept] [-company] [-mgr]
[-hmdir] [-hmdrv] [-profile] [-loscr] [-mustchpwd] [-canchpwd]
[-pwdneverexpires] [-disabled] [-acctexpires] [-reversiblepwd]
[{-uc | -uco | -uci}] [-part PartitionDN [-qlimit] [-qused]]
dsget user UserDN [-memberof] [-expand] [{-uc | -uco | -uci}]
Table A.32 details the parameters associated with the dsget user command.
Table A.32 dsget user Parameters
Switch Function
UserDN Specifies the distinguished name of the user information you want to view.
-dn Displays the distinguished name of the user.
-samid Displays the SAM name of the user.
-upn Displays the user principal name of the user.
-sid Displays the SIDs of the user.
-fn Displays the first name of the user.
-mi Displays the middle initial of the user.
-ln Displays the last name of the user.
-display Displays the display name of the user.

-empid Displays the employee ID of the user.
-desc Displays the description of the user.
-office Displays the office location of the user.
-tel Displays the telephone number of the user.
-email Displays the e-mail address of the user.
-hometel Displays the home telephone number of the user.
-pager Displays the pager phone number of the user.
-mobile Displays the mobile phone number of the user.
-fax Displays the fax phone number of the user.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 563
564 Appendix A • MCSA Command-Line Reference
Table A.32 dsget user Parameters
Switch Function
-iptel Displays the IP phone number of the user.
-webpg Displays the Web page of the user.
-title Displays the title of the user.
-dept Displays the department of the user.
-company Displays the company name of the user.
-mgr Displays the manager of the user.
-hmdir Displays the home directory of the user.
-hmdrv Displays the home drive of the user.
-profile Displays the profile path of the user.
-loscr Displays the logon script path of the user.
-mustchpwd Displays whether or not the user must change their password upon next
logon.
-canchpwd Displays whether or not the user can change their password.
-pwdneverexpires Displays whether or not the user account password expires.
-disabled Displays whether or not the user account is disabled.

-acctexpires Displays when the user account expires.
-reversiblepwd Displays whether or not the user account password is stored used
reversible
encryption.
-part Connects to the specified directory partition.
PartitionDN
-qlimit Displays the quota limit set for the user.
-qused Displays the quota used by the user.
-memberof Displays the groups the user is a member of.
-expand Specifies that group recursion occurs when locating groups that the
user is a member of.
dsget subnet
The dsget subnet command is used display the properties of a specified subnet in Active
Directory and uses the following syntax:
dsget subnet SubnetDN [-dn] [-desc] [-loc] [-site]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
[-c] [-q] [-l] [{-uc | -uco | -uci}]
Table A.33 details the parameters associated with the dsget subnet command.
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 564
MCSA Command-Line Reference • Appendix A 565
Table A.33 dsget subnet Parameters
Switch Function
SubnetDN Specifies the distinguished name of the subnet information you want to view.
-dn Displays the distinguished name of the subnet.
-desc Displays the description of the subnet.
-loc Displays the subnet location.
-site Displays the site name of the subnet.
-l Specifies search output is displayed in a list instead of a table format.
-c Specifies the command is to continue processing in the event of an error.

dsget site
The dsget site command is used display the properties of a specified site in Active Directory and
uses the following syntax:
dsget site SiteCN [-dn] [-desc] [-autotopology] [-cachegroups]
[-prefGCsite] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
[-c] [-q] [-l] [{-uc | -uco | -uci}]
Table A.34 details the parameters associated with the dsget site command.
Table A.34 dsget site Parameters
Switch Function
SiteCN Specifies the common name of the site information you want to view.
-dn Displays the distinguished name of the site.
-desc Displays the description of the site.
-autotopology Displays whether or not the automatic intersite topology generation
feature is enabled.
-cachegroups Displays whether or not the caching of universal group memberships is
cached.
-prefGCsite Displays the name of the preferred Global Catalog site for this site’s
domain controllers.
-l Specifies search output is displayed in a list instead of a table format.
-c Specifies the command is to continue processing in the event of an error.
dsget quota
The dsget quota command is used display the properties of a specified quota specification in
Active Directory and uses the following syntax:
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 565
566 Appendix A • MCSA Command-Line Reference
dsget quota ObjectDN [-dn] [-acct] [-qlimit] [{-s Server | -d Domain}]
[-u UserName] [-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
Table A.35 details the parameters associated with the dsget quota command.
Table A.35 dsget quota Parameters

