How to update exchange 2007 Offline Address List

Posted on November 9th, 2009 in Excahnge 2007, Microsoft, Scripts by Gil Kreslavsky

 

You can update OAB by 2 ways via EMS or using Power Shell

1 To update via  EMS

Open EMC>Organizational Configuration>Mailbox>Offline Address Book tab.

Right click on desired Address Book and press update.

EMS Offline Address Book

2. Via Power Shell

Type: Update-OfflineAddressBook –Identity “Address List Name”

Power Shell OAB update

To update all Address Books type : Get-OfflineAddressBook | Update-OfflineAddressBook

 

 

Useful AD PowerShell Commands

Posted on April 8th, 2009 in Active Directory, Microsoft, Scripts, Server 2008 by Gil Kreslavsky

Finding Disabled Users:

get-qaduser –disabled

Create a new Active Directory user:

new-QADUser -name '<User CN>' -parentContainer '<Parent DN>' -UserPassword
'<Password>' -FirstName '<User First Name>' -LastName '<User Last Name>'
-UserPrincipalName '<User UPN>'

Create multiple users in Active Directory:

$parentDN = “<ParentDN>" $strPass = “userPaswd” For ($i = 1; $i -le 1000; $i++) { $strUserName = “User” + $i New-QADUser -name $strUserName -parentContainer $parentDN -UserPassword $strPass }

Modify Attributes for several users:

$strfileServer = "\\Servername\"
$objOU = [ADSI] "LDAP://<OU DN>"
$objOU.psbase.Children |% {
    $uac = [int](($_.userAccountControl).ToString())
    if (($_.objectClass -eq "user") -and (($uac -band 2) -eq 0))
    {
        $_.put("homeDirectory", $strFileServer + $_.sAMAccountName)
        $_.SetInfo()
    }
}

Delete user in Active Directory

remove-QADObject -identity <User DN>

Set user profile in Active Directory

get-QADUser -identity "<User DN>" |
set-QADUser -HomeDirectory '\\Servername\Katrin' -HomeDrive
'H:' -ProfilePath '\\server1\profiles\jsmith'
-scriptpath '\\dcname\netlogon\logonscript.vbs'

Move User to other OU

move-QADObject -Identity <UserDN> -NewParentContainerName <New OU DN>

Find Locked User Accounts

Get-QADuser -locked

Unlock User Account

Unlock-QADUser -Identity <UserDN>

Retrieve Password lockout policy

Get-QADObject domainname.com | format-list Name, *password*, *lockout*

Move Domain Controller to other site – PowerShell

Posted on April 6th, 2009 in Active Directory, Microsoft, Scripts, Server 2008 by Gil Kreslavsky

$dcname = <DomainDNSName>
$newSite = "NewSite Name"
$context = New-Object
System.DirectoryServices.ActiveDirectory.DirectoryContext(‘DirectoryServer’, $dcname)
$dc =
[System.DirectoryServices.ActiveDirectory.DomainController]::getDomainController ($context)
$dc.MoveToAnotherSite($newSite)

 

Where DomainDNSName – Enter your DNS domain name

PowerShell Script To Create Snapshot of All VMs – Hyper-V

Posted on April 5th, 2009 in Microsoft, Scripts, Server 2008 by Gil Kreslavsky 
$VSMgtSvc=Get-WmiObject -ComputerName localhost
-NameSpace "root\virtualization"
-Class "MsVM_virtualSystemManagementService"
get-wmiobject -computername localhost -Namespace root\Virtualization
-query "Select * from MSVM_Computersystem where Description like
'%Virtual%' " | foreach-object {$VSMgtSvc.psbase.invokeMethod
("CreateVirtualSystemSnapshot",@($_,$Null,$null)) }

Create Group Using PowerShell ADUC, dsadd or admod

Posted on March 23rd, 2009 in Active Directory, Microsoft, Scripts, Server 2003, Server 2008 by Gil Kreslavsky

Creating a Group Using a graphical user interface

  1. Open the Active Directory Users and Computers .
  2. In the left pane, browse to the parent container of the new group, right-click on it, and select New Group.
  3. Enter the name of the group and select the group type (global, domain local, or universal) and group type (security or distribution).
  4. Click OK.

Using dsadd in command-line interface

dsadd group “<GroupDN>” -scope <GroupScope> -secgrp yes|no -desc “<GroupDesc>

Where <GroupDN> replace with DN of the group ,

Where <GroupScope> use one of the above

  • l – for domain local
  • g – for global
  • u – for universal

Where –secgroup

  • yes if the group is a security group
  • no for any other

Where desc fill group description

Using dsadd in command-line interface

> admod -b “<GroupDN>” objectClass::group groupType::
<GroupType>” sAMAccountName::”<Pre-Windows2000Name>” -add

Example: We will create global security group called “Accounting” in Accounting OU in testdomain.com

> dsadd group "cn=Accounting,ou=Accounting,dc=testdomain,dc=com"-scope global-
secgrp yes
> admod-b "cn=Accounting,ou=Accounting,dc=testdomain,dc=com" groupType::-2147483646
sAMAccountName::"Finance Users" -add

When using AdMod, you need specify the numeric value for group type, These values are predefined in Active Directory

Universal Distribution Group Value – “8”

Universal Security Group Value – “–2147483640”

Domain Local Distribution Group Value – “4”

Domain Local Security Group Value – “–2147483644”

