$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
21 Aug // php the_time('Y') ?>
After joining a new Windows 2008 R2 Server to the domain I could not login to the domain.
I would get the following error message:
Additionally the following error was logged in the Eventlog:
15 Mar // php the_time('Y') ?>
If you want to Create an Active Directory group with PowerShell there are a few things you need to be aware of:
First of all there is no direct way to create new objects in Active Directory. You always need to bind to the Domain or an Organizational Unit and call the Create method.
Example:
1 2 3 4 5 6 | # Bind to OU $ou = [ADSI]"LDAP://OU=OU=Groups,DC=Contoso,DC=COM" # Create the Group $group = $ou.Children.Add("CN=TestGroup", "Group") $group.CommitChanges() |
However the group is not yet complete:
14 Feb // php the_time('Y') ?>
Just some quick code to get the OU Name of the computer we run the script on.
VBS:
1 2 3 4 5 6 7 8 | Function GetComputerOU Dim objSysInfo: Set objSysInfo = CreateObject("ADSystemInfo") Dim objComputer: Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName) Dim objOU : Set objOU = GetObject(objComputer.Parent) GetComputerOU = objOU.OU End Function Wscript.Echo GetComputerOU |
PowerShell:
1 2 3 4 5 6 7 8 | function GetComputerOU { $SysInfo = New-Object -ComObject "ADSystemInfo" $Computer = [ADSI]("LDAP://{0}" -f $SysInfo.GetType().InvokeMember("ComputerName", [System.Reflection.BindingFlags]::GetProperty, $null, $SysInfo, $null)) return ([ADSI]$Computer.Parent).OU } GetComputerOU |
2 Dec // php the_time('Y') ?>
I needed to read out the Maximum Password age with a PowerShell script in a Windows 2003 domain.
Reading out the maxPwdAge attribute is a trivial task in PowerShell (I am re-using the function AdsLargeIntegerToInt64):
1 2 3 4 | $domain = New-Object System.DirectoryServices.DirectoryEntry # Read maxPwdAge attribute and convert to Int64 $maxPwdAge = AdsLargeIntegerToIn64 $Domain.maxPwdAge.Value |
In my case this returns the value -78624000000000 but how do we interpret this?
1 Dec // php the_time('Y') ?>
Some Active Directory attributes return an 8 byte integer in the form of an IADsLargeInteger interface. An example is the pwdLastSet attribute from a user object.
Because the IADsLargeInteger object doesn’t provide type information PowerShell cannot read the HighPart and LowPart properties.
So I wrote the function below to get the Int64 value of an IADsLargeInteger:
2 Sep // php the_time('Y') ?>
I am currently creating a PowerShell script that creates a user with all needed Active Directory attributes, Exchange mailbox, (TS) Home- and Profile directories and so on.
In such a script you can easily get failures because of Active Directory replication.
2 Sep // php the_time('Y') ?>
Function below can be used to check if a given Username exists in Active Directory:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | function UserExists([string]$Username) { $strFilter = "(&(objectCategory=person)(sAMAccountName=$Username))" $objDomain = New-Object System.DirectoryServices.DirectoryEntry $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.PageSize = 1000 $objSearcher.Filter = $strFilter $objSearcher.SearchScope = "Subtree" $colResults = $objSearcher.FindAll() return [bool]($colResults -ne $null) } |
27 Jun // php the_time('Y') ?>
In my previous post I wrote about a problem I had with duplicate RID Allocation pools.
But how do we get more insight into these RID Allocation pools?
The DCDIAG tool can display this information per domain controleler using the following syntax
1 | dcdiag /s:server /v /test:ridmanager |
Example output:
But where in Active Directory is this information stored and can we display it for all Domain Controllers at once for larger environments?
27 Jun // php the_time('Y') ?>
I encountered another interesting error during Exchange 2010 installation today. During the Organization Preparation I got the following error:
The setup.log doesn’t give us much more detailed info:
1 2 3 4 5 6 7 8 9 10 11 | [06-22-2011 11:16:29.0614] [2] [ERROR] Active Directory operation failed on dc001.zorg.local. This error is not retriable. Additional information: The requested object has a non-unique identifier and cannot be retrieved. Active directory response: 0000219D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 [06-22-2011 11:16:29.0630] [2] [ERROR] The server cannot handle directory requests. [06-22-2011 11:16:29.0630] [2] Ending processing initialize-ExchangeUniversalGroups [06-22-2011 11:16:29.0630] [1] The following 1 error(s) occurred during task execution: [06-22-2011 11:16:29.0630] [1] 0. ErrorRecord: Active Directory operation failed on dc001.zorg.local. This error is not retriable. Additional information: The requested object has a non-unique identifier and cannot be retrieved. Active directory response: 0000219D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 [06-22-2011 11:16:29.0630] [1] 0. ErrorRecord: Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on dc001.zorg.local. This error is not retriable. Additional information: The requested object has a non-unique identifier and cannot be retrieved. Active directory response: 0000219D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 |
I remembered from a Tweet by Helge Klein recently that the Active Directory schema has no mechanism for enforcing uniqueness of an attribute.
24 Jun // php the_time('Y') ?>
Today I was testing the installation of Exchange 2010 in a VMWare sandbox environment. We created the sandbox to test migration from a 2003 AD and Exchange environment to 2008 R2 with Exchange 2010.
We used a P2V to get real copies of the Active Directory and the AD upgrade to 2008 R2 was already tested.
But during the Exchange installation in the sandbox I got the following error: