Archive

Archive for the ‘Active Directory’ Category

The Active Directory integrated DNS zone _msdcs.domain.com was not found

November 22, 2016 Leave a comment

I did not discover this fix. I found this from TechNet forums but have since lost the link.

The fix below helped me resolve this problem.

Problem:
The Active Directory integrated DNS zone _msdcs.domain.com was not found.

Solution:

  • Create a zone called "_msdcs.domain.com"
  • Make it AD integrated
  • Allow secure only updates and Click Finish
  • Go back into the zone properties
  • Change the replication scope to "All DCs in the Forest"
  • Delete the _msdcs folder under domain.com
  • Run an ipconfig /registerdns
  • stop netlogon
  • start netlogon
  • The SRVs should populate shortly, if they already haven’t

Credit goes to users on TechNet Forums.

-Eric

Advertisements

PowerShell – Search any User on Active Directory–updated

November 21, 2016 Leave a comment

Below is an updated script that helps you find any user in AD with details like when the User object was created, modified, lockout time, bad password time, last logon etc.

$user = Read-Host "Enter the name of the user"
Get-ADUser -Filter "sAMAccountName -like ‘*$user*’" |
Get-ADObject -Properties * | fl Name,SamAccountName,UserPrincipalName,DistinguishedName,objectSID,Title,Department,telephoneNumber,` Created,Modified,lockoutTime,`
@{n=’accountExpires’;e={[DateTime]::FromFileTime($_.accountExpires)}},`
@{n=’LastLogon’;e={[DateTime]::FromFileTime($_.LastLogon)}},`
@{n=’badPasswordTime’;e={[DateTime]::FromFileTime($_.badPasswordTime)}},`
@{n=’pwdLastSet’;e={[DateTime]::FromFileTime($_.pwdLastSet)}},`
msExchWhenMailboxCreated

-Eric

PowerShell – Search any User on Active Directory

May 24, 2016 Leave a comment

Below is a small PowerShell script that allows you to search any user on Active Directory:

$user = Read-Host "Enter the name of the user"
Get-ADUser -Filter "sAMAccountName -like ‘*$user*’" |
Get-ADObject -Properties * | ft Name,SamAccountName,Title,,UserPrincipalName,Department

-Eric

PowerShell – Search and Unlock Active Directory Account

May 23, 2016 Leave a comment

Nice little one-liner to Find and Unlock Active Directory Accounts

Search-ADAccount -LockedOut | Unlock-ADAccount –Confirm

-Eric

PowerShell – Azure AD Connect sync: Scheduler Command Cheat Sheet

May 13, 2016 Leave a comment

Here are some of the commands.

To view the Scheduler configuration:

Get-ADSyncScheduler

This shows you the current sync configuration information like interval, sync policy type, next sync cycle start time etc.

To change the scheduler configuration:

Set-ADSyncScheduler

This allows you to change some the following sync parameters.

  • CustomizedSyncCycleInterval
  • NextSyncCyclePolicyType
  • PurgeRunHistoryInterval
  • SyncCycleEnabled
  • MaintenanceEnabled

To Start the Scheduler manually:

There are two synchronization options – Delta and Full.
Delta – Use this when there is an urgent change that needs to be synchronized immediately.

Start-ADSyncSyncCycle -PolicyType Delta

Full – Use this when the following changes have been made.

  • Synchronization rules have been changed
  • Filtering changes, which included different number of objects
  • More attributes or objects are to be imported from source directory
    Start-ADSyncSyncCycle -PolicyType Initial
    Check the status of the connector:
    Get-ADSyncConnectorRunStatus

    If its busy and running the sync the connector name will be returned.

 

More info – Azure Documentation

-Eric

How to clear values via PowerShell in Active Directory

March 23, 2016 Leave a comment

Command:

$user = domainuser

set-aduser $user –clear manager

This also works for multiple values, like phonenumber, address etc. just add a coma after values.

-Eric

Windows Time config for Active Directory

March 20, 2016 Leave a comment

Small list of quick windows time service commands

  • w32tm /query /peers
  • net stop w32time
  • net start w32time
  • w32tm /config /manualpeerlist:"0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 time.windows.com,0x1" /syncfromflags:manual /update /reliable:yes

Here’s a full article how Windows Time Service works – Link