Sometimes you might be interested in gathering a list of all computer from an Active Directory domain in preparation for migration.
You can gather a list of all computer objects using the following command.
# Fetch a sorted list of all computer objects Get-ADComputer -Filter * -Property * | Sort-Object Name
The wildcard used with the Property parameter fetches all available attributes for a computer object. Check the available attributes in the result set to identify the attributes you are interested in.
# Example output for the first computer object gathered from Active Directory (Get-ADComputer -Filter * -Property * | Sort-Object Name)[0] AccountExpirationDate : accountExpires : 9223372036854775807 AccountLockoutTime : AccountNotDelegated : False AllowReversiblePasswordEncryption : False BadLogonCount : 0 badPasswordTime : 0 badPwdCount : 0 CannotChangePassword : False CanonicalName : DOMAIN.local/Computers/COMPUTER01 Certificates : {} CN : COMPUTER01 codePage : 0 CompoundIdentitySupported : {False} countryCode : 0 Created : 9/2/2013 3:01:13 PM createTimeStamp : 9/2/2013 3:01:13 PM Deleted : Description : DisplayName : DistinguishedName : CN=COMPUTER01,CN=Computers,DC=DOMAIN,DC=local DNSHostName : COMPUTER01.DOMAIN.local DoesNotRequirePreAuth : False dSCorePropagationData : {12/31/1600 7:00:00 PM} Enabled : True HomedirRequired : False HomePage : instanceType : 4 IPv4Address : IPv6Address : isCriticalSystemObject : False isDeleted : KerberosEncryptionType : {RC4, AES128, AES256} LastBadPasswordAttempt : LastKnownParent : lastLogoff : 0 lastLogon : 130942520427754509 LastLogonDate : 12/10/2015 3:02:53 PM lastLogonTimestamp : 130942513734007331 localPolicyFlags : 0 Location : LockedOut : False logonCount : 194 ManagedBy : MemberOf : {} MNSLogonAccount : False Modified : 12/10/2015 3:02:53 PM modifyTimeStamp : 12/10/2015 3:02:53 PM msDS-SupportedEncryptionTypes : 28 msDS-User-Account-Control-Computed : 0 Name : COMPUTER01 nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity ObjectCategory : CN=Computer,CN=Schema,CN=Configuration,DC=DOMAIN,DC=local ObjectClass : computer ObjectGUID : da59afcc-e00a-430b-9cbc-01adeed568f3 objectSid : S-1-5-21-3143343262-845931634-422089675-1179 OperatingSystem : Windows 7 Professional OperatingSystemHotfix : OperatingSystemServicePack : Service Pack 1 OperatingSystemVersion : 6.1 (7601) PasswordExpired : False PasswordLastSet : 12/2/2014 7:21:09 AM PasswordNeverExpires : False PasswordNotRequired : False PrimaryGroup : CN=Domain Computers,CN=Users,DC=DOMAIN,DC=local primaryGroupID : 515 PrincipalsAllowedToDelegateToAccount : {} ProtectedFromAccidentalDeletion : False pwdLastSet : 130619964697110685 SamAccountName : COMPUTER01$ sAMAccountType : 805306369 sDRightsEffective : 15 ServiceAccount : {} servicePrincipalName : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local} ServicePrincipalNames : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local} SID : S-1-5-21-3143343262-845931634-422089675-1179 SIDHistory : {} TrustedForDelegation : False TrustedToAuthForDelegation : False UseDESKeyOnly : False userAccountControl : 4096 userCertificate : {} UserPrincipalName : uSNChanged : 1721509 uSNCreated : 45981 whenChanged : 12/10/2015 3:02:53 PM whenCreated : 9/2/2013 3:01:13 PM
As a next step, you gather the selected information and
# Fetch data for an operating system overview, sorted by property Name only Get-ADComputer -Filter * -Property * | Sort-Object Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion # Fetch data for an operating system overview, sorted by property OperatingSystem first, then Name Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion
You can export the gathered information to a comma separated file easily using the Export-Csv cmdlet.
# Export the gathered and sorted information to a CSV file using a semicolon as the delimiter # Adjust the file path for the CSV file to fit your environment Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-Csv -Path C:\SCRIPTS\ComputerOverview.csv -NoClobber -NoTypeInformation -Delimiter ';'
Enjoy!