Switch Function
ObjectDN Specifies the distinguished name of the quota information you want to view.
-dn Displays the distinguished name of the quota.
-acct Displays the distinguished names for the accounts that the quota is assigned to.
-qlimit Displays the quota limit for the specified quota.
-qused Displays the quota used for the specified quota.
-l Specifies search output is displayed in a list instead of a table format.
-c Specifies the command is to continue processing in the event of an error.
dsget partition
The dsget partition command is used display the properties of a specified partition in Active
Directory and uses the following syntax:
dsget partition ObjectDN [-dn] [-qdefault] [-qtmbstnwt]
[-topobjowner Display] [{-s Server | -d Domain}] [-u UserName]
[-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
Table A.36 details the parameters associated with the dsget partition command.
Table A.36 dsget partition Parameters
Switch Function
ObjectDN Specifies the distinguished name of the partition information you
want to view.
-dn Displays the distinguished name of the partition.
-qdefault Displays the default quota that is applied all security principals.
-qtmbstnwt Displays the percent that the tombstone object count should be
reduced.
-topobjowner Display Displays a listing of the security principals that own the largest
number of directory objects in the partition.
-l Specifies search output is displayed in a list instead of a table format.
-c Specifies the command is to continue processing in the event of
an error.
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 566

MCSA Command-Line Reference • Appendix A 567
gpresult
The gpresult command can be used to display Group Policy settings and the Resultant Set of
Policy (RSoP) applied to a user and uses the following syntax:
gpresult [/s Computer [/u Domain\User /p Password]] [/user TargetUserName]
[/scope {user | computer}] [{/v | /z}]
Table A.37 details the parameters associated with the gpresult command.
Table A.37 gpresult Parameters
Switch Function
/s Computer Specifies the name or IP address of a remote computer.
/u Domain\User Specifies a user account whose permissions are to be used to run
the command.
/p Password Specifies the password for the provided user account.
/user TargetUserName Specifies the user name of user whose RSoP is to be displayed.
/scope {user | computer} Displays either computer or user settings.
/v Specifies to provide verbose output.
/z Specifies that output should display all available information. You
can direct the output to a text file by using /z file.txt.
whoami
The whoami command returns information about the currently logged in user including
domain name, computer name, user name, group names, logon identifier, and privileges and uses
the following possible syntaxes:
whoami {/upn | /fqdn | /logonid}
whoami [{/user | /groups | /priv}] [/fo Format]
whoami /all [/fo Format]
Table A.38 details the parameters associated with the whoami command.
Table A.38 whoami Parameters
Switch Function
/upn Displays the user name in User Principal Name (UPN) format.
/fqdn Displays the user name in FQDN format.

/logonid Displays the logon ID.
/user Displays the current user name.
/groups Displays group names.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 567
568 Appendix A • MCSA Command-Line Reference
Table A.38 whoami Parameters
Switch Function
/priv Displays privileges.
/fo Format Specifies the output display format. Options include:

table Displays output in a table. This is the default value

list Displays output in a list

csv Displays output in comma-delimited (.CSV) format
/all Displays the user name and groups, SID and privileges in the current access
token.
csvde and ldifde
Realizing that administrators may have the need to import and export data into and out of
Active Directory and other Lightweight Directory Access Protocol (LDAP) directory services,
Microsoft has provided two utilities to accomplish that task.

csvde (CSV Directory Exchange) csvde uses files formatted in the Microsoft
comma-separated value (CSV) format.The advantage of the CSV format is that it is
supported by many other applications such as Microsoft Excel and Microsoft Access,
thus allowing you to manipulate data in these applications before importing it.The
downside to using csvde is that it only allows the addition of new objects—ldifde allows
the modification of existing objects.


