Run the NET GROUP and NET LOCAL GROUP commands on any other global and
local groups to obtain a list of members, again redirecting the output to a text
file. Convert these text files to batch files that will add the appropriate
groups, and place the newly added users into them. Don't worry about usernames
that are not part of Engineering. The new domain will not recognize them and
will ignore them.
Finally, run the original batch file that added the Engineering users to
the new domain. But this time, run it on the original domain and change the /add
switch to /del. This command will remove the users from the original domain. If
you want, you can remove any groups that you no longer need.
This approach has a few potential pitfalls. For example, you will encounter
an error if you are trying to add a user with a name that already exists on the
domain. If you do not spot the error, you might add the wrong user to a group.
However, this approach works just fine if your original domain has outgrown the
estimated number of users. You simply add a new domain and populate it with
users from the original domain. Because the new domain is empty, you won't
encounter conflicts when moving usernames.
Security is another issue. The new accounts will not have passwords unless
you assign them in the batch file. And although the added users should have
passwords that adhere to the minimum password-length policy, I was able to add
user accounts with blank passwords and log on using these accounts with no
restrictions. Even when I specified in the NET USE command that a password was
required, I was still able to log on to a new account with no password, and I
wasn't prompted to change the password. In fact, the one option I could not find
was to force the user to change the password at the next logon, which is the
default when you add a user through the User Manager interface.
Security Policy Settings
Now that you have added all those users, NET ACCOUNTS will let you modify
the password and logon requirements for all the accounts in your accounts
database, changing settings for minimum password length and password expiration.
You can even use NET ACCOUNTS to force a synchronization of accounts, with the
command
net accounts /sync
Run this command from a Primary Domain Controller (PDC) to synchronize all
the Backup Domain Controllers (BDCs) with the PDC. If you run it from a BDC, you
synchronize only that one server with the PDC.
Server Configuration and Control
You can display and configure the settings for a service with the NET CONFIG
command, and start, pause, and stop a service with the NET START, NET PAUSE, and
NET STOP commands followed by the service name. You can configure the server
service and the workstation service with the NET CONFIG SERVER or NET CONFIG
WORKSTATION command. You can stop services such as SQL Server (which runs as a
service) by adding the name of the service to the appropriate NET command:
net stop MSSQLServer
And of course, you can do the same to any NT service, including the browser,
the server service, and the net logon service.
Batch Files
Because you run all these commands from the command prompt, you can combine
them into batch files. You can run the batch file interactively or at a
scheduled time using NT's built-in AT command. (For more information on using
the AT command to schedule jobs, see Windows NT Help or type
at /?
at the command prompt for a list of parameters.)
I showed you some examples for adding users and groups to a domain. Other
possible uses include stopping services at night or before scheduled maintenance
operations, such as backups or disk defragmenting. Once the scheduled operation
is complete, you can restart the services.
A Quick Help Message Lookup
Suppose users call you and say that they just ran into an operating system
error, and they have the error number but not much more information. If they are
running NT, you can quickly get a short explanation of the error. Type
net helpmsg <message#>
For example, NET HELPMSG 2182 will tell you that you are trying to start a
service that is already running. OK, so this command doesn't produce a
comprehensive message database, but it's available on the system if you need it.
Synchronize Your Clocks
Systems administrators often use the NET TIME command to synchronize the
time on servers, and sometimes on client workstations, around the network.
Keeping the time synchronized is important for applications such as Systems
Management Server (SMS) and for tasks such as scheduled backups of user files.
You can include the NET TIME command in a user's login script, to make sure
that the user's computer is always synchronized with the server. The
syntax is
net time //server_name /set /y
to synchronize the clock of the local computer with that of the server you
specify. And yes, it works even across time zones.
Back to Basics
You can do so much with NET commands. Try them out on your network, and see
how you can use them to automate and simplify tasks. (For more useful NET
commands, see Mark Minasi, "Knowing the Angles of NetBIOS Suffixes,"
February 1997, and "Inside a NetBIOS Name Resolution," March 1997.) In
these days of browser interfaces and wizards, people forget plain old command
line utilities and batch files. They typify an older generation of software:
programs that did only one thing but did it well and did it fast. Command line
utilities have a place, even in a modern operating system.
)
Register
However, I have been searching for eons to find documentation re 'DOS Client'.
Where is there a decent explanation of the error codes and what they mean?
Paul Jensen, MCSE+I, MCT March 15, 2000