Category: Microsoft Active Directory

Microsoft Active Directory – Add-Computer Cmdlet

You may use the following Windows PowerShell cmdlet to add a host to a Microsoft Active Directory domain with a specific domain controller. You will need to substitute the DOMAIN parameter with the actual domain name.

Add-Computer -DomainName DOMAIN -Server DOMAIN\DC01


Microsoft Active Directory – Trust Relationship Failure with Primary Domain

If you’ve worked with Microsoft Active Directory, then it’s very likely you’ve seen the following error message while trying to login to a server or workstation using domain credentials: “The trust relationship between this workstation and the primary domain failed.”

Typically, this is resolved by removing the server or workstation from the domain then rejoining it to the domain. However, the Reset-ComputerMachinePassword cmdlet may be used to change the computer account password that the computer uses to authenticate to domain controllers in the domain. For example, you may use the following syntax: Reset-ComputerMachinePassword -Server DC01 -Credential DOMAIN\– USER. As this is an example, you’ll need to substitute the DC01 field with a domain controller in your Microsoft Active Directory domain. Additionally, you’ll need to substitute the DOMAIN\– USER field with the domain and username of a user in your Microsoft Active Directory domain.

I believe this solution is preferable due to the fact that the Microsoft Active Directory computer object continues to use the same SID, remains in the appropriate OU, and remains in any necessary groups.

More information on this cmdlet may be found here.


Microsoft Active Directory – Computer Object Password

You may use the following Windows PowerShell cmdlets to view the last time an Active Directory (AD) computer object reset it’s password for all of the computer objects in an AD domain or an individual computer object in an AD domain.

Get-ADComputer -Filter * -Properties PasswordLastSet | Select Name, PasswordLastSet | Sort-Object Name, PasswordLastSet | Format–List
Get-ADComputer -Filter ‘Name -EQ “<<<HOSTNAME>>>”‘ -Properties PasswordLastSet | Select Name, PasswordLastSet | Format-List


Microsoft Active Directory – Get Computer Object Organizational Unit

You may use the following Windows PowerShell cmdlet to query Microsoft Active Directory (AD) for the hostname and organizational unit (OU) of a computer object.

Get-ADComputer -Filter ‘Name -EQ “HOSTNAME“‘ | Format-List -Property Name, DistinguishedName


Microsoft Active Directory – View a List of Servers

You may use the following Windows PowerShell cmdlet to get a list of all of the Windows Servers in your Microsoft Active Directory (AD) domain. In particular, it will provide the hostname of the server, operating system, and service pack then output the results to a CSV file.

Get-ADComputer -Filter ‘OperatingSystem -like “Windows Server*”‘ -Properties Name, OperatingSystem, OperatingSystemServicePack | Sort-Object -Property Name | Format-List -Property Name, OperatingSystem, OperatingSystemServicePack | Out-File -FilePath “<<>>.csv”


Microsoft Active Directory – Get Computer Object Last Logon Time

You may use the following Microsoft PowerShell cmdlet to determine the last logon time for a Microsoft Active Directory (AD) computer object.

Get-ADComputer HOSTNAME -Properties LastLogonDate


Microsoft Exchange Server 2016 – Prerequisites

The implementation of Microsoft Exchange Server 2016, like any other critical component of an Information Technology (IT) infrastructure, has prerequisites. These includes prerequisites for Microsoft Active Directory (AD) as well as the operating system.

Microsoft has provided a list of the prerequisites for Microsoft Exchange Server 2016. That documentation may be found here.


Microsoft Exchange Server 2016 – Microsoft Active Directory Schema Changes

Installing Microsoft Exchange Server 2016 requires changes to the Microsoft Active Directory (AD) schema. Typically, schema changes are feared by Microsoft Active Directory (AD) engineers and administrators. However, it doesn’t need to be that way.

Microsoft has provided a list of the schema changes that are made to Active Directory (AD) in preparation for Microsoft Exchange Server 2016. That documentation may be found here.


Microsoft Active Directory – Domain and Forest Functional Levels

You may use the following (2) Microsoft Windows PowerShell cmdlets to view the domain and forest functional levels of a Microsoft Active Directory domain.

Get-ADDomain | Format-List Name, DomainMode
Get-ADForest | Format-List Name, ForestMode


Microsoft Exchange Server 2016 – Mailbox Enabled User Command Line Configuration

You may use the following Microsoft Exchange Management Shell (EMS) cmdlet to configure a Mailbox-Enabled User in Microsoft Exchange Server 2016.

Enable-Mailbox -Identity User