Posts tagged Microsoft

Locked and disabled Users in Active Directory

0

At first… Here is the default procedure to create a saved query:

– Open Active Directory Users and Computers.

– In the console tree, right-click Saved Queries.

– Point to New, and then click Query.

– In Name, type a query name.

– In Description, type a query description.

– Click Browse to define the container from which to begin your search.

– Click Define Query to define your query.

Here are the query definitions:

Locked Users:

(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))

Disabled users:

 (&(objectCategory=person)(objectClass=user)(!name=Gast)(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

How to create a x64 or x86 WMI Filter

0

I had to distribute some applications via GPOs depending to the underlying OS architecture.

 

Here´s how I solved this problem.

I´ve created 2 WMI Filter Objects inside the Group Policy Managament Console and associated them with the GPOs I´ve already created

x86:

SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’32’

x64:

SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’64’

Check if a service is running via PowerShell

0

I´ve found a script in another blog by Anders Mikkelsen which I found really good and quite helpful since I´ve experienced that different services on some machines have the habit not to start after the server is being rebooted because of an update or reboot cycle at night.

function FuncCheckService{
    param($ServiceName)
    $arrService = Get-Service -Name $ServiceName
    if ($arrService.Status -ne "Running"){
        Start-Service $ServiceName
        FuncMail -To "to-email@domain.com" -From "from-mail@domain.com"  -Subject "Servername : ($ServiceName) service started." -Body "Service $ServiceName started" -smtpServer "relay.mailserver.com"
    }
}
function FuncMail {
    #param($strTo, $strFrom, $strSubject, $strBody, $smtpServer)
    param($To, $From, $Subject, $Body, $smtpServer)
    $msg = new-object Net.Mail.MailMessage
    $smtp = new-object Net.Mail.SmtpClient($smtpServer)
    $msg.From = $From
    $msg.To.Add($To)
    $msg.Subject = $Subject
    $msg.IsBodyHtml = 1
    $msg.Body = $Body
    $smtp.Send($msg)
}
FuncCheckService -ServiceName "VMware VirtualCenter Server"

Just copy and paste this script, save it as a ps1 file and schedule it to run every x minutes…

eBook “Introducing Windows Server 2012 (RTM Edition)”

0

I´ve stumbled over a link in another blog. Microsoft has released a free eBook about Windows Server 2012.

 

A key feature of this book is the inclusion of sidebars written by members of the Windows Server team, Microsoft Support engineers, Microsoft Consulting Services staff, and others who work at Microsoft. These sidebars provide an insider’s perspective that includes both “under-the-hood” information concerning how features work, and strategies, tips, and best practices from experts who have been working with the platform during product development.

 

You can download it via following link:

http://blogs.msdn.com/b/microsoft_press/archive/2012/09/05/free-ebook-introducing-windows-server-2012-rtm-edition.aspx

 

It´s not the newest post (05/11/12) but I´ve thought it might be interesting 😉

Renaming Windows Server 2008 Domain Controllers

0

You must be a member of the Domain Admins group to change the name of a Domain Controller.

To rename a Domain Controller with the name from <Old-Name-of-DC> in the MYTESTDOM.COM domain to <New-Name-of-DC> follow the next steps:

1. Open Command Prompt and type:

NETDOM computername <Old-Name-of-DC>.MYTESTDOM.COM /add:<New-Name-of-DC>.MYTESTDOM.COM

This command will update the service principal name (SPN) attributes in Active Directory for this computer account, and register DNS resource records for the new computer name. The SPN value of the computer account must be replicated to all Domain Controllers for the domain, and the DNS resource records for the new computer name must be distributed to all the authoritative DNS servers for the domain name.

If the updates and registrations have not occurred prior to removing the old computer name, then some clients may be unable to locate this computer using the new or old name. Therefore, it’s very important to wait till the Active Directory replication finishes a replication cycle.

You can check that by using tools such as REPADMIN and REPLMON. You can verify the new name was indeed added to the computer object by viewing it through ADSIEDIT.MSC (which, for Windows Server 2008, is installed by default).

– Navigate to the computer object and right-click it.

– Select Properties: Scroll down in the list of available attributes till you reach the attribute called msDS-AdditionalDnsHostName.

2. Ensure the computer account updates and DNS registrations are completed, then type:

NETDOM computername <Old-Name-of-DC>.MYTESTDOM.COM /makeprimary:<New-Name-of-DC>.MYTESTDOM.COM

Again, you can inspect the change with ADSIEDIT.MSC. Scroll down in the list of available attributes for the computer object (notice how the server now appears with the new name) till you reach the attribute called msDS-AdditionalDnsHostName.

Notice that the old name should appear in the attribute’s properties.

3. Restart the computer.

4. From the command prompt, type:

NETDOM computername <New-Name-of-DC>.MYTESTDOM.COM /remove:<Old-Name-of-DC>.MYTESTDOM.COM

5. Make sure that the changes have successfully been replicated to all the Domain Controllers.

Enable RDP on a Windows XP Client via script

0

To enable the RDP service on Port 3389 in Windows XP, you could run these commands in a script:

netsh firewall add portopening TCP 3389 RDP enable all

reg add 'hklm\system\currentcontrolset\control\terminal server' /f /v fDenyTSConnections /t REG_DWORD /d 0

reg add 'hklm\system\currentcontrolset\control\terminal server' /f /v fAllowToGetHelp /t REG_DWORD /d 0

NET STOP TermService

NET START TermService

PowerShell Script to create functional and ACL Groups

0

Since I had the need to create 2 ACL and 2 functional groups in fixed and predefined OUs for the x-th time and just didn´t want to click my way I started to write this tiny script which created them for me…

import-module ActiveDirectory

$Name1 = "acl_" + $args + "_ro"
$Name2 = "acl_" + $args + "_rw"
$Name3 = "func_" + $args + "_ro"
$Name4 = "func_" + $args + "_rw"

new-adGroup -name $Name1 -GroupScope 1 -Path "<UPN-of-OU>" -GroupCategory 1 -sAMAccountName $Name1
new-adGroup -name $Name2 -GroupScope 1 -Path "<UPN-of-OU>" -GroupCategory 1 -sAMAccountName $Name2
new-adGroup -name $Name3 -GroupScope 1 -Path "<UPN-of-OU>" -GroupCategory 1 -sAMAccountName $Name3
new-adGroup -name $Name4 -GroupScope 1 -Path "<UPN-of-OU>" -GroupCategory 1 -sAMAccountName $Name4

Add-ADGroupMember -Identity $Name1 -Member $Name3
Add-ADGroupMember -Identity $Name2 -Member $Name4

Start and Stop Windows services via PowerShell

0

Since the Windows Update service is deactivated in the VMware View environment we have to ‘activate’ and start the service to update the VM.

Here you find some PowerShell?scripts which are starting and stopping this service and you´ll be able to update your VM.

Start Service:

Clear-Host
$srvName = 'wuauserv'
$servicePrior = Get-Service $srvName
'$srvName is now ' + $servicePrior.status
Set-Service $srvName -startuptype manual
Start-Service $srvName
$serviceAfter = Get-Service $srvName
'$srvName is now ' + $serviceAfter.status

Stop Service:

Clear-Host
$srvName = 'wuauserv'
$servicePrior = Get-Service $srvName
'$srvName is now ' + $servicePrior.status
Stop-Service $srvName
$serviceAfter = Get-Service $srvName
Set-Service $srvName -startuptype disabled
'$srvName is now ' + $serviceAfter.status
Go to Top