Archive for category Active Directory
Configure a GPO WMI Filter for Office 2000, XP, or 2003
Posted by JBrokaw in Group Policy on February 3, 2010
SELECT * FROM Win32_Product WHERE Caption LIKE “Microsoft Office%2003%” OR Caption LIKE “Microsoft Office%2000%” OR Caption LIKE “Microsoft Office%XP%”
How To Create a Custom Power Plan for Windows 7 via GPO
Posted by JBrokaw in Group Policy, Windows 7 on February 3, 2010
How to Configure Power Settings for Windows 7 PCs via Group Policy
If server is Windows 2008 (R1) the following steps need to be taken:
1: Copy the “Policy Definitions” folder on a Windows 7 PC from the C:\Windows directory to \\Domain.local\SYSVOL\Policies Folder.
2: On a Windows 7 PC download and install RSAT (Remote Server Administration Tools) for Windows 7.
From a Windows 2008 R2 server or the Windows 7 PC with RSAT installed:
1: Create a New GPO.
2: Navigate to “Computer Configuration\Preferences\Control Panel Settings\Power Options”
3: Right Click and Create new “Power Plan (Windows Vista and later)”
4: Change the Action to “New” and name the Policy.
5: Configure the power settings.
6: Make sure the Group Policy is applied to the correct OU. Close the Group Policy Manger.
7: From a Windows 7 PC. Update Group Policy with the “gpupdate /force” command.
8: Find the power scheme you just created by using the “powercfg /list” command.
9: Copy the GUID of the power scheme.
10: Open the Group Policy Management Console again and edit GPO you created for the Windows 7 Power Settings.
11: Navigate to: Computer Configuration\Policies\Administrative Templates\System\Power Management\Specify a Custom Active Power Plan
12: Enable the Policy and Paste your GUID into the Options.
13: After Group Policy updates the PC’s Power Settings should look like this:
Find Old or Inactive Computer Accounts in Active Directory
Posted by JBrokaw in Active Directory on October 13, 2009
From the command line:
dsquery computer –inactive 4 –limit 0
This will list all computer accounts that have not been active for 4 weeks.
Remove inactive computer accounts:
dsquery computer –inactive 4 –limit 0 | dsrm
Find Email Addresses In Active Directory
Posted by JBrokaw in Active Directory, Exchange 2007 on October 8, 2009
Using CSVDE/LDIFDE to find an email address:
csvde -f outputfilename.csv -d "dc=domain,dc=com" -r "(&(mailnickname=*)(proxyAddresses=smtp:UserName@domain.com))" -l name
Replace "dc=domain,dc=com" with your AD domain name and suffix, and UserName@domain.com with the exact email address you’re looking for.
To find all recipients who have an email address from a particular SMTP domain, you can use a wildcard, e.g.:
csvde -f outputfilename.csv -d "dc=domain,dc=com" -r "(&(mailnickname=*)(proxyAddresses=smtp:*@domain.com))" -l name
In the above example, only the name field is exported. All CSVDE/LDIFDE queries also return the object’s distinguishedName. To add more fields to the list, insert a coma after name and type new field names separated by a coma: e.g.
name,displayName,sAMAccountName,proxyAddresses,homeMDB
Finding email addresses using the Exchange shell (Exchange Server 2007): The Exchange Server 2007 shell makes it easier (once you familiarize yourself with shell basics). To get a list of all recipients with email addresses from a particular domain:
get-recipient | where {$_.emailaddresses -match "domain.com"} | select name,emailaddresses
To get a list of recipients with a particular email address:
get-recipient | where {$_.emailaddresses -match "UserName@domain.com"} | select name,emailaddresses
Corrupt Active Directory Database
Posted by JBrokaw in Active Directory on June 29, 2009
Please note that ESENTUTL is doing a lossy repair. This kind of repair fixes corruption by deleting data from the database. You should only use this kind of repair as a last resort.
Furthermore, Microsoft does not support domain controllers after Esentutl is used to recover from Active Directory database corruption. If you perform this kind of repair, you must rebuild the domain controller for Active Directory to be in a supported configuration.
You should attempt all other available methods before consider using ESENTUTL:
1. Run “ntdsutil files integrity” Check the integrity of the Active Directory database
2. Perform a semantic database analysis using ntdsutil
3. If there are other functional domain controllers in the same domain, remove Active Directory from the server, and then reinstall Active Directory.
4. Restore from system state backup
5. If no system state backup is available, and there are no other healthy domain controllers in the domain, we recommend that you rebuild the domain by removing Active Directory and then reinstalling Active Directory on the server, creating a new domain.
Perform Active Directory Database Integrity Checks
Posted by JBrokaw in Active Directory on June 29, 2009
Restart the Server – Press F8 – Enter Directory Services Restore Mode
Log into the server
Reset Local Administrator Password On Workstations In Active Directory
Posted by JBrokaw in Active Directory on June 18, 2009
Create a new file called LocalAdminPwdChg.vbs.
Copy this text into the file:
Set
WshShell = WScript.CreateObject (“WScript.Shell& #34;)
wshShell.Run
“Net User administrator NewPassword“
Make sure to save the file with the extension .vbs.
Create a new Group Policy to call the LocalAdminPwdChg.vbs Script.
Configure the Script under Group Policy as follows: Computer Configuration\Windows\Settings\Scripts\Startup
Manually Remove Active Directory From A Domain Controller
Posted by JBrokaw in Active Directory on June 17, 2009
The local Admin will be the only account available when the machine comes back up without AD.
1. Change (note – values are case sensitive)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions]
“ProductType”=”LanmanNT” to
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions]
“ProductType”=”ServerNT”
2. Reboot
3. Delete the NTDS folder.
Remove references to the deleted server in any surviving replicas by using
NTDSUTIL metadata cleanup on a DC.
Import User Accounts Into Active Directory With CSVDE
Posted by JBrokaw in Active Directory on June 17, 2009
Use the CSVDE User Import Template to create a .csv file. Using this template requires an OU named “Import” be created in Active Directory.
Open the CMD prompt, navigate to the folder where you saved your .csv file.
Type this command: CSVDE -i -f Import.csv
Change Passwords For All Users In An OU
Posted by JBrokaw in Active Directory on June 12, 2009
From the Command Prompt: dsquery user “OU=ou1,dc=hcslab,dc=domain” | dsmod user -pwd ChangeNow! -mustchpwd yes