MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

Sometimes you might be interested in gathering a list of all computer from an Active Directory domain in preparation for migration.

You can gather a list of all computer objects using the following command.

# Fetch a sorted list of all computer objects
Get-ADComputer -Filter * -Property * | Sort-Object Name 

 

The wildcard used with the Property parameter fetches all available attributes for a computer object. Check the available attributes in the result set to identify the attributes you are interested in.

# Example output for the first computer object gathered from Active Directory
(Get-ADComputer -Filter * -Property * | Sort-Object Name)[0]

AccountExpirationDate                : 
accountExpires                       : 9223372036854775807
AccountLockoutTime                   : 
AccountNotDelegated                  : False
AllowReversiblePasswordEncryption    : False
BadLogonCount                        : 0
badPasswordTime                      : 0
badPwdCount                          : 0
CannotChangePassword                 : False
CanonicalName                        : DOMAIN.local/Computers/COMPUTER01
Certificates                         : {}
CN                                   : COMPUTER01
codePage                             : 0
CompoundIdentitySupported            : {False}
countryCode                          : 0
Created                              : 9/2/2013 3:01:13 PM
createTimeStamp                      : 9/2/2013 3:01:13 PM
Deleted                              : 
Description                          : 
DisplayName                          : 
DistinguishedName                    : CN=COMPUTER01,CN=Computers,DC=DOMAIN,DC=local
DNSHostName                          : COMPUTER01.DOMAIN.local
DoesNotRequirePreAuth                : False
dSCorePropagationData                : {12/31/1600 7:00:00 PM}
Enabled                              : True
HomedirRequired                      : False
HomePage                             : 
instanceType                         : 4
IPv4Address                          : 
IPv6Address                          : 
isCriticalSystemObject               : False
isDeleted                            : 
KerberosEncryptionType               : {RC4, AES128, AES256}
LastBadPasswordAttempt               : 
LastKnownParent                      : 
lastLogoff                           : 0
lastLogon                            : 130942520427754509
LastLogonDate                        : 12/10/2015 3:02:53 PM
lastLogonTimestamp                   : 130942513734007331
localPolicyFlags                     : 0
Location                             : 
LockedOut                            : False
logonCount                           : 194
ManagedBy                            : 
MemberOf                             : {}
MNSLogonAccount                      : False
Modified                             : 12/10/2015 3:02:53 PM
modifyTimeStamp                      : 12/10/2015 3:02:53 PM
msDS-SupportedEncryptionTypes        : 28
msDS-User-Account-Control-Computed   : 0
Name                                 : COMPUTER01
nTSecurityDescriptor                 : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory                       : CN=Computer,CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
ObjectClass                          : computer
ObjectGUID                           : da59afcc-e00a-430b-9cbc-01adeed568f3
objectSid                            : S-1-5-21-3143343262-845931634-422089675-1179
OperatingSystem                      : Windows 7 Professional
OperatingSystemHotfix                : 
OperatingSystemServicePack           : Service Pack 1
OperatingSystemVersion               : 6.1 (7601)
PasswordExpired                      : False
PasswordLastSet                      : 12/2/2014 7:21:09 AM
PasswordNeverExpires                 : False
PasswordNotRequired                  : False
PrimaryGroup                         : CN=Domain Computers,CN=Users,DC=DOMAIN,DC=local
primaryGroupID                       : 515
PrincipalsAllowedToDelegateToAccount : {}
ProtectedFromAccidentalDeletion      : False
pwdLastSet                           : 130619964697110685
SamAccountName                       : COMPUTER01$
sAMAccountType                       : 805306369
sDRightsEffective                    : 15
ServiceAccount                       : {}
servicePrincipalName                 : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, 
                                       RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local}
ServicePrincipalNames                : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, 
                                       RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local}
SID                                  : S-1-5-21-3143343262-845931634-422089675-1179
SIDHistory                           : {}
TrustedForDelegation                 : False
TrustedToAuthForDelegation           : False
UseDESKeyOnly                        : False
userAccountControl                   : 4096
userCertificate                      : {}
UserPrincipalName                    : 
uSNChanged                           : 1721509
uSNCreated                           : 45981
whenChanged                          : 12/10/2015 3:02:53 PM
whenCreated                          : 9/2/2013 3:01:13 PM

 

As a next step, you gather the selected information and 

# Fetch data for an operating system overview, sorted by property Name only
Get-ADComputer -Filter * -Property * | Sort-Object Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion 

# Fetch data for an operating system overview, sorted by property OperatingSystem first, then Name 
Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion 

 

You can export the gathered information to a comma separated file easily using the Export-Csv cmdlet.

# Export the gathered and sorted information to a CSV file using a semicolon as the delimiter
# Adjust the file path for the CSV file to fit your environment
Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-Csv -Path C:\SCRIPTS\ComputerOverview.csv -NoClobber -NoTypeInformation -Delimiter ';' 

 

Link

 

Enjoy!

Read More »
On December 20, 2017
0 Comment
1704 Views

Issue

Recently I was facing an issue where Windows Server 2012 R2 reported remaining 22% of free disk space of one of the Exchange Server data volumes. The Exchange Server data volumes are connected using mount points. 

Before trying to identify any issues in regards to hidden system files or streams, I checked the volume shadow copy configuration using the Disk Management MMC.

Windows Disk Management showed that volume C: was using a mounted volume as shadow copy target.