ldifde (LDAP Data Interchange Format Directory Exchange) ldifde can be
used to extend the Active Directory schema, export data from Active Directory into
other LDAP applications and services and to populate the Active Directory database
with LDAP data from other directory services. LDIF is an Internet standard file
format for performing batch import and export operations that conform to LDAP
standards.
The full syntax of the csvde command is as follows:
csvde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v]
[-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope]
[-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k]
[-a UserDistinguishedName Password] [-b UserName Domain Password]
The ldifde command also follows the same syntax:
ldifde [-i] [-f FileName] [-s ServerName] [-c String1 String2] [-v]
[-j Path] [-t PortNumber] [-d BaseDN] [-r LDAPFilter] [-p Scope]
[-l LDAPAttributeList] [-o LDAPAttributeList] [-g] [-m] [-n] [-k]
[-a UserDistinguishedName Password] [-b UserName Domain Password]
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 568
MCSA Command-Line Reference • Appendix A 569
Table A.39 details the parameters associated with the csvde and ldifde commands.
Table A.39 csvde/ldifde Parameters
Switch Function
Basic Global Parameters
-i Specifies to use import mode, if not specified export mode is used.
-f FileName Specifies the file name for the import or export operation.
-s ServerName Specifies the domain controller that is used for the import or
export operation.
-c String1 String2 Specifies that all instances of String1 are to be replaced with
String2.

-v Sets verbose mode.
-t PortNumber Specifies port number connections. The default port is 389 for
LDAP and 3268 for Global Catalog servers.
Export Related Parameters
-d BaseDN Specifies the distinguished name of the search base for data
export.
-r LDAPFilter Specifies an LDAP search filter for data export.
-p Scope Specifies the search scope, the scope options are Base, OneLevel,
or SubTree.
-l LDAPAttributeList Specifies the list of attributes to return for the export query
results.
-o LDAPAttributeList Specifies the list of attributes to omit from the export query
results.
-g Specifies that paged searches are omitted.
-m Specifies to omit attributes that only apply to Active Directory
objects such as the ObjectGUID, objectSID, pwdLastSet and
samAccountType attributes.
-n Specifies that the export of binary values it to be omitted.
-j Path Specifies the log file path and name.
Import Related Parameters
-k Specifies to ignore errors during the import operation and
continue processing.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 569
570 Appendix A • MCSA Command-Line Reference
Table A.39 csvde/ldifde Parameters
Switch Function
Credentials Parameters
-a UserDistinguishedName Specifies the command to run using UserDistinguishedName and

Password Password. By default, the credentials of the user currently logged
on are used.
-b UserName Domain Specifies the command to be run using Username Domain and
Password Password. By default, the credentials of the user currently logged
on are used.
DNS Management
Microsoft has provided two new DNS management tools for Windows Server 2003: dnscmd and
dnslint. As well, the ever-reliable nslookup command is still an important part of any DNS
administrator’s tool kit.
dnscmd
This dnscmd command can be used to display and change the properties of DNS servers, zones
and resource records.The dnscmd is an enhanced version of the dnsstat command. dnscmd has the
following general syntax:
dnscmd ServerName Command [Command Parameters]
The ServerName placeholder is used to specify the DNS server that you wish to manage by IP
address, FQDN or host name. If the ServerName is not supplied, the command will be processed
on the local server.The following commands are available for use with the dnscmd command:

dnscmd /ageallrecords

dnscmd /clearcache

dnscmd /config

dnscmd /createbuiltindirectorypartitions

dnscmd /createdirectorypartition

dnscmd /deletedirectorypartition


dnscmd /directorypartitioninfo

dnscmd /enlistdirectorypartition

dnscmd /enumdirectorypartitions

dnscmd /enumrecords

dnscmd /enumzones

dnscmd /info
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 570
MCSA Command-Line Reference • Appendix A 571

