Today’s blog entry is short and sweet. You want to quickly find out whether the AD Recycle Bin feature is enabled or not. There are a few ways to do this, but this is a quick Powershell method. # Is the AD Recycle Bin enabled in my forest? Import-Module ActiveDirectory If ((Get-ADOptionalFeature -Identity “Recycle… Read More »
I quite regularly come across Active Directory environments where users have been mistakenly added to groups protected by the AdminSDHolder and subsequently removed when the mistake has been realised. This process creates “orphans” because the AdminSDHolder process doesn’t tidy up after itself. Here’s what happens: User added to group protected by the AdminSDHolder (e.g. Account… Read More »
Back in March 2010 when Powershell and I were on somewhat less friendly terms, I wrote an OU shadow script to populate group membership based on the contents of an OU. Since then, Powershell and I now at least acknowledge eachother when we pass in the corridor and I have updated the script with some… Read More »
Occasionally, I have a need to merge the attributes of one AD user into another. This requirement is typically the result of a migration where some users have had accounts informally created in the target environment in advance of the formal migration process. In other words, a user ends up with two accounts and needs… Read More »
For those of you planning to extend your AD DS or AD LDS schema, you will need to find a unique object identifier (OID) for each new schema class and attribute. The process by which you can acquire the OIDs is described by Microsoft here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms677619(v=vs.85).aspx In summary, Microsoft suggests two methods for obtaining an… Read More »
I recently came across an old blog post by fellow MVP Joe Richards. In the post Joe points out that whenChanged is not a replicated attribute, which makes it a poor candidate for accurately determining when an object was last modified. He does however indicate that the whenChanged attribute provides a handy way to report… Read More »
Here’s something I put together to handle bulk certificate requests for submission to an Enterprise CA using certreq.exe. Enjoy! ######################################################### # # Name: Request-Certificates.ps1 # Author: Tony Murray # Version: 1.0 # Date: 4/12/2012 # Comment: PowerShell script to submit certificate # requests in bulk using certreq.exe # ######################################################### # Specify the location of the… Read More »
If you’re familiar with LDAP searches you will probably at some point have been frustrated at the inability to exclude objects in a specific Organisational Unit, i.e “Give me all User objects in the domain, except those in the Sales OU”. To workaround the problem you typically need to do some scripting. There are several… Read More »
If you come across this error when using Powershell to delete an object, it is most likely because the object has child objects associated with it. The most obvious example is computer objects that have print queue, service connection point, RRAS or various other types of child objects. The workaround is to determine the child… Read More »
Recently I was doing some testing with a new Exchange 2010 Receive Connector and wanted a method to check how many messages it was processing. I came up with the following Powershell snippet that seems to work well. $i = 0 do { $now = get-date (Get-MessageTrackingLog -ResultSize unlimited -Start “11/10/2012 3:00PM” -End $now -Server… Read More »