Last month, in "The Power of For" (InstantDoc ID 96539), I began a discussion about the For command, one of those little unsung Windows "hero"
tools. I showed you how to use For to make a program capable of processing wild cards even when that program doesn't understand wild cards. For example, to make the imaginary Processfile command process every file whose name starts with "z," I could type
for %a in (z*) do processfile %a
In other words, For takes a program that processes one file at a time and transforms it into a program that can process a series of files—pretty useful functionality. However, last month I had room for only the merest of For's powers. Let's remedy that.
Couldn't Resist
A few years ago, Microsoft announced an entertaining bug—more like an
Easter Egg—in the Windows Server 2003 and Windows 2000 Server versions
of the Microsoft Management Console (MMC) Active Directory Users and Computers
snap-in. Open the snap-in, navigate to any group, right-click the group's icon,
and choose Properties. In the resulting Properties dialog box, you'll see a
Members tab that shows all the members of that group, including an androgynous
head icon for each user. But if a group has more than 500 members, the hair
color on the icon goes from black to white. Of course, when I heard about this
bug, I had to try it out. But how would I generate 501 user accounts?
In previous columns, I've explained that you can create a user account on a domain from the command line by typing
net user <username> <password> /add /domain
However, typing a Net User command 501 times doesn't sound like fun. With For's /l option—which tells For to count—I can tell Windows to do 501 Net User reiterations in just one line. The syntax for For /l is
for /l %a in (<first number> <increment> <last number>) do <command>
For example,
for /l %a in (1 1 5) do echo %a
would have the effect of telling For to show the numbers 1 through 5, incrementing by one. Armed with this functionality, I can then type
for /l %a in (1 1 501) do net user testuser%a ComplexPassword$ /domain /add
This command creates 501 user accounts with the names testuser1, testuser2, and so on up to testuser501. Each user has the same password—ComplexPassword$—and the accounts are created on the domain. (Please try this only on a test domain.) After the command has completed, open the Active Directory Users and Computers snap-in, find the Domain Users group, and examine its membership: You'll find all white-haired icons.
To get rid of these test accounts, you can use the
net user <username> /delete /domain
command, but don't forget to use For to pump up its power to delete all 501 accounts, as follows:
for /l %a in (1 1 501) do net user testuser%a /domain /delete
Getting Complex
Thus far, the command portion of For has been a single command (e.g.,
Chml last month, Net User this month). But what if you want to perform multiple
tasks in one For command?
For example, suppose you want to not only create a user named testusernumber but also add that user to a domain local group called test. First, you can add a user to a domain local group with the command
net localgroup <groupname> <username> /add
To simultaneously instruct For to add the user to the test group, you can put the two necessary commands on a single line by placing the ampersand character (&) between them and surrounding the two commands with parentheses. To create 501 users, then, and also add each one to the test group, you could type
for /l %a in (1 1 501) do (net user testuser%a ComplexPassword$ /domain /add & net localgroup test testuser%a /add)
Stay tuned for more For!