dnscmd /nodedelete

dnscmd /recordadd

dnscmd /recorddelete

dnscmd /resetforwarders

dnscmd /resetlistenaddresses

dnscmd /startscavenging

dnscmd /statistics

dnscmd /unenlistdirectorypartition


dnscmd /writebackfiles

dnscmd /zoneadd

dnscmd /zonechangedirectorypartition

dnscmd /zonedelete

dnscmd /zoneexport

dnscmd /zoneinfo

dnscmd /zonepause

dnscmd /zoneprint

dnscmd /zoneresettype

dnscmd /zonerefresh

dnscmd /zonereload

dnscmd /zoneresetmasters

dnscmd /zoneresetscavengeservers

dnscmd /zoneresetsecondaries

dnscmd /zoneresume


dnscmd /zoneupdatefromds

dnscmd /zonewriteback
dnscmd /ageallrecords
The dnscmd /ageallrecords command is used to set the time stamp on all resource records to the
current time and uses the following syntax:
dnscmd [ServerName] /ageallrecords ZoneName NodeName [/tree]|[/f]
Table A.39 details the parameters associated with the dnscmd /ageallrecords command.
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 571
572 Appendix A • MCSA Command-Line Reference
Table A.39 dnscmd /ageallrecords Parameters
Switch Function
ZoneName Specifies the zone FQDN.
/NodeName Specifies the node to age.
/tree Specifies that all child nodes should also be aged.
/f Specifies that confirmation is not required to age the records.
dnscmd /clearcache
The dnscmd /clearcache command is used to clear the DNS cache of resource records and uses
the following syntax:
dnscmd [ServerName] /clearcache
dnscmd /config
The dnscmd /config command is used to change values in the registry for a DNS server and its
zones and uses the following syntax:
dnscmd [ServerName] /config ServerOption [Value] ZoneOption [Value]
W
ARNING
Experienced administrators should only perform direct editing of the Registry. Before
editing, always backup the Registry.

Table A.40 details the parameters associated with the dnscmd /config command at the server
level.While Table A.41 details the parameters associated with the dnscmd /config command at the
zone level.
Table A.40 dnscmd /config Server Level Parameters
Server Option Switch Function
/addressanswerlimit [0|5-28] Specifies the maximum number of host records that a DNS
server can send in response to a query. The default value is
0; other possible values can be between 5 and 28.
/bindsecondaries [0|1] Specifies whether or not to use fast zone transfers. The
default setting of 1 disables this option.
/bootmethod [0|1|2|3] Specifies where the DNS server loads its configuration infor-
mation from at startup. The default setting is 3.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 572
MCSA Command-Line Reference • Appendix A 573
Table A.40 dnscmd /config Server Level Parameters
Server Option Switch Function

0 No source

1 Loads from the BIND file that is located in the
DNS directory

2 Loads from the registry

3 Loads from Active Directory and the registry
/defaultagingstate [0|1] Specifies whether or not scavenging is enabled on newly
created zones. The default setting of 1 disables this option.
/defaultnorefreshinterval Specifies a period of time during which refreshes are not

[0x1-0xFFFFFFFF|0xA8] accepted for dynamically updated records. The default value
is 0xA8.
/defaultrefreshinterval Specifies a period of time during which refreshes are
[0x1-0xFFFFFFFF|0xA8] accepted for dynamically updated records. The default value
is 0xA8.
/disableautoreversezones [0|1] Specifies whether or not reverse lookup zones are to be
automatically created. The default setting of 0 enables this
option.
/disablensrecordsautocreation Specifies whether or not the DNS server automatically cre-
[0|1] ates NS records for the zones that it hosts.
/dspollinginterval 0-30 Specifies how often the DNS server will poll Active Directory
for changes in Active Directory integrated zones.
/dstombstoneinterval [1-30] Specifies the amount of time in seconds that tombstoned
records should be kept alive in Active Directory.
/ednscachetimeout Specifies the number of seconds that Extension Methods for
[3600-15724800] DNS (EDNS) information is cached. The default is 604,800
seconds.
/enableednsprobes [0|1] Specifies whether or not EDNS probes are enabled.
/enablednssec [0|1] Specifies whether or not the DNS Security Extensions
(DNSSEC) are enabled.
/eventloglevel [0|1|2|4] Specifies the level of logging that is to occur in the DNS log.
The default value is 4.

0 Logs no events

1 Logs only errors

2 Logs only errors and warnings

4 Logs errors, warnings, and informational events

/forwarddelegations [0|1] Specifies how a query for a delegated zone is to be handled
by the DNS server. The default value is 0.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 573
574 Appendix A • MCSA Command-Line Reference
Table A.40 dnscmd /config Server Level Parameters
Server Option Switch Function

0 Automatically sends queries referring to dele-
gated subzones to the appropriate subzone

1 Forwards queries referring to the delegated
subzone to the existing forwarders
/forwardingtimeout [0x1- Specifies how many seconds that a DNS will wait for a for-
0xFFFFFFFF|0x5] warder to respond before querying another one. The default
value is 0x5 (5 seconds).
/isslave [0|1] Specifies how the DNS server will respond when a forwarded
query receives no response. The default value is 0.

