AdMod
Summary
Command line Active Directory modification
tool. This is the natural extension to AdFind. I was primarily prompted by
dsmod,dsmove,dsrm.exe not being what I wanted them to be when I wanted them
to be.
Warranty
See
warranty.
PlatForms
- Windows 2000+ against Active Directory and
ADAM
Current Version
Version 1.18.0 - March 19, 2012
Modification(s) from previous version
- Fixed bug with quotes in inbound DNs
- Fixed bug with -import and binary values
- Fixed bug with \xx in inbound DNs
- Fixed some usage typoes
- Detect Unicode stream input and bail with error
- Added switches -treenuke, -policyhints, -recycle
- Added importfile## binary operation
Security Requirements
There are no local security requirements
for running AdMod. Ability to modify objects in Active Directory and AD/AM
will be dependent on the security configured for the directory.
The -undel option will require permissions
to see into the cn=Deleted Objects container if that is where the object
is.... By default, this requires administrator permissions. It can be
modified but it is involved.
Language
C++. Compiled with CodeGear C++ Builder
2009
Source Code Availability
None
Story
AdFind had been around for some time and I
kept thinking and hearing, well what about modifying the directory? My main
problem besides free time to think about it was how do I properly set up the
input for the modifications. I needed something fairly easy. That is a lot
tougher than you think unless you do what the ds* folks did in terms of hard
coding for specific attributes which I specifically did not want to do.
Finally I got a brainstorm on how to handle
the input of the data. So voila, here it is. Note I did think that the
ability for the ds* tools to take a feed from the dsquery tool was very cool
and I specifically added that capability in AdMod. This way you can search
from adfind (with -dsq option) or from dsquery to generate the list of
objects to be updated.
In V01.07.00 I added CSV functionality.
Quite honestly, this blows CSVDE out of the water because it can do updates
to existing objects as well as add new objects. However, this is complicated
stuff, you need to fully read the usage given to you when you type admod /csv?
and understand it before running with it. Again, any tool that modifies AD
or ADAM should be considered dangerous, including this one. I try to protect
people from cutting themselves wherever I can but I can't block every
possible thing that someone may do that could hurt themselves and honestly,
it isn't my job to. So... understand what you are doing before you do it. If
you aren't sure, test it in on a test lab AD or ADAM first.
Download
You do not have to supply the email
address. I would like you to fill that in though so that I have an idea on
how popular a tool really is. If I see 1000 downloads with 900 different
email addresses I know it is more widespread than one that has 1000
downloads and 200 different email addresses because the same person needed
to keep downloading it for some reason.
Version History
- Update: Version 1.00.00 - 07/05/2004 -
Original
- Update: Version 1.01.00 - 07/14/2004 -
Added -rootdse option
- Update: Version 1.02.00 - 07/30/2004 -
Corrected a parameter bug
- Update: Version 1.03.00 - 02/23/2005 -
Corrected bugs in parsing and STDIN reading.
- Update: Version 1.04.00 - 04/03/2005 -
Corrected parsing bug, added -add switch.
- Update: Version 1.05.00 - 05/19/2005 -
Corrected move bug, added -kerbenc, added binary updates
- Update: Version 1.06.00 - 06/03/2005 -
Corrected undelete bug
- Update: Version 1.07.00 - 10/01/2006 -
Fixed some memory leaks, added +- operation, remove all values of
multivalue and replace with specified values, added switches -permissive, -xdom,
-delegation, -u, -up, -simple, -ssl, -rootdse, -null, -schema, -root, -config,
-default, -rb, -upto, -counterstart, -expand, -bmod, -autobase, -po, -e, -ef,
-import, -importexclattr, -replacedn, -replacedndelim, -dotcount, added
TXT## to binary encode, added CSV functionality, see admod /sc?, broke usage
screens into sections, output directory type/port info, added shortcuts
- Update: Version 1.08.00 - 10/30/2006 -
Updated usage docs, added {{.}} and {{}} in expansion strings, fixed some
CSV add/modify bugs, added ability to add attributes when undeleting object,
added -csvmodnull
- Update: Version 1.08.01 - 11/01/2006 -
Fixed output bug on "using server" line when using -h server:port switch.
- Update: Version 1.08.02 - 11/06/2006 -
Fixed usage typo
- Update: Version 1.09.00 - 01/15/2007 -
Fixed bug in tokenization routine, Fixed bug, -p not in allowed switches
list, Allow -sc adau single add to specify sAMAccountName, Fixed usage typo
- Update: Version 1.10.00 - 02/24/2007
- Fixed bug in Binary handling of CSV routine, Removed a hidden test switch
- Update: Version 1.11.00 - Never
publicly released.
- Update: Version
1.12.00 - 02/13/2010 - Converted to CodeGear C++ Builder 2009. Multiple bug
fixes, switches, logic, shortcuts, and docs. Added CSV var expansion
modifiers: __lc, __uc, __spec, __hex, __num, *origdn*. Added SD## encoding
for SDDL for binary attribute encoding. Added UTC##, LOCAL##, CURRENT## for
time for binary attribute encoding. Additional work on the Environment (-e
and -ef) functionality. Warn if no redirect and no base specified.
Error out if bad DN specified in multidn mode. Allow non-csv -expand mode.
-import now works for updates, adds values, no overwrite. -csv with no args
specified enables -import. Added new switches: -log, -forestdns, -domaindns,
-dcs, -fsps, -gpo, -ldappolicy, -psocontainer, -xrights, -partitions,
-sites, -subnets, -exch, -stdinadd, -stdinrm, -stdinreplace, -csvfile,
-arecex, -digest, -tmpobj, -hh, -hd, -users, -displayspecifiers, -optenc.
Added new shortcuts: -sc phantomgc, -sc igcc, -sc rsc, -sc rodcpurge, -sc
runpag, -sc runsamupg, -sc rsos.
- Update: Version
1.13.00 - 04/26/2010 - Fixed an ugly bug with :+: and fixed Doc typo.
- Update: Version
1.14.00 - 02/13/2011 - Fixed several crash bugs in shortcuts.Fixed doc typo
Attempted to fix Outlook/Word cut and paste bug for doublequote and dash. Warn
on setting unicodepwd without proper encryption. Added ENCPWD: format for -up.
Allow CHANGE password along with SET password. Fixed bug in -stdinsort. Added
_all for -replacedn
- Update:
Version 1.15.00 - 03/03/2011 - Fixed bug with GUID##
and braces. Fixed multiple bugs with -csv and -import modes. Added
auto-binary encode of schemaID and attributeSecurityGUID in import modes. In
import modes, filter out attributes that don't exist in destination DSA.
Added -importpass1, -importpass2 switches. Added -stdinsort, -replacedn
_all, -csv to -import switch. Added shortcut -sc importschema. Fixed bug
with -hd switch.
- Update: Version 1.16.00 -
03/22/2011 - Added additional string filtering for SD##
-
Update: Version 1.17.00 - 03/30/2011 - Fixed bug with HEX## CSV
functionality
-
Update: Version 1.18.00 - 02/xx/2012 - Fixed bug with quotes in inbound DNs.
Fixed bug with -import and binary values. Fixed bug with \xx in inbound DNs.
Detect Unicode input and bail with error. Fixed some usage typoes. Added switches -treenuke,
-policyhints,-recycle. Added importfile## binary operation.
As seen in
Usage
Download and type admod /?
See current usage screens