This blog reflects my personal experiences, thoughts, opinions and ideas about different kind of software that a system engineer have to deal in his daily job.There were 2 reasons which made me write my blog:
- the desire to help others that have the same problem;
- the desire to have a place accesible from every computer in the world where to find my information.
Wednesday, April 22, 2009
Wednesday, April 8, 2009
How to force users to logon on one domain controller
Hello,
The scenario is : one active directory site with two domain controllers.
Question: How to force users to logon only on one domain controller?
The answer to this question resides in the srv records priority. See here how to do it:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/ActiveDirectory/AQuickTiptodesignateadomaincontrollerforclientauthentications.html
You can verify the priorities by dns mmc console or by using nslookup like this:
http://technet.microsoft.com/en-us/library/cc738991.aspx
The scenario is : one active directory site with two domain controllers.
Question: How to force users to logon only on one domain controller?
The answer to this question resides in the srv records priority. See here how to do it:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/ActiveDirectory/AQuickTiptodesignateadomaincontrollerforclientauthentications.html
You can verify the priorities by dns mmc console or by using nslookup like this:
http://technet.microsoft.com/en-us/library/cc738991.aspx
Thursday, March 26, 2009
One-liners with dsquery
Get all the members of a group:
dsquery group -name group_name dsget group -members
See all the users with their associated logon script:
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User))" -limit 0 -attr sAMAccountName sn distinguishedName scriptPath
See the groups from Active Directory that does not have any members:
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0 -attr groupType sAMAccountName distinguishedName
See when a group was created, and membership:
dsquery * -filter "&(objectCategory=group)" -limit 0 -attr whenCreated samaccountname memberof
Check the expiration date of all users accounts in an OU:
dsquery user "OU=XXX,DC=test,DC=com" dsget user -dn -acctexpires
P.S. I see that for an unknown reason, the pipe command does not appear in my post. So, i must mention that before every dsget command in the upper scripts there is a pipe sign.
dsquery group -name group_name dsget group -members
See all the users with their associated logon script:
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User))" -limit 0 -attr sAMAccountName sn distinguishedName scriptPath
See the groups from Active Directory that does not have any members:
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0 -attr groupType sAMAccountName distinguishedName
See when a group was created, and membership:
dsquery * -filter "&(objectCategory=group)" -limit 0 -attr whenCreated samaccountname memberof
Check the expiration date of all users accounts in an OU:
dsquery user "OU=XXX,DC=test,DC=com" dsget user -dn -acctexpires
P.S. I see that for an unknown reason, the pipe command does not appear in my post. So, i must mention that before every dsget command in the upper scripts there is a pipe sign.
Tuesday, March 24, 2009
How to see the installed updates/fixes on a computer
Before writing this post i was aware of a single method:
systeminfo find "KB"
To do it on a remote computer, i used the combination of psexec and the upper command or
systeminfo /s %computername% find "KB"
But the output of the command is not so easily readable. Recently, i found this great article which revealed me a second method, exporting the results in html format:
http://windowsxp.mvps.org/qfe.htm
So, here is the command:
wmic qfe list full /format:htable > C:\hotfixes.html
To do it on a remote computer:
wmic /node:”computername” qfe list full /format:htable > C:\hotfixes.html
systeminfo find "KB"
To do it on a remote computer, i used the combination of psexec and the upper command or
systeminfo /s %computername% find "KB"
But the output of the command is not so easily readable. Recently, i found this great article which revealed me a second method, exporting the results in html format:
http://windowsxp.mvps.org/qfe.htm
So, here is the command:
wmic qfe list full /format:htable > C:\hotfixes.html
To do it on a remote computer:
wmic /node:”computername” qfe list full /format:htable > C:\hotfixes.html
How to recover from the failure of a subdomain single domain controller
Supposing that your unique domain controller from a subdomain had a hardware failure, those are the 2 steps you need to follow to recover:
