What it is: Jose is a small, HTML and script-based tool for the documentation of the objects of in Active Directory. It reads in the directory and generates an HTML file
that displays information about OUs, users, groups, computers, policies, etc..
What is not: and José generates no dynamic pages, i.e. it is not possible the displayed folder structure, subsequently ascending or to collapse or similar.
And: Jose reads only the AD and does not change. Therefore, it requires no write permission in the AD and can be run with normal user rights (in the case but missing permissions can cause that Jose
can not read a lot). José is therefore 'safe' to Active Directory.
But caution: Jose is designed for manageable environments. Because the queries that used José, are not very optimized, can occur in large environments to long waiting periods and may be greater network
load. In addition, the generated report should be not too large, because the display in the browser can be otherwise problematic. Environments with several thousand objects have been documented but successfully. Who manages very large environments, should
limit his reports always on a particular level or a specific object class and work with multiple part reports.
In version 3.0, Ansgar Wiechers has newly built up for the script code from JoseExec.vbs. The code is now easier to maintain and extend. This however also the mode of operation of the script has changed, so that it takes more
time in many cases. We believe this but for well justified.
Starting with version 3.0, José the description (description) of objects only optionally emits. This option is however by default. You found above in jose.hta left in the General options. In definition file controls the behavior
specification "description" in the section [common] - missing them, José emits no descriptions.
Since version 2.0, Jose has two modes of operation:
For this reason, Jose now consists of two executable files: Jose.hta and JoseExec.vbs. Anyone how wants to work so far, continue to only the Jose.hta uses.
José starts double click on "jose.hta". It opens a form in which you can configure the report to be produced. Each of the sections relate to different object classes of Active Directory (user accounts, groups, etc.). This is
always true: the uppermost, printed in bold entry of a list specifies whether the associated class of at all is displayed. Way to control which object classes in the report to appear. If a class is not displayed, the individual attributes are ignored automatically.
The LDAP names of the attributes that can be switched on or switched off are displayed in a small Info window when you show the mouse pointer over the box. When José, a standard set of attributes that result in most cases an
interesting report is selected. (The button "all properties" and "no properties" should be self-explanatory) to restore himself through the button "Default selection" is this default selection.
When you turn off "OU structure and objects", José not goes through the folders and OUs. This is useful for reports that you want to emit only the domain data or only the GPO list.
When you start the Active Directory structure is read from version 2.0 no longer automatically. This had been found in large environments as an obstacle. You can wear a layer filter now at the top in the field "Issue from OU"
in LDAP notation. For example, OU=IT OU=Germany, DC=faq-o-matic,DC=net. Who would rather make the selection with the mouse, click on the button "Show OUs" next to the input box. Then José unhides the AD structure with radio buttons in the left pane (Note:
in a very complex environment can take a moment!). Select an OU or folder whose LDAP name in the filter field is entered. Thus, you may limit the output of the objects on the selected OU or the selected folder (and child). Unless the output is limited to a
certain level, an indication will appear in the report.
Respect for group memberships: the selection of "Group memberships" under "User accounts" or "Members" under "Groups" may leads to a rather lengthy processing time.
When you select "Group policy" only the names of the directives are displayed, but not the settings that are used within the guidelines. This information can be read is (currently) not scripted. For this we recommend the scripts
of the Group Policy Management Console (GPMC), in particular "GetReportsForAllGPOs.wsf".
Jose can read the Terminal Server settings (TS profile and TS-home) while in two ways (ADSI access to "userParameters" and the new "msTS **"-LDAP fields since Windows Server 2008), however, only the first variant works because
the fields introduced in Windows Server 2008 in the AD are not yet implemented.
In the "Report Name" field, you can specify a title for the generated report. Together with the options "Show legend", "Object name show instead of the LDAP name (in the case of group memberships)" and "Properties in slang" is
the documentation for non-techies.
Under "Report file name" you can specify a file name for the report - only the name, not the path (the suffix ".htm" adds Jose demand itself). The field is blank, José created themselves a name. Note: If the selected file name
is already taken, José overrides the existing report.
Click on the button starts the documentation "Document now!". It opens a black CMD window, which may not be closed! It may take now quite a few minutes where the window looks like nothing was happening.
Just be patient! After generating the reports, there is below under "Status" information and any error messages. Once the documentation is ready, a small box of "OK" show, and in the notification area, a link is on the generated HTML file.
Alternatively or in addition, you can save existing settings as a definition file to perform a similar report with JoseExec.vbs. To do this, you press the button "Save report definition". Jose then asks for a name for the definition
file, which you can freely choose (specified without path - only the file name!). The definition files are located in the subfolder / definition.
Who automates José or would like to run with an existing report definition, can be done about the additional script "JoseExec.vbs". JoseExec.vbs removes the definition of the report from a definition file in the folder / definition. The script is called with
"cscript.exe" in a CMD window (or batch) and has several command line options:
cscript JoseExec /d:<Definition> [/r:<Report>] [/t:<Titel>] [/f:<Filter>]
The parameter "/ d" is imperative. When false (or on call with /?)
JoseExec.vbs displays an overview of the syntax.
Es empfiehlt sich, alle Angaben in Anführungsstriche einzufassen (zwingend, sobald Leerzeichen enthalten sind).
cscript JoseExec /d:"DomainData.txt" /r:"MyDomainData.htm" /t:"Meine Domäne" /f:"OU=IT,OU=Germany,DC=domain,DC=tld"
To create a debug log, it appends the / debug to the command line parameter. It makes sense we should redirect then the output of the command to a text file.
cscript JoseExec /d:"DomainData.txt" /r:"MyDomainData.htm" /debug > C:\Daten\josedebug.txt
The architecture of JoseExec.vbs allows to extend reports to include new attributes or to edit existing definition files. This is done using a simple text editor. To remove attributes from a definition, it makes the attribute
simply. To include new attributes, it enlists just the attribute name the desired class (such as employeeID). That is suitable only for text attributes. Jose can deal with multivalued attributes. Binary attributes are problematic because they are accessible
easily by script.
José built a native support for the following attributes - they are accessible only from the extension of the definition file:
The generated HTML files are exclusively in the reports stored (from time to time empty), produced on demand. Who wants to share these generated files or save elsewhere, has several ways:
In the José main directory there is a file "Standard Reports.bat". Executes automated four predefined AD reports, which put together useful information for many diagnostic purposes. Here, she automatically generates the file
name by inserts the NetBIOS name of the domain, as well as a random number. This way you can run also repeated the standard reports, without losing previous data. Submit to run double click on "Default Reports.bat", as well as some patience.