According to how you’ve been creating accounts, you might be the best friend of the office manager, who calls looking to see if you can generate a quick phone list. Or you might be useless. Either way, you should know how to obtain the data and therefore possibly how to be helpful to others. Or again, you might be a lost cause. Sorry, had to be said before I take over the entire Tri-State area. Anyway, let’s assume that you want to just grab the office phone number and that you’ve entered that into Active Directory. So let’s pull that and print it to the screen: Get-AdUser -Filter * -Properties…
-
-
Create a Forest Trusts In Active Directory
Trusts in Active Directory allow objects from one Domain or Forest to access objects in another Domain or Forest and allows administrators. To setup a trust: Login with a user in the Domain Admins group if you are setting up a Domain trust or Enterprise Admins if you are setting up a Forest trust (if you cannot use an account in one of these groups, you can use an account in the Incoming Forest Trust Builders group) Open Administrative Tools Open Active Directory Domains and Trusts Right-click the name of the domain Click Properties Click on the Trust tab Click New Trust Click Next Click on the Trust Name page…
-
Change Active Directory Forest Mode With A Script
Changing the Forest Mode in Active Directory can be scripted. I find this useful when regression testing such tasks in a sandbox (e.g. restore image, automate login, change mode, run tests, etc). The script is very simple. First, you’ll import he ActiveDirectory modules: Import-Module -Name ActiveDirectory Then you’ll check for the mode prior to running: Get-ADForest | Format-Table ForestMode Then you’ll change the forest and domain modes (one per line): Set-ADForestMode –Identity “krypted.com” –ForestMode Windows2008Forest Set-ADDomainMode –Identity “krypted.com” –DomainMode Windows2008Domain Then you’ll report the result: Get-ADForest | Format-Table Name , ForestMode The end result could be as simple as three lines if just testing: Import-Module -Name ActiveDirectory Set-ADForestMode –Identity “krypted.com”…
-
Create A Server 2012 VM In VMware Fusion
Our friends at VMware continue to outdo themselves. The latest release of Fusion works so well with Windows Server 2013 that even I can’t screw it up. To create a virtual machine, simply open VMware Fusion and click New from the File menu. Click “Choose a disc or disc image.” Select your iso for Server 2012 and click on Open (if you have actual optical media it should have skipped this step and automatically sensed your installation media). Click Continue back at the New Virtual Machine Assistant screen. Click Continue when the Assistant properly shows the operating system and version. Enter a username, password and serial number for Windows Server…
- Active Directory, Mass Deployment, Microsoft Exchange Server, Network Infrastructure, Windows Server
Use Active Directory Commandlets On Computers That Aren’t Domain Controllers
By default, the Active Directory Powershell management tools are not installed on Windows Servers. Commandlets are instead installed when the Active Directory Domain Controller role is added. However, you can install them even without installing the role. To do so, open Server Manager and go to Add and Remove Roles and Features. Don’t add any Roles, instead skip to add features. Then open Remote Server Administration Tools and then Role Administration Tools. From there expand on AD DS and AD LDS Tools and then highlight the Active Directory Module for Windows PowerShell. Once enabled, click Next through the end of the wizard. Once the wizard is complete, open Powershell and use…
-
Edit Windows Hosts File
Pretty much every operating system has a hosts file. In that file, you can define a hostname and then set a target IP. In Windows, that file is called hosts.txt and located in %systemroot%\system32\drivers\etc\. By default, that %systemroot% is going to be C:\Windows. This makes the path to the file C:\Windows\system32\drivers\etc\hosts.txt. By default, you’ll see the following: 127.0.0.1 localhost loopback ::1 localhost When you edit the file, add a new line with the IP address then a tab then the hostname that you’d like to be able to ping to get the address in question. For example, to add server.krypted.com to point to 192.168.210.210, you’d add some lines to make…
-
Ask PowerShell Who Hasn’t Changed Their Active Directory Passwords
You can use PowerShell to pretty much get anything you want out of Active Directory. Let’s say you want to see when the last time a user changed their password was. You can use the Get-ADUser commandlet to obtain any attribute for a user in the Active Directory schema. To use Get-ADUser, you’ll need to define a scope. In this example, we’ll do so using the -filter option and filter for everyone, using an *. That could be a lot of data, so we’re also going to look for the property, or attribute of PasswordLastSet using the -Properties option: Get-ADUser –filter * -Properties PasswordLastSet We can then add a little…
-
Use PowerShell to Query WMI on Windows Servers
I recently needed to check and see whether a backup drive (which was just a 4TB USB drive) was plugged into a server. But the server had no GUI, so I had to use the command line. There was no drive letter mapped to this drive, so I needed to use something else and I needed to make a script that could be used long-term. Luckily, PowerShell can be used to obtain WMI information on the hardware installed on a computer. This allows administrators to query WMI about the USB devices currently installed on a server. In the following command, we’re going to use gwmi from PowerShell and we’re going…
-
Setting PowerShell Execution Policies
Microsoft doesn’t want any old tool to execute PowerShell scripts. But sometimes when we’re running a tool, we need the tool to be run in a way that violates the default execution policy. In order to facilitate this, Microsoft has also provided four levels of security for the PowerShell execution policy. These include: Restricted: The default execution policy, which forces commands to be entered interactively. All Signed: Only signed scripts can be run by a trusted publisher. Remote Signed: Any scripts created locally can run. Unrestricted: Any script can run. To configure an execution policy interactively, simply use the Set-ExecutionPolicy command followed by the name of the execution policy you…
-
Script to Create Exchange Mailboxes for Active Directory Users Based On OU
Here’s a little powershell script to enable mailboxes based on an OU and put their new mailbox into a given database. To customize, change OU=ORGANIZATIONALUNIT,DC=companyname,DC=com to the DN for the OU you are configuring. Also, change DATABASENAME to the name of the information store that you’d like to use for the mailboxes in that OU. Import-module activedirectory $OUusers = Get-ADUser -LDAPfilter ‘(name=*)’ -searchBase {OU=ORGANIZATIONALUNIT,DC=companyname,DC=com} foreach($username in $OUusers) { Enable-Mailbox -Identity $username.SamAccountName -database {DATABASENAME} }