0 If the forwarder does not respond, the server
attempts to resolve the query itself

1 If the forwarder does not respond, the server
terminates the search and sends a failure to the
resolver
/localnetpriority [0|1] Specifies the order in which the host records are returned
when the DNS server has multiple host records for the same
name. The default value is 1.


0 Returns the records in the order in which they
are listed in the DNS database

1 Returns the records that have similar IP net-
work addresses first
/logfilemaxsize Specifies the maximum size in bytes that the DNS.log
[0x10000-0xFFFFFFFF| file can grow to. The default size is 0x400000 (4MB).
0x400000]
/logfilepath Specifies the path of the DNS.log file.
[Path+LogFileName]
/logipfilterlist IPAddress Specifies the packets that are to be logged into the debug
[, IPAddress ] log file by IP address.
/loglevel [EventType] Specifies the types of events that are to be logged in the
DNS.log file. The default value is 0x0.

0x0 The DNS server does not create a log

0x10 Logs queries

0x10 Logs notifications

0x20 Logs updates

0xFE Logs non-query

0x100 Logs question transactions
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 574
MCSA Command-Line Reference • Appendix A 575

Table A.40 dnscmd /config Server Level Parameters
Server Option Switch Function

0x200 Logs answers

0x1000 Logs send packets

0x2000 Logs receive packets

0x4000 Logs UDP packets

0x8000 Logs TCP packets

0xFFFF Logs all packets

0x10000 Logs Active Directory write transactions

0x20000 Logs Active Directory update
transactions

0x1000000 Logs full packets

0x80000000 Logs write-through transactions
/maxcachesize Specifies the maximum allowable size of the DNS server’s
cache.
/maxcachettl [0x0-0xFFFFFFFF| Specifies the time in seconds that a record is maintained in
0x15180] the cache. The default setting is 0x15180 (86,400 seconds).
/maxnegativecachettl [0x1- Specifies the time in seconds that an entry causing a nega-
0xFFFFFFFF|0x384] tive answer to a query remains in the cache. The default
setting is 0x384 (900 seconds).

/namecheckflag [0|1|2|3] Specifies which character standard is to be used for allowing
DNS names. The default value is 3.

0 Uses ANSI characters that comply with IETF
Requests For Comment (RFCs)

1 Uses ANSI characters that do not necessarily
comply with IETF RFCs

2 Uses multibyte UTF8 characters

3 Uses all characters
/norecursion [0|1] Specifies whether or not a DNS server will perform recursive
name resolution. The default value is 0.
/recursionretry [0x1- Specifies the time in seconds that the server will wait before
0xFFFFFFFF|0x3] trying again to contact a remote server. The default value is
0x3 (3 seconds).
/recursiontimeout [0x1- Specifies the time in seconds that a DNS server will wait
0xFFFFFFFF|0xF] before discontinuing attempts to contact a remote server.
The default value is 0xF (15 seconds).
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 575
576 Appendix A • MCSA Command-Line Reference
Table A.40 dnscmd /config Server Level Parameters
Server Option Switch Function
/roundrobin [0|1] Specifies how host records are retuned when multiple host
records exist for the same name. The default value is 1.
/rpcprotocol [0x0|0x1|0x2| Specifies the protocol that RPC will use when making a new
0x4|0xFFFFFFFF] connection from the DNS server. The default value is

0xFFFFFFFF.

0x0 Disables RPC for DNS

0x1 Uses TCP/IP

0x2 Uses named pipes

0x4 Uses LPC

0xFFFFFFFF All protocols
/scavenginginterval Specifies whether or not scavenging is enabled and the
[0x0-0xFFFFFFFF|0x0] number of hours between scavenging cycles. The default
value is 0x0, which will disable scavenging.
/secureresponses [0|1] Specifies whether or not DNS filters the records that are in
the cache. The default value is 0.

