ad – Cerulean

2017-04-12

Redirected homefolder – the correct way…

https://support.microsoft.com/kb/274443

1. Set Share Permissions for the the correct group to full access (Sudgestionname: RDS_access_all_user)

2. Use the following settings for NTFS Permissions:

CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
System – Full Control (Apply onto: This Folder, Subfolders and Files)
Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
RDS_access_all_user – Modify (Apply onto: This folder only)
RDS_access_all_user – Read & Execute (Apply onto: This folder only)
RDS_access_all_user – List fodler content (Apply onto: This folder only)
RDS_access_all_user – read (Apply onto: This folder only)
RDS_access_all_user – write(Apply onto: This folder only)

2016-05-29

Clear out Exchange settings in AD

I certanly dont recommend this but this is what worked ….

$User = "" $Users = "" $Users=Get-ADUser -filter * | select SamAccountName

foreach ($User in $Users) { set-ADUser -identity $User.SamAccountName -clear legacyExchangeDN set-ADUser -identity $User.SamAccountName -clear mailNickname set-ADUser -identity $User.SamAccountName -clear msExchHomeServerName set-ADUser -identity $User.SamAccountName -clear msExchMailboxGuid set-ADUser -identity $User.SamAccountName -clear msExchMailBoxSecurityDescriptor set-ADUser -identity $User.SamAccountName -clear msExchPoliciesIncluded set-ADUser -identity $User.SamAccountName -clear msExchRBACPolicyLink set-ADUser -identity $User.SamAccountName -clear msExchRecipientDisplayType set-ADUser -identity $User.SamAccountName -clear msExchRecipientTypeDetails set-ADUser -identity $User.SamAccountName -clear msExchTextMessagingState set-ADUser -identity $User.SamAccountName -clear msExchUMDtmfMap set-ADUser -identity $User.SamAccountName -clear msExchUserAccountControl set-ADUser -identity $User.SamAccountName -clear msExchUserCulture set-ADUser -identity $User.SamAccountName -clear msExchVersion set-ADUser -identity $User.SamAccountName -clear proxyAddresses set-ADUser -identity $User.SamAccountName -clear showInAddressBook }

2015-10-29

WMI Filtering in Grouppolicy

Filtrera ut olika saker med WMI filter i Grouppolicy

Exempel:

SELECT Version, ProductType from Win32_OperatingSystem Where Version like ”6.1%” and ProductType = ”1” = Window 7 klienter
SELECT Version, ProductType from Win32_OperatingSystem Where Version like ”6.3%” and ProductType = ”1” = Window 8 klienter
SELECT Version, ProductType from Win32_OperatingSystem Where Version like ”10.0%” and ProductType = ”1” = Window 10 klienter

Select Caption,ProductType from Win32_OperatingSystem Where Caption LIKE ”%Windows 10%” and ProductType=”1″ = Windows 10 .. ok 2016

Filtrerar ut alla maskiner med version 6.1% samt har ProductType = 1 (1= Client, 2=Server, 3=Member server)

2015-09-16

Hantera AD grupper m.m. med Powershell

import-module activedirectory
Get-ADUser -Filter {(Enabled -eq $true)} -searchbase ”ou=RDS,dc=HR,dc=local”
get-adgroupMember ”RDS_Monitor_Users” -recursive | select-object Name

2013-04-192018-11-28

Active Directory Roles (FSMO) – Detect/ Transfer Server rules…

Powershell way to transfer all roles fast…

cls Import-Module activedirectory Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator Get-ADForest | Format-Table SchemaMaster,DomainNamingMaster, GlobalCatalogs Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, OperationMasterRoles |Where-Object {$_.OperationMasterRoles} | Format-Table -AutoSize


exit

Move-ADDirectoryServerOperationMasterRole -Identity "vdc02" -OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster
ALt #2

$Domain = get-addomain

$forest=Get-ADForest $domain.name

write-host "Forest-Sites:`t`t`t"$forest.Sites

write-host "Domain:`t`t`t`t`t"$domain.name

write-host "FMSO:"

write-host "DomainNamingMaster:`t`t"($forest).DomainNamingMaster

write-host "SchemaMaster:`t`t`t"($Forest).SchemaMaster

write-host "InfrastructureMaster: `t"($Domain).InfrastructureMaster

write-host "PDCEmulator:`t`t`t"($Domain).PDCEmulator

write-host "RIDMaster:`t`t`t`t"($Domain).RIDMaster
exit

#Move-ADDirectoryServerOperationMasterRole -Identity "vdc02" -OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster