The Accidental Citrix Admin - The site for those who find themselves supporting Citrix involuntarily or accidentally
About a year ago, I released V1.0 of this script and stated if I ever found the time I would update it to not require XenApp 6.5. Finally, I took the time between customer calls to update this script (and two others).
About a year ago, I released V1.0 of this script and stated if I ever found the time I would update it to not require XenApp 6.5. Finally, I took the time between customer calls to update this script (and two others).
A few months back, I worked on a project where the customer needed to find all services on all servers that used a specific Active Directory (AD) account name. The problem was, they had no idea how the account name had been entered, nor did they know which server or what service used the account. I created a hard-coded script to search all computers in Active Directory for a partial account name. I finally made the time to make the script more useful and generic.
I have received numerous emails and comments from people having issues running the Active Directory (AD) documentation script in a forest that contains multiple domains. I finally got off my lazy rear end and took the time to figure out the issue and solution.
I recently wrote about Finding the Average Group Policy Processing Time Using Microsoft PowerShell and have made a couple of changes to the script.
Over the course of the past several months, I have had several projects where I needed to create, edit, or fix group policies. A problem I ran into was I only needed a subset of the policy settings (Site to Zone Mappings, Microsoft Office settings). Another problem was corrupt group policies that would not backup. How can I get just the settings I needed into a test group policy? This article shows the script I created to handle those situations.
One of the nice things about being an independent consultant is the new stuff learned while on projects. I learned some new information about Site to Zone Mapping I wanted to share with you.
OK, I heard from enough of you that wanted me to do this in PowerShell instead of my batch file. Here is the original article using built-in Windows utilities. This article will show the original batch file converted to PowerShell.
With all the writing I do for my website and customers, I frequently recreate my Windows Server 2012 R2 Active Directory (AD) environment. I thought I would show you how I use PowerShell to install and configure my Domain Controller.
With all the writing I do for my website and customers, I recreate my Windows Server 2012 R2 Active Directory (AD) environment frequently. Sometimes I just need a fresh start and I need to demote my domain controller, remove all the Active Directory related Roles and Features and just start over. This article will show how I use PowerShell to accomplish these tasks.
With all the writing I do for my website and customers, I recreate my Windows Server 2012 R2 Active Directory (AD) environment frequently. I thought I would show you how, in just a few seconds, I recreate my entire AD structure.
For my Active Directory (AD) documentation script, I needed to enumerate all Trusts for a Domain. I found a script on TechNet but it had issues. I fixed the issues but I cannot post it as a solution on TechNet because my script is longer than 2000 characters.
Ever since I started working with Microsoft Active Directory (AD) in July 2001, I have always wondered what should be configured in the Default Domain Group Policy Object (GPO). I have had a couple of my AD mentors tell me what should be in the Default Domain GPO and I have parroted their recommendation for years now because I agree with them. I am sure I also read somewhere in the past 12 years the Best Practices for this GPO but just have never been able to find it. This morning I finally came across an article from Microsoft that clearly states what the Best Practices are for the Default Domain GPO.
In my 10 Things in AD… presentations, I talk about the importance of having the domain controller that holds the Primary Domain Controller Emulator (PDCe) role configured as the authoritative time source for the forest. In the PDF that accompanies the presentations, I include a link to a Microsoft Ask the Directory Service Team blog article. The main problem with that article is there is not enough detail for a lot of people. Now that Server 2008 and later include PowerShell cmdlets for Group Policy, I thought I would add some detail on creating the Group Policy with PowerShell.
At Briforum 2013 Chicago, after my session on More Things in AD…, someone asked me a question. The question was “What happens to the FSMO roles when the domain controller that holds them is demoted and is no longer a domain controller?” The person asking the question was wondering, in an emergency, if a domain controller (DC) must be quickly demoted and it is unknown if the DC holds any FSMO roles, what happens? I gave the answer and this article is to show proof my answer was correct because the asker gave me a puzzled look. Kind of looking at me asking “Are you sure?”