Category: Microsoft Active Directory

Microsoft Active Directory – Export Group Membership

March 17, 2016
Microsoft Active DirectoryMicrosoft Windows PowerShellScripting

You may use the following Microsoft Windows PowerShell script to export the users in a Microsoft Active Directory group to a notepad (.txt) file. Additionally, please edit the out-file -filepath portion of this script to a network location of your choice.

<#
.SYNOPSIS
This script will provide the members of a Microsoft Active Directory group and export them to a notepad (.txt) file.
.DESCRIPTION
This script automates the process of exporting the users in a Microsoft Active Directory group.
.EXAMPLE
N/A.
.AUTHOR
Written by Noel Enrique Alvarez on Thursday, March 17, 2016.
#>

#Import the Microsoft Active Directory module
Import-Module ActiveDirectory

#Request the name of the Microsoft Active Directory group
$GROUP = Read-Host “What is the name of the Microsoft Active Directory group?”

#Export the members of the Microsoft Active Directory group and export them.
Get-ADGroupMember -identity $GROUP | Select Name, SamAccountName | out-file -filepath “C:\Users\User01\Desktop\$GROUP.txt”

Distributed File System – Remove Orphaned Namespace

March 8, 2016
Distributed File SystemFile ServicesMicrosoft Active Directory

The following is a step by step guide on removing an orphaned Distributed File System (DFS) namespace in a Microsoft Active Directory environment.

  1. Open Active Directory Service Interfaces Editor (adsiedit.msc)
  2. Connect to the Default naming context
  3. Navigate to DC=domain,DC=com,CN=System,CN=Dfs-Configuration
  4. Delete the object for the orphaned DFS namespace
  5. Run repadmin /syncall (if you have more than one Microsoft Active Directory domain controller)

Microsoft Windows Server 2012 R2 – Resynchronize Network Time Protocol Client

February 15, 2016
Microsoft Active DirectoryMicrosoft Windows PowerShellNetwork Time Protocol

You may use the following Windows PowerShell command to resynchronize the Network Time Protocol (NTP) client, in Microsoft Windows Server 2012 R2, with it’s NTP server.

w32tm /resync /nowait

Enjoy!

Microsoft Windows Server 2012 R2 – Configure Network Time Protocol

February 15, 2016
Microsoft Active DirectoryMicrosoft Windows PowerShellNetwork Time Protocol

You may use the following commands, run as an administrator in Windows PowerShell, to configure the Network Time Protocol (NTP) settings for Microsoft Windows Server 2012 R2. In this example, the NTP server to be configured is pool.ntp.org, which is a round-robin of NTP server.

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL
Stop-Service w32time
Start-Service w32tim

Enjoy!

Microsoft Windows Server 2012 R2 – Query Network Time Protocol Configuration

February 12, 2016
Microsoft Active DirectoryNetwork Time Protocol

You may use the following (2) commands to view the Network Time Protocol (NTP) settings for Microsoft Windows Server 2012 R.

  1. w32tm /query /peers
  2. w32tm /query /source

Enjoy!

Microsoft Failover Clustering – Event ID: 1194

December 17, 2015
Microsoft Active DirectoryMicrosoft Failover Clustering

In Windows Server 2012 R2 the Cluster Name Object (CNO) will be created in the same Organizational Unit (OU) as the computer objects that comprise the cluster. When configuring a cluster role a Virtual Computer Object (VCO) may need to be created which may fail with Event ID 1194. This is due to the fact that in Windows Server 2012 R2 the VCO will be created in the same OU as the CNO but the CNO, by default, will not have the “Create Computer objects” permission for that OU.

This is resolved by providing the CNO the “Create Computer objects” permission on the OU where it is located. A simple method of completing this is using a Microsoft Active Directory group (ex. Microsoft Failover Clustering), placing the CNO in the group and configuring the “Create Computer objects” permission at the OU level. Below you will find an example.

01

Microsoft Windows Server 2012 R2 – Deleting a PTR Record

December 1, 2015
Domain Name SystemMicrosoft Active DirectoryMicrosoft Windows PowerShell

If you ever need to delete an individual pointer record (PTR) that is all capitalized and will not delete from the Microsoft Windows Server DNS graphical user interface (GUI) then use the example command below. The example below will delete the PTR record which corresponds to Internet Protocol (IP) address 192.168.25.100.

Remove-DnsServerResourceRecord -ZoneName “25.168.192.in-addr.arpa” -RRType “PTR” -Name “100”

Microsoft Windows Server 2012 R2 – Network Time Protocol Configuration

June 26, 2015
Microsoft Active DirectoryMicrosoft Windows PowerShellNetworkNetwork Time Protocol

You may use the following Microsoft Windows PowerShell commands, as an administrator, to configure the network time protocol (NTP) servers for Windows Server 2012 R2 and sync a Windows client, such as Microsoft Windows 7, to the server. This example is using the well known NTP servers from the NTP Pool Project.

  • Server Configuration:
    • w32tm /config /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org” /syncfromflags:MANUAL
    • Stop-Service w32time
    • Start-Service w32time
  • Client Configuration:
    • w32tm /resync

Microsoft Group Policy Object – Disable Default Domain Policy Password Policy

May 5, 2015
Microsoft Active DirectoryMicrosoft Group Policy Object

You may use the following method to disable the Password Policy settings in the Default Domain Policy. I do not recommend this for a production network, which should use a password policy, but it may be used in a home lab.

GPO Path: Computer Configuration/Policies/Windows Settings/Security Settings/Account Policies/Password Policy

GPO Settings: Enforce Password History/0

GPO Settings: Maximum Password Age/0

GPO Settings: Minimum Password Age/0

GPO Settings: Minimum Password Length/0

GPO Settings: Password must meet complexity requirements/Disabled

Microsoft Windows PowerShell – Query a List of SAMAccountNames

November 6, 2014
AutomationMicrosoft Active DirectoryMicrosoft Windows PowerShellScripting

The Microsoft PowerShell script below may be used to query a list of Microsoft Active Directory SAMAccountNames from a Notepad (.txt) file and output the Given Name and Enabled status in a CSV file.

 

#This scrip will query a list of SAMAccountNames from a notepad (.txt) file and provide the Name and Enabled status
#
#Provide the path to the Notepad (.txt) file tha contains the list of SAMAccountNames
$– USERS = Get-Content “<<File Path>>”
$– USERS | ForEach {Get-ADUser $_ -Properties * | Select SAMAccountName, Name, Enabled} | Export-CSV -Path “<<File Path>>”

 

Enjoy!