1) Remove orphaned domain from Active Directory:
http://support.microsoft.com/kb/230306/en-us
2) Restore the server through reinstallation of the operating system and subsequent restore of Active Directory from backup:
http://technet.microsoft.com/en-us/library/cc782127.aspx
1) Remove orphaned domain from Active Directory:
http://support.microsoft.com/kb/230306/en-us
2) Restore the server through reinstallation of the operating system and subsequent restore of Active Directory from backup:
http://technet.microsoft.com/en-us/library/cc782127.aspx
Monday, March 16, 2009
Get mac and installed drivers
Here is a command line that will show you the mac address of the network card of a remote computer:
getmac /S 10.1.1.1
And the following will list all the drivers on your system:
driverquery
Or on a remote system:
driverquery /S 10.1.1.1
getmac /S 10.1.1.1
And the following will list all the drivers on your system:
driverquery
Or on a remote system:
driverquery /S 10.1.1.1
Thursday, February 19, 2009
Folder share names and permissions
How to delete the share of a folder which share name is "test share" from command line:
net share "test share" /delete
How to share a folder named "test share" with the shared name "test":
net share "test"="C:\test share"
How to make a folder named test with the shared name "test" and give everyone full access:
net share "test"="C:\test" /GRANT:everyone,FULL
Display all open shared files on a server:
net file
net share "test share" /delete
How to share a folder named "test share" with the shared name "test":
net share "test"="C:\test share"
How to make a folder named test with the shared name "test" and give everyone full access:
net share "test"="C:\test" /GRANT:everyone,FULL
Display all open shared files on a server:
net file
Friday, February 13, 2009
Customizable web error messages
With Web Page Error Toolkit, you can create pages that contain customized error messages to help users find the information they need. In fact, this toolkit is a customizable asp application that replaces the default error page on the IIS server.
See here a good review:
http://technet.microsoft.com/en-us/magazine/2009.02.utilityspotlight.aspx
See here a good review:
http://technet.microsoft.com/en-us/magazine/2009.02.utilityspotlight.aspx
Thursday, February 12, 2009
Free inventory tool
Hi,
I want to present the Microsoft Assesment and Planning Toolkit, a powerfull free tool which seems to be very useful in an organization.
The Microsoft Assessment and Planning Toolkit performs three key functions: hardware inventory, compatibility analysis, and reporting. It collects and organizes system resources and device information from a single networked computer and does not require users to deploy software agents on the computers that must be inventoried. MAP uses technologies already available in the IT environment to perform inventory and assessments, like: Windows Management Instrumentation (WMI), the Remote Registry Service, SNMP, Active Directory Domain Services, and the Computer Browser service.
Assessments can be completed on the following Windows platforms:
Windows Vista
Windows XP Professional
Windows Server 2003 or Windows Server 2003 R2
Windows 2000 Professional or Windows 2000 Server
Windows Server 2008
The reports generated are very friendly, with a lot of excels and comprehensive graphics. It will report you, for example, how many of your Windows 2003 Server are ready, from hardware point of view, for deploying Windows 2008 on them or how many computers in your organization have Office 2003 or Office 2007 installed.
For more information, see this link from Microsoft:
http://technet.microsoft.com/en-us/library/bb977556.aspx?ca=NOT&su=WINSVR&sa=MAP&ct=NWSLR&cn=%20TNETFLASH&au=ITPRO&go=MAPTN&dt=02112009
and also read the Technet blog for this tool:
http://blogs.technet.com/mapblog/
I want to present the Microsoft Assesment and Planning Toolkit, a powerfull free tool which seems to be very useful in an organization.
The Microsoft Assessment and Planning Toolkit performs three key functions: hardware inventory, compatibility analysis, and reporting. It collects and organizes system resources and device information from a single networked computer and does not require users to deploy software agents on the computers that must be inventoried. MAP uses technologies already available in the IT environment to perform inventory and assessments, like: Windows Management Instrumentation (WMI), the Remote Registry Service, SNMP, Active Directory Domain Services, and the Computer Browser service.