0 Saves all responses to name queries to a cache

1 Saves only the records that belong to the same
DNS subtree to a cache
/sendport Specifies the port number that DNS will use to send
[0x0-0xFFFFFFFF|0x0] recursive queries. The default value of 0x0 specifies a
random port.
/strictfileparsing [0|1] Specifies the behavior of the DNS server when it encounters
an error while loading the zone data. The default value is 0.

0 Continues to load even if the server encounters
an erroneous record, the error is recorded in the
DNS log.


1 Stops loading and records the error in the
DNS log
/updateoptions RecordValue Specifies that dynamic updates are prohibited for specific
record types. Multiple records can be prohibited by using the
hexadecimal sum of their individual values.

0x0 Does not restrict any record types

0x1 Excludes Start of Authority (SOA ) records

0x2 Excludes name server (NS ) records

0x4 Excludes delegation NS records
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 576
MCSA Command-Line Reference • Appendix A 577
Table A.40 dnscmd /config Server Level Parameters
Server Option Switch Function

0x8 Excludes server host records

0x100 On secure dynamic update, excludes SOA
records

0x200 On secure dynamic update, excludes root
NS records

0x30F On standard dynamic update, excludes

NS, SOA, and server host records; for secure
dynamic update, excludes root NS and SOA records

0x400 On secure dynamic update, excludes del-
egation NS records.

0x800 On secure dynamic update, excludes
server host records

0x1000000 Excludes DS records

0x80000000 Disables DNS dynamic update
/writeauthorityns [0|1] Specifies when the DNS server will write NS records in the
authority section of a response. The default value is 0.

0 Writes NS records in the Authority section of
referrals only

1 Writes NS records in the Authority section of
all successful authoritative responses
/xfrconnecttimeout Specifies the time in seconds that a primary DNS server will
[0x0-0xFFFFFFFF|0x1E] wait for a zone transfer response from a secondary. The
default value is 0x1E (30 seconds).
Table A.41 dnscmd /config Zone Level Parameters
Zone Option Switch Function
/aging Specifies whether or not scavenging is enabled for the specified
zone.
/allownsrecordsautocreation Forces an override on the DNS server’s NS record autocreation
setting for the specified zone.
/allowupdate Specifies whether or not the specified zone will accept

dynamic updates for the specified zone.
/forwarderslave Forces an override on the DNS server /isslave setting for the
specified zone.
www.syngress.com
Continued
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 577
578 Appendix A • MCSA Command-Line Reference
Table A.41 dnscmd /config Zone Level Parameters
Zone Option Switch Function
/forwardertimeout Specifies how many seconds the specified zone waits for a for-
warder to respond before contacting another for the specified
zone.
/norefreshinterval Specifies the time interval during which no refreshes can be
made to dynamically created records for the specified zone.
/refreshinterval Specifies the time interval during which refreshes are allowed
to dynamically created records for the specified zone.
/securesecondaries Specifies which secondary servers are allowed to receive
updates from the master for the specified zone.
dnscmd /createbuiltindirectorypartitions
The dnscmd /createbuiltindirectorypartitions command is used to create a DNS application directory
partition and uses the following syntax:
dnscmd [ServerName] /createbuiltindirectorypartitions [/forest]
[/alldomains]
Table A.42 details the parameters associated with the dnscmd /createbuiltindirectorypartitions
command.
Table A.42 dnscmd /createbuiltindirectorypartitions Parameters
Switch Function
/forest Creates a DNS directory partition in the specified forest.
/alldomains Creates a DNS directory partition in all domains in the forest.
dnscmd /createdirectorypartition

The dnscmd /createdirectorypartition command is used to create an additional DNS application
directory partition and uses the following syntax:
dnscmd [ServerName] /createdirectorypartition FQDNofDP
The FQDNofDP placeholder specifies the FQDN of the DNS application partition.
dnscmd /deletedirectorypartition
The dnscmd /deletedirectorypartition command is used to delete a DNS application directory parti-
tion and uses the following syntax:
dnscmd [ServerName] /deletedirectorypartition FQDNofDP
The FQDNofDP placeholder specifies the FQDN of the DNS application partition.
www.syngress.com
271_70-292_AppxA.qxd 8/22/03 4:24 PM Page 578

Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×