Hi all out
there.
If you are working
with logon or startup scripts, you usually access computer or user properties
through environment variables like %userdomain% or %computername%.
The challenge
Our company
often deals with trusts. This means %userdomain% is different from the computer’s
domain. Unfortunately there’s no variable %computerdomain% nor %computerdnsdomain%.
In
addition, we often access domain, user or computer attributes. Usually, you get
the domain from the RootDSE object (https://msdn.microsoft.com/library/aa393248.aspx),
but for computers and users, you have to search. And searching results in
domain controller load – it would be more convenient if we could bind directly.
For that, we need the distinguishedName of our objects.
If we manage
to provide distinguished names in environment variables, they can be used
easily, and no more searching is required. So we want to provide the
following variables:
- ComputerDomain: The NetBIOS name of the computer’s domain
- ComputerDNSDomain: The FQDN of the computer’s domain
- ComputerDomainDN: The Distinguished Name of the computer’s domain
- ComputerNameDN: The Distinguished Name of the computer account
- UserDomainDN: The Distinguished Name of the user’s domain
- UserNameDN: The Distinguished Name of the user account
- UserSID: The Security Identifier of the user account
The UserSID
isn’t really in scope, but hey, we are working on it anyway :-)
