You can install the CLI through the user interface part of the Setup program. By default, the Setup program places the EA.EXE file in the Program Files (x86)\NetIQ\DRA folder on the DRA client computer. This file allows you to run DRA and ExA commands from the command prompt on Microsoft Windows computers.
The CLI processes the commands from the command prompt. You can run the CLI commands from the \Program Files(x86)\NetIQ\DRA\ directory. By default, this location is not added to your path statement. For more information about adding this location to your path statement, see your Microsoft Windows documentation.
The CLI provides a way to quickly create AVs with rules matching the OUs.
The CLI uses several conventions to help you use the available commands. The following sections define these conventions. These sections also describe several specific characteristics of the CLI. Making mass changes through the CLI can cause other user interfaces, such as the Account and Resource Management console, to wait while the Administration server applies these changes.
This section uses a specific syntax for documenting CLI commands. For example, the syntax for using the GROUP command to update group properties is:
EA [/DOMAIN: domain [/SERVER: computername |/MASTER]] GROUP target UPDATE {NAME:group|CN: "commonname" |COMMENT: "comment" }
The following table lists the conventions and how they apply to this GROUP command.
|
Convention |
Represents |
Example |
|---|---|---|
|
CAPITAL LETTERS |
Commands and options |
The command is GROUP. This command allows you to manage group accounts. The /DOMAIN and UPDATE parameters provide additional controls you can use with this command. |
|
Italics |
Variable names and values |
Specify the appropriate domain name and computer name in place of the domain and computername variables. |
|
Brackets, such as [value] |
Optional parameters. |
You are not required to specify the /DOMAIN or /SERVER parameter. |
|
Braces, such as {value} |
Required parameters. |
You must specify which properties you want to update. |
|
Logical OR, such as val1 | val2 |
Exclusive parameters. Choose one parameter. |
You can update only one of the following properties: NAME, CN, COMMENT. |
HINT:If you specify an incomplete command, the CLI displays syntax and option descriptions. For example, to display the syntax and help information for the GROUP command, enter:
EA GROUP
The CLI uses spaces to separate keywords and arguments. If you want to specify a value that contains one or more embedded spaces, enclose the value in quotation marks ("."). For example, to set the fullname property of the JaneSmith user account to Jane Smith, enter:
EA USER JaneSmith UPDATE FULLNAME:"Jane Smith"
The quotation marks ensure the CLI treats Jane Smith as a single value. Without the quotation marks, the CLI treats Jane and Smith as separate terms and generates an error message.
The CLI uses a consistent date and time format for input and output. Use the following format with the CLI:
YYYY MM DD,hh:mm:ss
For example, to set the expiration date of the MWest user account to May 1, 2002 at 5:00 PM, enter:
EA USER MWest UPDATE EXPIRES:2002 05 01,17:00:00
DRA and ExA support wildcard characters in AA group names and many other CLI options. Names of some objects, such as user accounts, groups, resources, ActiveViews, AAs, and Administrators, cannot contain specific characters. These restrictions apply throughout the DRA and ExA user interfaces.
The following terms provide a consistent way to refer to types of command parameters:
Indicates a single name that includes no wildcard characters. For example, to indicate the TomB user account, specify TomB.
Indicates a name that includes wildcard characters. The CLI expands wildcard characters in context, similar to the DOS and Microsoft Windows command line file name wildcard specifications. For example, to indicate all groups that begin with Sales_, specify Sales_*.
The CLI provides tremendous expressive power. Use the following special functions and variables to reference common sets of objects. These functions and variables enable you to perform a single command on multiple objects.
Returns a list of contacts, computers, groups, and user accounts that are members of any group matching the specified wildcard. You can use this function with the ACCOUNT and GROUP commands.
Returns a list of contacts, computers, groups, and user accounts that are members of any group matching the specified wildcard. This function is recursive, which means it will enumerate group memberships for groups that are members of the wildcard group. You can use this function only with the ACCOUNT and GROUP command.
Returns a list of user accounts that are members of any group matching the specified wildcard.
Returns a list of user accounts that are members of any group matching the specified wildcard. This function is recursive, which means it will enumerate group memberships for groups that are members of the wildcard group.
Represents the current target of the command. This function allows you to include the target name in the specified command. For example, to set the home directory path of each user account in the Atlanta Users group to \\ATLHOME\USERS\username, enter:
EA USER @GroupUsers("Atlanta Users") UPDATE HOMEDIR:\\ATLHOME\USERS\@Target()
NOTE:The console allows you to use %username% to represent the current target. However, when the %username% variable is used in the CLI, Microsoft Windows defines the %username% variable as the currently logged on user.
Returns a list of all groups and user accounts included in any ActiveView matching the specified wildcard.
Returns a list of all groups included in any ActiveView matching the specified wildcard.
Returns a list of all groups and user accounts included in any ActiveView matching the specified wildcard. This function is the same as the @TerritoryAccounts(wildcard) special function.
Returns a list of all user included in any ActiveView matching the specified wildcard.
When you specify some options, you may also need to specify a prefix. The CLI supports the following prefixes:
|
domain \ |
Allows you to identify a user account or group in a different domain. For example, if you manage multiple domains, members of local groups can be user accounts or groups in any managed or trusted domain. If the user accounts and groups are in a domain other than the connected domain, the user account and group specifications must contain the domain\ prefix, where domain identifies the name of this other domain. For example, to add the TomB user account from the Houston trusted domain to the Sales group, enter: EA GROUP Sales MEMBERADD Houston\TomB If you do not specify a domain, the CLI defaults to the connected domain. |
|
/UNICODE |
Allows you to output unicode text to the console or a file. If you want unicode output from a batch file to be redirected to a file, you should include both the "/unicode" flag as well as the redirected filename within the batch file. |
|
/NOCR |
Removes the extra CR character sequence from the CLI command output when you direct the output of the CLI command to a text file. If you use the /UNICODE option, type the /NOCR option before the /UNICODE option. For example, if you use the USER command and want to direct the output to the temp.txt file, enter: EA /DOMAIN:acct04 /MASTER /NOCR /UNICODE USER DISPLAY > temp.txt |
|
g: |
Identifies a new rule or AA as a group. When you specify a new rule or AA that includes a wildcard character, you need to indicate whether the rule or AA is a user account, group, or ActiveView specification. Specify xg: for an exclude group rule. |
|
t: |
Identifies a new rule as an ActiveView. When you specify a new rule that includes a wildcard character, you need to indicate whether that new rule is a user account, group, or ActiveView specification. Specify xt: for an exclude ActiveView rule. |
|
u: |
Identifies a new rule or AA as a user. When you specify a new rule or AA that includes a wildcard character, you need to indicate whether that new rule or AA is a user account, group, or ActiveView specification. Specify xu: for an exclude user rule. |
You can create batch files with CLI commands. The CLI commands return codes depending on the success or failure of the commands. You can use these return codes to write conditional statements. The return codes are:
|
0 |
Information |
|
1 |
Warning |
|
2 |
Error |
|
3 |
Severe error |
|
4 |
Very severe error |
|
5 |
Unrecoverable error |
|
6 |
Extremely unrecoverable error |