Tuesday, May 31, 2016
Powershell : Count Members of a AD Group
As System Administrator, In many cases you need to count members of AD group.
The Get-ADGroupMember cmdlet gets the members of an Active Directory group. Members can be users, groups, and computers.
$users = Get-ADGroupMember -Identity 'Group Name'
Monday, November 23, 2015
How to: Unlock Active-Directory Users Account via PowerShell
First, open PowerShell in administrator right.
Import Module Active-Directory
Run command Search-ADAccount - LockedOut
If there are any locked accounts, they will be shown like the following example:
To unlock account(s), add Unlock-ADAccount parameter to basic command
Search and unlock all account in domain
Search-ADAccount -LockedOut | Unlock-ADAccount
Limit the search to a specific OU,
Search-ADAccount -SearchBase "OU=Users,OU=Skepper,DC=MyDomain,DC=net" -LockedOut | Unlock-ADAccount
Limit search to Users Only
Search-ADAccount -UsersOnly -LockedOut | Unlock-ADAccount
Monday, August 18, 2014
The join operation was not successful. This could be because an existing computer account having name “<computer name” was previously created using a different set of credentials. Use a different computer name, or contact your administrator to remove any stale conflicting account. The error was:
Access is denied.
Two Main Points to fix this issue:
1. Ensure no exist computer name in Active Directory - if exist - delete it.
2. Create a new computer in the relevant UO.
Monday, July 7, 2014
How to use DSQUERY to find computers in Active Directory ?
Dsquery is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use dsquery, you must run the dsquery command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
Here a few examples;
1. Find all computers:
dsquery * -Filter "(&(objectClass=computer)(operatingSystem=*))" -Attr name operatingSystem -limit 100000000
2. Find only Servers:
dsquery * -Filter "(&(objectClass=computer)(operatingSystem=Windows Server *))" -Attr name operatingSystem -limit 100000000
3. Find Windows Server 2012:
dsquery * -Filter...
Wednesday, July 2, 2014
Active Directory Replication Registry Entries
Notice: This article was not written by me, but is very useful. Source
The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied.
It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as...
Tuesday, February 25, 2014
Monitoring Account Lockout
Netlogon Log File Error Codes
Each event in the Netlogon log contains a corresponding error code. The following table describes these error codes.
Netlogon Log Error Codes
Many different events can be created by various logon and logoff actions. The following table describes each logon event.
Logon Event IDs
Netlogon Logon Types
When many Netlogon logon events are logged, a logon type is also listed in the event details. The following table describes each logon type.
Netlogon Logon Types
Monday, December 30, 2013
Microsoft Active Directory Topology Diagrammer
The Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using LDAP, and then automatically generates a Visio diagram of your Active Directory and /or your Exchange Server topology. The diagramms may include domains, sites, servers, organizational units, DFS-R, administrative groups, routing groups and connectors and can be changed manually in Visio if needed.
With the Active Directory Topology Diagrammer tool, you can read your Active Directory structure through LDAP. The Active Directory Topology Diagrammer tool automates Microft Office Visio to draw a diagram of the Active Directory Domain topology, your Active Directory Site topology,...
Monday, December 16, 2013
Register Active Directory Schema Snap-In (dll)
For the Active Directory Schema snap-in (MMC) we must first register schmmgmt.dll.
Here how we register that dll.
Log-on as administrator.
click Start , type command prompt , and then right-click Command Prompt when it appears in the Start menu. Next, click Run as administrator , and then click OK .
Type the following command, and then press ENTER:
Click Start , click Run , type mmc , and then click OK .
On the File menu, click Add/Remove Snap-in.
Under Available snap-ins , click Active Directory Schema , click Add , and then click OK .
Now you can manage...
Which domain controller I'm connected ? (or how to find domain controller)
In an environment where there are several domain controllers, sometime we want to know which domain controller our computer is connected .
In this post I will show some ways to get the information.
Option-1 Using nltest
Open command prompt with administrative privileges and run:
you need to replace "domain_name" with your domain (domain.local for example).
Option-2 the SET command
again, open CMD, run SET and Look at the variable called %LOGONSERVER%.
Tip, you can narrow the results relevant line only by run this command:
c:\>set | find "LOGONSERVER"
Option-3 echo command
this command will...