The PowerShell script to set Client Access mailbox settings based on AD group membership has been updated.
The issue fixed had been registered as issue #1.
The new release version is v1.1.
When you run the following cmdlet to prepare Active Directory for the installation of an Exchange Server Cumulative Update (in this case CU17) you might encounter a System.UnauthorizedAccessException.
D:\tmp\Cu17>setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms Microsoft Exchange Server 2013 Cumulative Update 17 Unattended Setup Unhandled Exception: System.UnauthorizedAccessException: Access to the path 'C:\ Windows\Temp\ExchangeSetup\ExSetup.exe' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.SetAttributes(String path, FileAttributes fileAttributes) at Microsoft.Exchange.Setup.CommonBase.SetupHelper.DeleteDirectory(String pat h) at Microsoft.Exchange.Bootstrapper.Setup.BootstrapperBase.CopySetupBootstrapp erFiles() at Microsoft.Exchange.Bootstrapper.Setup.Setup.Run() at Microsoft.Exchange.Bootstrapper.Setup.BootstrapperBase.MainCore[T](String[ ] args) at Microsoft.Exchange.Bootstrapper.Setup.Setup.Main(String[] args)
There is a simple reason for the the System.UnauthorizedAccessException:
The required .NET Framework 4.6.2 had been installed just minutes before executing setup.exe. Preparation of the Active Directory schema ran without any issues. But when the /PrepareSchema call finished, the temporary folder in C:\Windows\Temp\ExchangeSetup could not be fully cleaned up, as mscorsvw.exe had an open file handle on ExSetup.exe.
Additionally, when you run Setup.exe and the folder C:\Windows\Temp\ExchangeSetup exists, the setup will not try to copy required installation files. Regardless if the folder files exists in the folder or not.
D:\tmp\Cu17>setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms Microsoft Exchange Server 2013 Cumulative Update 17 Unattended Setup Copying Files... File copy complete. Setup will now collect additional information needed for installation. Performing Microsoft Exchange Server Prerequisite Check Prerequisite Analysis COMPLETED Configuring Microsoft Exchange Server Organization Preparation COMPLETED The Exchange Server setup operation completed successfully.
Enjoy Exchange!
The PowerShell module GlobalFunctions got updated to Version 2.0. This module is used by some of my PowerShell scripts which utilize centralized logging.
The new release contains the first functions required for some upcoming scripts for managing on-boarding process for joiners and the off-boarding process for leavers for companies utilizing Office 365.
The New-RandomPassword functions is based on Simon Wahlin's script published here: https://gallery.technet.microsoft.com/scriptcenter/Generate-a-random-and-5c879ed5
The Skype for Business client merges contact data from different sources when displaying the contact card. The merged data is used to perform name resolution when performing a user search. In a more complex deployment scenario where an email domain name is in shared use in two in Active Directory forests you might run into a situation where the Skype for Business client tries to use the wrong target address.
Such a scenario would look like as follows.
Forest A is used as a dedicated infrastructure for developers. When logged on to the development network the users should be able to skype with colleagues currently connected to the default office client network.
Forest B is the default office client network.
Clients logged on to forest A connect to the Skype for Business infrastructure in forest B as external clients. Forest A is used for user account authentication while forest B is used for Skype for Business connection and authentication.
Forest A runs an Exchange Server 2013 organization.
Forest B runs an Exchange Server 2013 organization and a full Skype for Business 2015 server deployment.
Both Active Directory forests to not have trust of any sort established.
Such a configuration would result in forest A users trying to contact a Skype for Business user using the wrong address. Instead of using John.Doe@Sedna-Ltd.com the Skype for Business client of Jane Doe@Sedna-Ltd.com (logged on to forest A) would try to contact John.Doe@dev.Sedna-Ltd.com. As there is no endpoint defined for dev.Sedna-Ltd.com a connection could not be established. Therefore, no availability information is available and no call or chat connection could be established.
The Skype for Business client uses merged data pulled from the Skype for Business address and from the local (Forest A) Active Directory (GAL). This results in a connection attempt to John.Doe@dev.Sedna-Ltd.com.
<?xml version="1.0"?> <settings> <UseMsoSearch>false</UseMsoSearch> </settings>
Enjoy Skype for Business