Assessments can be completed on the following Windows platforms:
Windows Vista
Windows XP Professional
Windows Server 2003 or Windows Server 2003 R2
Windows 2000 Professional or Windows 2000 Server
Windows Server 2008
The reports generated are very friendly, with a lot of excels and comprehensive graphics. It will report you, for example, how many of your Windows 2003 Server are ready, from hardware point of view, for deploying Windows 2008 on them or how many computers in your organization have Office 2003 or Office 2007 installed.
For more information, see this link from Microsoft:
http://technet.microsoft.com/en-us/library/bb977556.aspx?ca=NOT&su=WINSVR&sa=MAP&ct=NWSLR&cn=%20TNETFLASH&au=ITPRO&go=MAPTN&dt=02112009
and also read the Technet blog for this tool:
http://blogs.technet.com/mapblog/
Saturday, February 7, 2009
Adfind (from joeware) - part1
Export Sites from AD sites and services:
adfind -config -f "(objectClass=site)" -dn
Export sites and associated subnets:
adfind -config -f "(objectClass=subnet)" distinguishedname siteobject
Show user which have certificates:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user)(userCertificate=*))" -dsq
Show users whch don't have certificates:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user)(userCertificate=*))" -dsq
Show users whch don't have certificates:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user)(!userCertificate=*))" -dsq Show useful informations about users:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user))"
The output of the command above is shown in the above picture.
Thursday, February 5, 2009
Fix it for me
Microsoft has created a team that works to improve the time needed to resolve any issues that we have with their products. So, if now KB articles provide us with a list of steps that can be followed to resolve our problem, since now we can click a button and have the issue resolved.
For example, see here what i mean:http://support.microsoft.com/kb/963547
Also, read here their blog:http://blogs.technet.com/fixit4me/default.aspx
For example, see here what i mean:http://support.microsoft.com/kb/963547
Also, read here their blog:http://blogs.technet.com/fixit4me/default.aspx
Thursday, January 29, 2009
Query distibution groups and their members
Here is the script that will export all distribution groups in the file groups.txt and then will put these groups and their members in the file membership.txt:
dsquery * forestroot -filter "(samAccountType=268435457)" -limit 0 > groups.txt
for /f "tokens=*" %%g in (groups.txt) do @echo %%g >>membership.txt && echo Members: >>membership.txt && dsget group %%g -members -expand >>membership.txt && echo **************************************** >>membership.txt
If you want to do a query on security groups, or on distribution groups that have managers assigned and then list their members, please see my other posts from the Scripts categories called Distribution lists and managers and Security and distribution groups and easily modify the upper script.
dsquery * forestroot -filter "(samAccountType=268435457)" -limit 0 > groups.txt
for /f "tokens=*" %%g in (groups.txt) do @echo %%g >>membership.txt && echo Members: >>membership.txt && dsget group %%g -members -expand >>membership.txt && echo **************************************** >>membership.txt
If you want to do a query on security groups, or on distribution groups that have managers assigned and then list their members, please see my other posts from the Scripts categories called Distribution lists and managers and Security and distribution groups and easily modify the upper script.
Microsoft Web Platform Installer is now released
The Web Platform Installer (Web PI) is a simple tool that installs Microsoft's entire Web Platform, including IIS, Visual Web Developer 2008 Express Edition, SQL Server 2008 Express Edition and the .NET Framework. Using the Web Platform Installer’s user interface, you can choose to install either specific products or the entire Microsoft Web Platform onto your computer. The Web PI also helps keep your products up to date by always offering the latest additions to the Web Platform.
Supported Operating Systems are: Windows Vista RTM, Windows Vista SP1, Windows XP, Windows Server 2003, Windows Server 2008.
See here: http://www.microsoft.com/web/channel/products/WebPlatformInstaller.aspx
Supported Operating Systems are: Windows Vista RTM, Windows Vista SP1, Windows XP, Windows Server 2003, Windows Server 2008.
See here: http://www.microsoft.com/web/channel/products/WebPlatformInstaller.aspx
Subscribe to:
Posts (Atom)
