go to c:\ and open boot.ini file ( you have to allow see hide files over tools/folder options/view/ and show hidden files, folders or drives
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=”Microsoft Windows XP Professional” /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=”Safe Mode” /safeboot:minimal /sos /bootlog
we need create name.txt file include CN of users
for -f „delims=,tokens=*“ %G in (name.txt) do @dsmod group „CN=,OU=,DC=,DC=“ -addmbr „CN=%G,OU=,DC=,DC=“
vztahneme se seznam slozek do souboru / we make spill folders to file – command below
dir /AD /S /B > directory.txt
and now use this command /a nyni pouzijeme tento prikaz
FOR /F „delims=*“ %i in (directory.txt) do cacls „%i“
Vytvorime si .csv file s obsahem – nazvy skupin , uzivatel
We make create file include names of users or groups ( objects)
Test.csv – obsahuje –
Cn
Jmenoskupiny1
Jmenoskupiny2
pouzijeme prikaz(muzeme upravt dle potreb)
we use this command
Command : for -f “delims=, tokens=*” %G in (test.csv) do @dsadd group “cn=%G,ou=….,DC=…,DC=….” –secgrp yes –scope l
or you can use alternative way
objectClass,sAMAccountName,dn
user,amasv,“ cn=Martin Svoboda,ou=it,dc=secure,dc=com“
csvde –i name of csv
Configuring Permissions for the Regional Exchange Admins over powershell
Split permissions model strictly separate the rights to manipulate Exchange attributes to only these users objects, for which is the respective administrator responsible. In our configuration, the RegionAdmins security group is responsible only to manipulate objects in specific Region Active Directory container. This group must not be able to change Exchange attributes on user objects in another OU containers. Also for the spec. OU like Region Users and Groups containers inside spec Region OU have to be the rights granted, because this containers can contain accounts (which can have mailboxes) or distribution groups. Administrators of Exchange attributes must be able to view all the required settings in an Exchange Organization. For this purpose, they have to be members of Exchange View-Only Administrators.
To grant the required permissions according to the Split Permissions model, we have to use the Exchange Management Shell console. There is a script located in the
%ProgramFiles%\Microsoft\Exchange Server\Scripts directory
that can help you to configure the split permissions model. This script configures automatically the ability to manipulate the required Exchange permissions inside the OU container (for Recipient, Contact and Group objects).
Using the Exchange Management Shell, you can run the following script:
ConfigureSplitPerms.ps1 -User „User or Group name“ -Identity „OU container“
The procedure to implement split permissions model for the RegionAdmins security group is described below:
Granting the required permissions for the Service container inside the Region OU
Configuresplitperms -User “yourcompanydomain”\ RegionAdmins” -Identity “OU=…. ,DC=… ”
Similarly we have to grant the required permissions using this procedure for all other regional admins security groups in their respective OU containers, where they will be manage the Exchange recipients.
Add permissions for RegionAdmins – „access recipient update services“ on CN=Exchange Administration Group (FYDIBOHF23SPDLT) and delegate this permission on all child „Exchange Server objects „
