You can use the Dsmove command with the -newname switch to rename Active Directory (AD) objects. For example, to change user savillj to user johnsavill, type
C:>dsmove CN=savillj,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
-newname johnsavill
The machine will return the following result:
dsmove succeeded:CN=savillj,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
If you need to create a file of a certain size and the file contents don’t matter, you can use the Fsutil command as follows:
fsutil file createnew
For example,
fsutil file createnew d:temp1mbfile.txt 1000000
creates a 1MB file named 1mbfile.txt in the d:temp folder. I’ve successfully used this command to create a very large file to reduce the amount of free space when I was using a buggy installation program that couldn’t address too much free space.
Microsoft has removed the M drive by default in Exchange 2003 because of problems related to backup and antivirus software running against the M drive. However, you can still use the .BackOfficeStorage namespace to access the Exchange information through file APIs.
If you require the M drive (e.g., you have programs that use the M drive to map the Installable File System, you use Microsoft FrontPage Extensions and the Microsoft Web Storage System–WSS), you can enable the drive by performing the following steps (but do so at your own risk):
Log on to the Exchange server as an administrator.
Start a registry editor (e.g., regedit.exe).
Navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEXIFSParameters registry subkey.
From the Edit menu, select New, String Value.
Enter the name DriveLetter, then press Enter.
Double-click the new value, set it to M, then click OK.
Close the registry editor.
Restart the Exchange server (or restart the Information Store service) for the changes to take effect.
RDP operates over TCP port 3389. Therefore, to enable connectivity to any machine on the network through a firewall you must open this port. Alternatively, if you have to connect to a particular system on a LAN, configure port forwarding on the firewall to send traffic from port 3389 to the specific computer to which you want to connect.
You can use the Csvde utility, which is included in Windows Server 2003 and Windows 2000 Server, to create a comma-separated value (CSV) file that lists all objects in a domain. For example, to list all objects in the home.local domain, you’d run the command
csvde -d “dc=home,dc=local” -f domain.csv
The Account Lockout Status tool (lockoutstatus.exe) displays lockout information for a specified user by querying every contactable domain controller (DC) in the user’s domain. You can download the Account Lockout Status tool at Link
You can also check a user’s lockout information at the command line. To do so, enter the command
lockoutstatus -u:ali@alibutt.com
where –u is the username.
This tip only works on short cuts. So create a short cut to one of your key programs, for example Active Directory Users and Computers. Right click the short cut, Properties, Advanced (Button), Run with Different Credentials. The idea behind ‘Run As’ is to encourage you to log on as an ordinary user, and then use ‘elevated rights’ when you need to run the administrative tools. What it does is save you having to log off and then logon again as the administrator.
a) Use regedit to locate [HKEY_CLASSES_ROOTCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D} rename LocalizedString to LocalizedString.Old. I advice this step in case anything goes wrong and you want to revert to how it was.
b) Create a new VALUE type Expand_SZ name it LocalizedString Set the value of LocalizedString to %Username% at %Computername%
Press F5 to refresh the ‘My Computer’, there is no need to logoff and certainly do not reboot.
In Windows Server 2003, for the first time, you CAN disable the Administrator account. My point is that every hacker knows that Windows has a username called Administrator, so defend it by disabling the account. (Right Click the Administrator, Disable) Obviously you must create another account with administrative privileges.
There are two variations of this tip.
a) You could disable the account from logging on across the network
b) You could rename the account and create a dummy administrator to confuse would be hackers
