OU AD Path to Clipboard PowerShell Edition

Posted on June 10, 2013 by Alan

OUADSPath2Clip.ps1 is the PowerShell version of OUADSPath2Clip.vbs. What I found difficult about this script was coming up with a fast way to navigate a large Active Directory structure. The AD navigation bit uses Output-GridView for selecting a domain. This requires RSAT (see previous post for more). It is a clumsier interface than treeview, but it is much less complicated, and works quickly across domains in the forest. After writing the navigation bit, I add the export of data to the clipboard.

PowerShell GPO Reporter

Posted on June 10, 2013 by Alan

Over the past few months I have been spending more and more time working with PowerShell. I have gone to Windows 8 on my personal laptop, and am impressed by PowerShell 3.0. I have joined the Charlotte PowerShell User’s Group which meets monthly at the Charlotte Microsoft Campus. The Scripting Guy, Ed Wilson, together with his Teresa are regular attendees of the meetings, and at last month’s meeting I won a signed copy of Ed’s latest book, PowerShell 3.0 Step by Step. I shared some struggles I was having with PowerShell, and Ed gave me some practical advice about how to proceed. It was something I already knew — focus on a real world problem and don’t be concerned about writing elegant code.

For some time, I have been getting traffic for my GPO Reporter HTA. Unfortunately, this requires a component that was last available in Windows XP. I quit using XP (even VMs) last month, and the loss of the GPO Reporter soon became a problem. Fortunately, this month’s POSH meeting was led by Microsoft PFE Jason Walker who covered Active Directory and PowerShell. I decided to take another look at a PowerShell GPO Reporter.

I think I have done some interesting things in the coding of the new script, GPOReports.ps1, but it is hard to tell as I am still a PowerShell beginner. I have commented the code to make things easier to understand. Note that you will need to install the Remote Server Administration Tools (RSAT) to get this to work, as it provides the ActiveDirectory PowerShell Module. It is available for Windows 7 and Windows 8. This is unsigned code, if you are a PowerShell noob, take a look at execution policy explanations about how to get it to run.

IT lessons I learned Last Weekend

Posted on April 22, 2013 by Alan

When ordering a case fan, do not rely on the picture. There are some case fans which are 4 inches square.

When ordering a CPU, note that a AMD 3+ CPU motherboard accepts AMD 3 and 3+ CPUs, but an AMD 3 motherboard only accepts AMD 3 sockets.

When re-using an HP Pentium 4 case for your new AMD motherboard, note that HP may not have followed conventions with wiring colors. In particular, note that you cannot turn a computer on and off with the red and black power switch wires connected to the speaker pins on these systems. Taking the time to look at the switch could save hours in troubleshooting.

The local administrator account password can become corrupted making the entire system looked hosed when it is not. Symptoms may include not being able to launch anything due to IE Security Zone restrictions, and yyyy appearing in the time field. Trying to fix the entire system when the problem is just a messed up profile is not a productive use of time.

If the secure channel is broken and the local administrator account is hosed, try logging in with cached administrative credentials. You only need to disconnect the system from the network to get past the warning of no account in AD. You can then delete the local administrator account profile, or create and elevate another local account.

Windows 8 changed the registry key for AHCI from HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msahci to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci\. This is important to know if are testing a script which automates the switch from IDE to AHCI for Windows 7 computers.

Finally, be humble. Even if you are an expert, remember that you, too, can make wrong assumptions and do some pretty stupid things.

Another User Export Script

Posted on April 1, 2013 by Alan

I have already written a script to dump user information into a spreadsheet here, so why do it again? User AD Export.vbs is different in that it uses the modern LDAP interface (instead of the lame WinNT interface I used earlier), and is therefore much faster. It was written for a user audit, so it does not export things like phone numbers and addresses, but you do get the user’s name, display name, description, mail address, whether a smart card is required, SamAccount name, UPN, whether the account is disabled, the date created, date password last set, last logon, password age, expiration date, and AD path.

It will allow you to navigate to the starting OU in any domain in your forest. It does not require elevated rights to run, and exports the data to Excel.

A New Theme

Posted on March 16, 2013 by Alan

I have changed the WordPress theme for my blog, just to freshen thing up.

Get User Information

Posted on March 3, 2013 by Alan

NTUserInfo.vbs is a script based on Ralph Montgomery’s NTUser.wsf file. It gives a good summary about a user account, including user name, description, password status, and more. I have made a number of changes, including the ability to copy the results to the clipboard using IE. Rename from .txt to .vbs. New version 10/23/2009 allows entry of user name by samaccount name or UPN. This entry was originally posted on March 23, 2009. The new (3/3/13) alternative version, NTUserInfo_IE.vbs outputs to IE instead of a MSGBox. This way you can copy the information to your clipboard.

Enable AeroLite Theme in Windows 8