The Active Directory Recycle Bin was introduced in Windows 2008 R2. In this version the Recycle Bin must be enabled, and the only way to undelete a user account is to use the Restore-ADObject command, with pretty arcane parameters.
I wanted to use Well Known GUIDs to refer to the the location of the deleted objects container, and that of the User’s container which I chose as the default location for the restored user object. The Well-Known GUIDs allow for a constant to be used for these containers. For example, The WKG for DeletedObjects is 18E2EA80684F11D2B9AA00C04F79F805. I had hoped to be able to used this directly for the identity for the Restore-ADObject command, but quickly discovered that this was not accepted. Getting the DN from the WKG turns out to be a pain in the neck, so I modified some code to get this information for any domain in the forest. How do you get the information for another domain? The easiest answer, for all of the PowerShell AD commands is to use the -Server switch with the DNSDomain name, instead of a true server name.
The script will let you select the domain to search, and the destination for the restored user object. PowerShell 3 is required, as I use Out-Gridview to create a list of the user(s) to restore.
The script, Undelete-User.ps1, should make restoring users a little easier. Version 1.2 add a menu which prompts whether you want to commit your changes.
Looking for a script to run Windows Update remotely? WindowsUpdate.hta version 3.1 is an HTML application which allows you to connect to a remote machine, determine what patches it requires from Windows Update, and install the patches. You can schedule a reboot time. This version allows you to look at he Windows Update log, and the log created by the program itself. There is a button to allow you to change the update source to windowsupdate.com, which is helpful in places where WSUS or SUP is not working properly. You can install all security patches, or select patches individually.
HTA files are best run from your local drive. Version 3.0 was released in 2011, version 3.1 only changes the background color to blue. The transition color method I had used for the background is no longer supported in IE, and the program appeared to be broken.
Change _hta.txt extension to .HTA.
Although I have spent most of my time recently writing PowerShell code, I still get requests from the field for vbscripts. The security model differences make it more time consuming to explain how to run a PowerShell script than vbscript’s “double click this”. DisablePCsFromList.vbs is an updated version of a 2006 vbscript which reads a text file with a list of computer accounts, and deletes the list. A log file is written to the user desktop.
I was reviewing my blog stats today and found a link from a site in UK to my version of ScriptoMatic.hta. I have upgraded my home laptop to 8.1, and decided to see whether it still works (it does). If you launch the “fixed” ScriptoMatic as an ordinary user, it takes a very long time to load. But after it did, I found that it worked just fine. I began reviewing the WMI classes listed, and found one that I had not noticed before, Win32_ReliablityRecords. This class, introduced in Windows 7, gives you a list of failed installs, system hangs, and application crashes in an easy to read format.
Scriptomatic created a nice vbScript to enumerate the class. I coded Get-ReliablityRecords.ps1 in PowerShell with one-third the lines including comments. It has only basic parameters. You may choose a remote computer and a limit on the records returned.
I frequently get a request to delete a list of computers in my AD domain. Often the list is in an email. Delete-PCListFromClip.ps1 is a short script which reads the content of the clipboard, then sends the list to Out-Gridview for review. You may then select the computer names for deletions. PowerShell 3.0 and the ActiveDirectory module are required.
I’ve updated one of my favorite and most used PowerShell Scripts, Convert-ADValues. Read the revised post, here.
I thought that the Windows Experience Index was pretty useless until I wanted to compare the speed of systems that I was preparing to donate. One had Windows 7, the other was a lab PC running Windows 8.1. I was surprised to find that I could not find the Windows Experience Index (WEI) on the Win 8.1 computer. The WEI is calculated by Windows using the Windows System Assessment Tool (WSAT), (see: http://en.wikipedia.org/wiki/Windows_System_Assessment_Tool for a good overview). The attached script requires PowerShell 3, and so run natively on Windows 8 and 8.1. What it does is permits you to see your current WEI for your Windows 8.1 computer. This is written for people with an understanding of PowerShell. If you have your execution policy set to unrestricted, you may find that Get-WINSATScore.ps1 is easiest to run from the ISE.