Last month, in "The Power of For" (InstantDoc ID
96539), I began a discussion about the For command, one of those little unsung Windows "hero"
tools. I showed you how to use For to make a program capable of processing
wild cards even when that program doesn't understand wild cards. For example,
to make the imaginary Processfile command process every file whose name starts
with "z," I could type
for %a in (z*) do processfile %a
In other words, For takes a program that processes one file
at a time and transforms it into a program that can process
a series of files—pretty useful functionality. However, last
month I had room for only the merest of For's powers. Let's
remedy that.
Couldn't Resist
A few years ago, Microsoft announced an entertaining bug—more like an
Easter Egg—in the Windows Server 2003 and Windows 2000 Server versions
of the Microsoft Management Console (MMC) Active Directory Users and Computers
snap-in. Open the snap-in, navigate to any group, right-click the group's icon,
and choose Properties. In the resulting Properties dialog box, you'll see a
Members tab that shows all the members of that group, including an androgynous
head icon for each user. But if a group has more than 500 members, the hair
color on the icon goes from black to white. Of course, when I heard about this
bug, I had to try it out. But how would I generate 501 user accounts?
In previous columns, I've explained that you can create a user account on a
domain from the command line by typing
net user <username> <password> /add /domain
However, typing a Net User command 501 times doesn't sound like fun. With For's
/l option—which tells For to count—I can tell Windows to do 501
Net User reiterations in just one line. The syntax for For /l is
for /l %a in (<first number> <increment> <last number>) do
<command>
For example,
for /l %a in (1 1 5) do echo %a
would have the effect of telling For to show the numbers 1 through 5, incrementing
by one. Armed with this functionality, I can then type
for /l %a in (1 1 501) do net user testuser%a
ComplexPassword$ /domain /add
This command creates 501 user accounts with the names
testuser1, testuser2, and so on up to testuser501. Each user
has the same password—ComplexPassword$—and the
accounts are created on the domain. (Please try this only
on a test domain.) After the command has completed, open
the Active Directory Users and Computers snap-in, find the
Domain Users group, and examine its membership: You'll
find all white-haired icons.
To get rid of these test accounts, you can use the
net user <username> /delete /domain
command, but don't forget to use For to pump up its power to delete all 501
accounts, as follows:
for /l %a in (1 1 501) do net user testuser%a /domain /delete
Getting Complex
Thus far, the command portion of For has been a single command (e.g.,
Chml last month, Net User this month). But what if you want to perform multiple
tasks in one For command?
For example, suppose you want to not only create a user named testusernumber
but also add that user to a domain local group called test. First, you
can add a user to a domain local group with the command
net localgroup <groupname> <username> /add
To simultaneously instruct For to add the user to the test group, you
can put the two necessary commands on a single line by placing the ampersand
character (&) between them and surrounding the two commands with parentheses.
To create 501 users, then, and also add each one to the test group, you
could type
for /l %a in (1 1 501) do (net user testuser%a
ComplexPassword$ /domain /add & net localgroup test
testuser%a /add)
Stay tuned for more For!