Global Distribution Group Value – “2”

Global Security Group Value – “–2147483646”

Create Group Using VBScript

Example bellow shows how to create a global security group.
' ------  CONFIGURATION ------
strGroupParentDN = "<GroupParentDN>" ' e.g. ou=Groups,dc=testdomain,dc=com
strGroupName     = "<GroupName>"     ' e.g. Accounting
strGroupDescr    = "<GroupDesc>"     ' e.g. Accounting group
' ------ END CONFIGURATION ---------
' Constants taken from ADS_GROUP_TYPE_ENUM
Const ADS_GROUP_TYPE_GLOBAL_GROUP       = 2
Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 4
Const ADS_GROUP_TYPE_SECURITY_ENABLED   = -2147483648
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP    = 8
set objOU = GetObject("LDAP://" & strGroupParentDN)
set objGroup = objOU.Create("group","cn=" & strGroupName)
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP _
                         Or ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.Put "sAMAccountName", strGroupName
objGroup.Put "description", strGroupDescr
objGroup.SetInfo

Create Group Using PowerShell

To create a group using the Quest cmdlets, use the following syntax:

new-QADGroup -ParentContainer ‘<Parent OU DN>‘ -name ‘<GroupName>‘ -samaccountname ‘<GroupName> -grouptype ‘Distribution’ -groupscope ‘Universal’ 
Where <Parent OU DN> – Fill OU DN
Where <GroupName> – Fill Group Name
After –grouptype – set group type (Distribution or Security)
After –groupscope – set if (Universal, Domain Local)

PowerShell script to find all Local Users on a remote computer

Posted on March 23rd, 2009 in Active Directory, Microsoft, Scripts, Server 2008, Vista by Gil Kreslavsky

$strComputer = "ComputerName"
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$computer.name
$Users = $computer.psbase.children |where{$_.psbase.schemaclassname -eq "User"}
foreach ($member in $Users.psbase.syncroot)
{$member.name}

Rename all Domain Local Administrator Username Via Script

Posted on March 20th, 2009 in Active Directory, Microsoft, Scripts, Server 2008, Vista by Gil Kreslavsky

Use this PowerShell script to rename Local Administrator Account on a list of remote machines.

#$erroractionpreference = “SilentlyContinue”
$a = New-Object -comobject Excel.Application
$a.visible = $True
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
$c.Cells.Item(1,1) = “Machine Name”
$c.Cells.Item(1,2) = “Account Renamed”
$c.Cells.Item(1,3) = “Report Time Stamp”
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True
$intRow = 2
foreach ($strComputer in get-content C:\MachineList.Txt)
{
$c.Cells.Item($intRow,1) = $strComputer.ToUpper()
# Using .NET method to ping test the servers
$ping = new-object System.Net.NetworkInformation.Ping
$Reply = $ping.send($strComputer)
if($Reply.status -eq “success”)
{
$admin=[adsi](“WinNT://” + $strComputer + “/administrator, user”)
#This is the one line change
$admin.psbase.rename(“whatever”)
$pwage = $admin.passwordage
If($pwage -ne $null)
{
$c.Cells.Item($intRow,2).Interior.ColorIndex = 4
$c.Cells.Item($intRow,2) = “Yes”
}
Else
{
$c.Cells.Item($intRow,2).Interior.ColorIndex = 3
$c.Cells.Item($intRow,2) = “No”
}
}
Else
{
$c.Cells.Item($intRow,2).Interior.ColorIndex = 3
$c.Cells.Item($intRow,2) = “Not Pingable”
}
$c.Cells.Item($intRow,3) = Get-Date
$Reply = “”
$pwage = “”
$intRow = $intRow + 1
}
$d.EntireColumn.AutoFit()
cls

Source:http://myitforum.com/cs2/blogs/yli628/

Windows 2008 Identify all AD admins script

Posted on March 20th, 2009 in Active Directory, Microsoft, Scripts, Server 2008 by Gil Kreslavsky

PowerShell script to find all Active Directory admins in domain

Get-QADUser -ldapFilter ‘(SamAccountName=*.admin)’|export-csv filename.csv

Windows 2008 How to move terminal service profile to other share

Posted on March 20th, 2009 in Active Directory, Microsoft, Scripts by Gil Kreslavsky

Get-QADUser -SearchRoot ‘domainname.com/OuName‘|%{$_.TsProfilePath =’\\ServerName1\profilesshare\‘ + $_.sAMAccountName;$_.CommitChanges();}

Change values in RED:
Where domainname.com – Fill your domain name
Where OUName – Fill desired OU name
Where \\ServerName1\profilesshare\ – fill your file server name and terminal servers profiles share path

Note: I sugest testing it very well before apluing to production enviroment

Find user group membership Powershell script

Posted on March 20th, 2009 in Active Directory, Microsoft, Scripts, Server 2008, Vista, Windows 7 by Gil Kreslavsky

Use this script to check user group membership in Windows Domain Active Directory

$root=([adsi]“”).distinguishedName
$ou=[adsi](“LDAP://ou=x,ou=y,ou=z,”+$root)

# fill  with user  CN “Common Name”
$user=$ou.psbase.children.find(“cn=tartetCN “)
$groups = $user.memberof
foreach($group in $groups)
{
$strGroup = $group.split(‘,’)[0]
$strGroup = $strGroup.split(‘=’)[1]
$strGroup
}