Disk Manager Overview and Shadow Copy Details

Examining the available disk space using the Get-Diskspace.ps1 PowerShell script, it showed that WMI was reporting the FreeSpace the same way as the Disk Management.

[PS] D:\SCRIPTS\Get-Diskspace>.\Get-Diskspace.ps1 -ComputerName EX01
Fetching Volume Data from EX01

Name                                              Capacity (GB) FreeSpace (GB) BootVolume SystemVolume FileSystem
----                                              ------------- -------------- ---------- ------------ ----------
E:\ExchangeDatabases\DatabaseSet1\                         2048           1083      False        False NTFS
E:\ExchangeDatabases\DatabaseSet2\                         2048            445      False        False NTFS
E:\ExchangeDatabases\DatabaseSet3\                         2048           1219      False        False NTFS
E:\ExchangeDatabases\DatabaseSet4\                         2048           1091      False        False NTFS

The only viable solution to reclaim the wasted disk space was to remove the shadow copy of volume C.

Solution

First I checked the current list of shadow copies using the vssadmin command line tool.

D:\>vssadmin list shadows
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2013 Microsoft Corp.

Contents of shadow copy set ID: {eb09ce08-f8a6-47ea-b48d-2d6da7591d4e}
   Contained 1 shadow copies at creation time: 23.06.2017 16:05:56
      Shadow Copy ID: {3684b224-bca2-42c4-a0b3-43b7d0db2d96}
         Original Volume: (C:)\\?\Volume{df40ac48-f610-11e3-80ce-806e6f6e6963}\
         Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1
         Originating Machine: ex01.granikossolutions.eu
         Service Machine: ex01.granikossolutions.eu
         Provider: 'Microsoft Software Shadow Copy provider 1.0'
         Type: ApplicationRollback
         Attributes: Persistent, No auto release, Differential

The vssadmin tool does not clearly state the path to the shadow copy volume. Therefore, it is much more convenient to identify the shadow copy target using Disk Management. But the output shows that the shadow copy is nearly six months old. So it's safe to delete this orphaned shadow copy.

You can easily delete all shadow copies of a selected volume using the following command

vssadmin delete shadows /for=c: /all

But it turned out that the shadow copy could not be deleted, even with administrative credentials in use.

D:\>vssadmin delete shadows /for=c: /all
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2013 Microsoft Corp.

Error: Snapshots were found, but they were outside of your allowed context.  Try removing them with the
backup application which created them.

Needless to say, that a well-known third party solution is in use to backup the servers. The shadow copy remainers are copies created by the backup solution and were not properly removed after backup due to a system failure during backup.

But how can you remove the current shadow copy without tempering the exisiting permissions for your account?

Simply use the Disk Management MMC to modifx the current shadow copy configuration and the shadow copy is removed.

  • Open Disk Management MMC
  • Open Properties windows of an existing volume
  • Select the Shadow Copies tab
  • Select the source volume having the shadow copy configured (see screenshot above)
  • Click the Settings button
    • Leave the Located on this volume setting unchanged
    • Change the Maximum size setting to Use limit 320 MB
    • Click OK

Change Shadow Copy Settings to Remove Orphaned Copy

Switch to the command line and check for existing shadow copies.

D:\>vssadmin list shadows
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2013 Microsoft Corp.

No items found that satisfy the query.


The oprhaned shadow copy is gone.

Now open the Settings windows for the source volume again and change the Located on this volume to be the same as the source volume anfd change the Use Limit to the same value for the volume that is configured on other servers.

Volume Shadow Copy Settings

Enjoy Volume Shadow Copies

 

Links

 

 

Read More »
On May 16, 2017
0 Comment
992 Views

Microsoft Certified TrainerMy application as Microsoft Certified Trainer for the next year has been accepted by Microsoft.

My workshops and MOC courses focus on:

  • Exchange Server 2016 / 2013 / 2010
  • Office 365
  • Microsoft Azure
  • Active Directory Federation Services
  • Cloud Security

i am looking forward to a third successful year as MCT.

If you are looking for additonal information about workshops provided by Granikos check this page: https://www.granikos.eu/en/Consulting/Workshops

 

 

 

 

Read More »
On January 6, 2017
0 Comment
1072 Views

You might encounter a situation where you log on to your Windows 10 client and the Start menu is unresponsive and the taskbar remains empty.

The following two actions help to recover from the situation.

Step 1

Open an administrative PowerShell window and execute the following command

DISM /Online /Cleanup-Image /RestoreHealth

Restart Windows and check if the issue has been fixed.

 

Step 2

Reinstall (fix) all Windows apps. This step requires internet access, as all sources are downloaded using the local app manifest information

Open an administrative PowerShell window and execute the following command

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Be patient and wait until the app download and installation process has been completed. Just ignore any error message and restart Windows.

 

The first step might fix the issue already. if this is the case, do not execute the PowerShell cmdlet described in step 2.

 

 

 

 

Read More »
On August 19, 2015
0 Comment
1076 Views

Microsoft Certified Solutions Expert - Server InfrastructureToday I've passed the 70-414 exam and achieved my Microsoft Certified Solutions Expert - Server Infrastructure certification.

The Microsoft Certified Solutions Expert: Server Infrastructure certification validates that you have the skills needed to run a highly efficient and modern data center, with expertise in identity management, systems management, virtualization, storage, and networking.

Get certified by visiting the Training and Certification Community at Born to Learn

Links

Read More »