Powershell function for gathering users in groups
A friend of mine asked me a couple of days ago if I knew a way to gather users who are members of given groups. I thought to myself “Hmm, challenge accepted!” and started writing a small powershell script. After he confirmed that the script worked as planned I decided to make a function of it (Yes, I know it has been a lot of them on this blog lately). The function accepts two parameters: GroupNames and Filelocation. In addition there is an optional switch called KeepCSV. Rest of the function isn’t that interesting, if you want to use it you can always consult the help (get-help get-membersinadgroups) that I actually have created đŸ™‚ Heres the code: function Get-MembersInADGroups { Param ( [parameter(Mandatory=$True)][string[]]$GroupNames, [parameter(Mandatory=$True)][string[]]$Filelocation, [switch]$KeepCSV ) Get-ADGroup -LDAPFilter “(name=$GroupNames)” | export-csv $FileLocationtemp.csv -NoTypeInformation $groups = Import-Csv $FileLocationtemp.csv $groups | ForEach-Object { $groupname = $_.SamAccountname Get-ADGroupMember -Identity $_.SamAccountName | select-object name,samaccountname…
"The given Key was not present in the dictionary" error when running Group Policy Modeling
I ran into a rather strange error today when trying to run Group Policy Modeling on a user. Instead of showing me Summary and Settings I received an error stating that The given Key was not present in the dictionary. At first I thought that maybe we had used some Norwegian characters somewhere in a policy, but after some googling it turns out that this is caused by ticking the parent registry container when using the Registry Wizard to create a gpo registry preference. Microsoft has published a kb article about it here: http://support.microsoft.com/kb/2692409 However the resolution they are presenting is useless for most organizations I think. Recreating all registry collections is not an option, at least it wasn’t for us. So here’s how to do it in a less time consuming manor (but it may still take some time): Edit any gpo you have used to set registry settings, navigate…
Simple script for adding user photo in Active Directory
It’s been a while since I posted here so I thought it might be time to add some content. This script is a simple script that adds a photo to a user’s active directory user object. It also checks the filesize to prevent users adding large photos (you can of course change this limit). The requirements for this script is the Active Directory module and permission to edit a user object in Active Directory The script: #Imports the Active Directory module Import-Module active* #Asks the user for a filename $photopath = Read-Host “Please input filepath and filename” #Converts the users input to an object $file = Get-Item “$photopath” #Calculates the filesize $filesize = $file.length/1KB #If the file is largers than 12KB you get a message stating that the file is too large #If the file is smaller than 12KB it asks for a username and imports the file to Active…
Mass import of users in Active Directory v2 – Powershell time
Earlier I posted a script that created users and homefolders and added the users to specified groups. It also set ntfs permissions on the homefolders. That script used primarily old fashioned stuff, so I sat down and started looking for a neat way to do the same in powershell. The powershell script I came up does a lot more than the last one. Here a little list: Creates OUs Creates users Creates security groups Creates distribution groups Creates mailboxes for all users Add specified users to the correct security and distribution groups Creates a homefolder root folder and shares it Creates a homefolder for each user and sets ntfs permissions Set storage limit on the exchange mailbox database As you can see, it does quite a lot. I could incorporate more in this script, for example sharepoint and lync config, but I figured the script is long enough. If you…
Mass import of users in Active Directory
Tried sleeping……That obviously didn’t work out, so here’s a guide on how to import a number of users in Active Directory and then creating and sharing out their home folder. Note: This guide uses dsadd for creating users and cacls for setting ntfs permissions. Thats kind of old fashioned, I will try to write a new guide using powershell later on. In the scenario I have created this script for we have a domain controller who happens to also be the file server, file01. The domain is called test.local and have 5 OUs in addition to the default ones, those are: Sales Management HR IT groups Files are stored on a drive called e: under a folder named users. Each homefolder is shared with a trailing $. In the OU called groups, there are a few groups with identical names to the rest of our OUs. Now that we have…
Activesync issue on Exchange 2010
At work we are currently migrating to a new active directory domain. The migration hos gone rather smoothly except for a couple of users who are not able to sync mail on their phones. After a little research I found the following events in the event log on our exchange CAS server: Log Name: Application Source: MSExchange ActiveSync Date: 04.08.2011 11:00:48 Event ID: 1053 Task Category: Configuration Level: Error Keywords: Classic User: N/A Computer: <servername> Description: Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=<user>,OU=<ou>,DC=<domain>,DC=local” container under Active Directory user “Active Directory operation failed on <domain controller>. This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 “. Make sure the user has inherited permission granted to domainExchange Servers to allow List, Create child, Delete child of object type “msExchangeActiveSyncDevices” and doesn’t have any deny permissions that block…
ALTools from Microsoft, awesome!
Stumbled upon a tool from Microsoft called ALTools that I thought were absolutely awesome. It’s over 7 years old so I wonder why I haven’t seen it before Nevertheless it’s as cool now as it was when it was released. ALTools consists of several tools, but the coolest of them are: aloinfo – Displays all user account names and the age of their passwords eventcombMT – Gathers specific events from event logs of several different machines and saves them in a text file LockoutStatus – Shows a list of all domain controllers in a given domain and the lockoutstatus of a given user on those I have used eventcomb a couple of times as it has some predefined searches, for example Account Lockouts. That particular search is quit helpful if you have a user that frequently gets locked out. Just choose the predfined search, input username and hit search. A…