What it is: Jose is a small, HTML and script-based tool for the documentation of the objects of in Active Directory. It reads in the directory and generates an HTML file that displays information about OUs, users, groups, computers, policies, etc..

What is not: and José generates no dynamic pages, i.e. it is not possible the displayed folder structure, subsequently ascending or to collapse or similar.

And: Jose reads only the AD and does not change. Therefore, it requires no write permission in the AD and can be run with normal user rights (in the case but missing permissions can cause that Jose can not read a lot). José is therefore 'safe' to Active Directory.

But caution: Jose is designed for manageable environments. Because the queries that used José, are not very optimized, can occur in large environments to long waiting periods and may be greater network load. In addition, the generated report should be not too large, because the display in the browser can be otherwise problematic. Environments with several thousand objects have been documented but successfully. Who manages very large environments, should limit his reports always on a particular level or a specific object class and work with multiple part reports.

New code since version 3.0

In version 3.0, Ansgar Wiechers has newly built up for the script code from JoseExec.vbs. The code is now easier to maintain and extend. This however also the mode of operation of the script has changed, so that it takes more time in many cases. We believe this but for well justified.

Starting with version 3.0, José the description (description) of objects only optionally emits. This option is however by default. You found above in jose.hta left in the General options. In definition file controls the behavior specification "description" in the section [common] - missing them, José emits no descriptions.

Usage

Since version 2.0, Jose has two modes of operation:

1. Interactive operation with GUI
2. Script-driven operation via command line

For this reason, Jose now consists of two executable files: Jose.hta and JoseExec.vbs. Anyone how wants to work so far, continue to only the Jose.hta uses.

Interactive mode: Jose.hta

José starts double click on "jose.hta". It opens a form in which you can configure the report to be produced. Each of the sections relate to different object classes of Active Directory (user accounts, groups, etc.). This is always true: the uppermost, printed in bold entry of a list specifies whether the associated class of at all is displayed. Way to control which object classes in the report to appear. If a class is not displayed, the individual attributes are ignored automatically.

The LDAP names of the attributes that can be switched on or switched off are displayed in a small Info window when you show the mouse pointer over the box. When José, a standard set of attributes that result in most cases an interesting report is selected. (The button "all properties" and "no properties" should be self-explanatory) to restore himself through the button "Default selection" is this default selection.

When you turn off "OU structure and objects", José not goes through the folders and OUs. This is useful for reports that you want to emit only the domain data or only the GPO list.

Filters

When you start the Active Directory structure is read from version 2.0 no longer automatically. This had been found in large environments as an obstacle. You can wear a layer filter now at the top in the field "Issue from OU" in LDAP notation. For example, OU=IT OU=Germany, DC=faq-o-matic,DC=net. Who would rather make the selection with the mouse, click on the button "Show OUs" next to the input box. Then José unhides the AD structure with radio buttons in the left pane (Note: in a very complex environment can take a moment!). Select an OU or folder whose LDAP name in the filter field is entered. Thus, you may limit the output of the objects on the selected OU or the selected folder (and child). Unless the output is limited to a certain level, an indication will appear in the report.

Miscellaneous

Respect for group memberships: the selection of "Group memberships" under "User accounts" or "Members" under "Groups" may leads to a rather lengthy processing time.

When you select "Group policy" only the names of the directives are displayed, but not the settings that are used within the guidelines. This information can be read is (currently) not scripted. For this we recommend the scripts of the Group Policy Management Console (GPMC), in particular "GetReportsForAllGPOs.wsf".

Jose can read the Terminal Server settings (TS profile and TS-home) while in two ways (ADSI access to "userParameters" and the new "msTS **"-LDAP fields since Windows Server 2008), however, only the first variant works because the fields introduced in Windows Server 2008 in the AD are not yet implemented.

Run Report

In the "Report Name" field, you can specify a title for the generated report. Together with the options "Show legend", "Object name show instead of the LDAP name (in the case of group memberships)" and "Properties in slang" is the documentation for non-techies.

Under "Report file name" you can specify a file name for the report - only the name, not the path (the suffix ".htm" adds Jose demand itself). The field is blank, José created themselves a name. Note: If the selected file name is already taken, José overrides the existing report.

Click on the button starts the documentation "Document now!". It opens a black CMD window, which may not be closed! It may take now quite a few minutes where the window looks like nothing was happening. Just be patient! After generating the reports, there is below under "Status" information and any error messages. Once the documentation is ready, a small box of "OK" show, and in the notification area, a link is on the generated HTML file.

Alternatively or in addition, you can save existing settings as a definition file to perform a similar report with JoseExec.vbs. To do this, you press the button "Save report definition". Jose then asks for a name for the definition file, which you can freely choose (specified without path - only the file name!). The definition files are located in the subfolder / definition.

Automated mode: JoseExec.vbs

Who automates José or would like to run with an existing report definition, can be done about the additional script "JoseExec.vbs". JoseExec.vbs removes the definition of the report from a definition file in the folder / definition. The script is called with "cscript.exe" in a CMD window (or batch) and has several command line options:

cscript JoseExec /d:<Definition> [/r:<Report>] [/t:<Titel>] [/f:<Filter>]

• /d: Name a José definition file
  Is without file path - only the file name with extension!
• /r: (optional) Name of the report file to be generated (HTML)
  Is without file path - only the file name. Note: The file will be overwritten without question!
• /t: (optional) Title of the report
• /f: (optional) LDAP object filter (Container/OU)
• /debug: (optional) Debug output in the CMD window

 The parameter "/ d" is imperative. When false (or on call with /?) JoseExec.vbs displays an overview of the syntax.

 Es empfiehlt sich, alle Angaben in Anführungsstriche einzufassen (zwingend, sobald Leerzeichen enthalten sind).

Example:

cscript JoseExec /d:"DomainData.txt" /r:"MyDomainData.htm" /t:"Meine Domäne" /f:"OU=IT,OU=Germany,DC=domain,DC=tld" 

To create a debug log, it appends the / debug to the command line parameter. It makes sense we should redirect then the output of the command to a text file.

Example:

cscript JoseExec /d:"DomainData.txt" /r:"MyDomainData.htm" /debug > C:\Daten\josedebug.txt 

The architecture of JoseExec.vbs allows to extend reports to include new attributes or to edit existing definition files. This is done using a simple text editor. To remove attributes from a definition, it makes the attribute simply. To include new attributes, it enlists just the attribute name the desired class (such as employeeID). That is suitable only for text attributes. Jose can deal with multivalued attributes. Binary attributes are problematic because they are accessible easily by script.

José built a native support for the following attributes - they are accessible only from the extension of the definition file:

• logonHours (permitted logon hours)
• pwdLastSet (last password change)
• lastLogonTimestamp (last replicated logon date)
• canonicalName (OU path as displayed in the Advanced view under "Object" as the canonical name)

Reports

The generated HTML files are exclusively in the reports stored (from time to time empty), produced on demand. Who wants to share these generated files or save elsewhere, has several ways:

• copy the two "Documents" folder and "Reports" together. You must be at the same level, so that the graphics are correctly inserted.
• Open the HTML file in Internet Explorer and [file-> save under...] (Dateityp:_"Website,_komplett_(.htm,_.html)")] Save. All required are "born .gif" images and the style sheet in a subdirectory of the chosen location where copied and adapted the links relative to.

Standard-Reports

In the José main directory there is a file "Standard Reports.bat". Executes automated four predefined AD reports, which put together useful information for many diagnostic purposes. Here, she automatically generates the file name by inserts the NetBIOS name of the domain, as well as a random number. This way you can run also repeated the standard reports, without losing previous data. Submit to run double click on "Default Reports.bat", as well as some patience.