Take Ownership and Grant ‘Full Control’ Recursively

Take Ownership KB ID 0001200 

Problem

I had a bunch of old user profile folders I needed to delete today, When setup properly even the domain administrator can’t get in there and delete them;

You need permission to perform this action.

You don’t currently have persmission to access this folder

If it’s just one folder then simply take ownership, grant yourself rights and delete it! But I had a lot of folders so I needed a more robust (read less work) solution.

Solution: Take Ownership

Take Ownership of all Folders/Sub-Folders, and Files

Open an administrative command window, and execute the following command;

[box]

takeown /a /r /d Y /f C:\"Path-To-Folder"

[/box]

Grant ‘Full Control’ Rights to all Folders/Sub-Folders, and Files

Just because you are the owner, that does not mean you have any rights to the folders and files, to grant full control to the administrators group.

[box]

icacls C:\"Path-To-Folder" /grant administrators:F /t

[/box]

You can then delete the folder and its contents recursively with the following command.

[box]

Remove-Item -Path "Path-To-Folder" -Force -Recurse

[/box]

Related Articles, References, Credits, or External Links

Can’t Delete a File or Folder or Take Ownership

Rename a Domain Controller

Rename a Domain Controller KB ID 0001886

Problem

I’ve done a few migrating to {version} domain controller articles, and today I got asked,

How can you rename the “Server Name” back to the old one after migration ?e.g. from “Lan-2025” to “Lan-2019”

So, as the VMs from the last article were still running on the test bench, I ran though it to demonstrate.

Solution: Rename a Domain Controller

If you would like to add a new Windows Server 2025 domain controller to an existing domain here is the procedure.

Note: if you are not changing the domain controller name to a previous one, and simply want to rename a DC to something else, skip to THIS SECTION.

Rename a Domain Controller: Remove Stale DNS records

Never assume that demoting, and removing the old DCs does a great job of tidying up DNS it does not. So before we rename out new DC to the old DC name let’s make sure there’s nothing ‘hanging about’ that needs to be cleaned up. You can of course go hunting for them manually and remove them, but why when we have PowerShell. Typically a simple domain will have a” _msdcs.domain-name.domain-extension” and a “domain-name.domain-extension” forward lookup domain. (Your DNS server might have many forward lookup zones so run through them sequentially.

I’m stating with my _msdcs.test.net forward lookup zone, First I’m reading in ALL the DNS records for that domain.

[box]

$alldnsrecords = Get-DnsServerResourceRecord -ZoneName “_msdcs.test.netVIEW THE RESULTS BY SIMPLY CALLING THAT BACK

$alldnsrecords
[/box]

In my example there are not many records and I can see there’s none for the old DC name LAN-2019.test.net or for its IP address 192.168.110.10 so I’m skipping to the next step. Yours may have, if so you can delete them with the following commands;

[box]

$deadDC = $alldnsrecords | Where-Object {$_.RecordData.IPv4Address -eq “192.168.110.10” -or $_.RecordData.NameServer -eq “LAN-2019.test.net.” -or $_.RecordData.DomainName -eq “LAN-2019.test.net.”}

$deadDC | Remove-DnsServerResourceRecord -ZoneName “_msdcs.test.net

[/box]

Let’s do the same for my normal domain forward lookup zone test.net.

[box]

$alldnsrecords = Get-DnsServerResourceRecord -ZoneName “test.net

[/box]

As you can see (below) there a a few old records here for the LAN2019.test.net server, and a few for its old IP address (192.168.110.10) WARNING: I’m making the assumption your DCs have static IP addresses and those IP addresses ARE NOT in a DHCP scope, or some clown HAS NOT issued the old IP to another server!

Let’s filter those records so we just see the ones we are interested in.

[box]

$deadDC = $alldnsrecords | Where-Object {$_.RecordData.IPv4Address -eq “192.168.110.10” -or $_.RecordData.NameServer -eq “LAN-2019.test.net.” -or $_.RecordData.DomainName -eq “LAN-2019.test.net.”}

[/box]

And we can remove them with. (WARNING add -whatif to the end of the command if you are nervous and want to check what will happen before proceeding, if you are happy rerun the command without the -whatif switch).

[box]

$deadDC | Remove-DnsServerResourceRecord -ZoneName “test.net

[/box]

Rename a Domain Controller: Remove Stale Reverse DNS Records

Reverse DNS lookup zones typically are a lot easier to just do manually.

Rename a Domain Controller: Domain Cleanup

There should not be any need to do a metadata cleanup if the demotion and removal went smoothly, but there will probably be some junk left behind. I’ve demoted the old DC and removed it from the domain, but the computer object still remains (in a disabled state) let’s remove that.

    

Also often there’s an orphaned object in sites and services for the old DC, let’s remove that.

Rename a Domain Controller

Finally! The process is simple, we add a secondary name to the Domain controller (the old DC name), then we make that second name the primary name, reboot the server, and remove the unwanted server name. To add a new secondary name open an administrative PowerShell Window and use the following syntax.

[box]

netdom computername LAN-2025.test.net /add:LAN-2019.test.net

THEN TO VIEW THE RESULTS

netdom computername LAN-2025.test.net /enumerate

[/box]

Change the OLD DC name to be the primary with the following command, which will need to reboot the server, so then execute a Restart-Computer.

[box]

netdom computername LAN-2025.test.net /makeprimary:LAN-2019.test.net

Restart-Computer

[/box]

REMEMBER at this point the old and new server names have swapped, so your commands will now assume that (in this case) LAN-2019.test.net is the name of the DC you are on. Once the server has rebooted.

[box]

netdom computername LAN-2019.test.net /enumerate

CHECK THE NEW NAME IS LISTED FIRST, THEN REMOVE THE UNWANTED NAME

netdom computername LAN-2019.test.net /remove:LAN-2025.test.net

FINALLY CHECK AGAIN

netdom computername LAN-2019.test.net /enumerate

[/box]

Related Articles, References, Credits, or External Links

NA

PowerCLI: Get Snapshot Information

Get Snapshot Information KB ID 0001829

Problem

The question was asked on Experts Exchange today.

Are there any scripts or reports that would give me information on VMware VM’s with snapshots?

was pretty sure this was a straight forward one, so I jumped on the test network.

Solution: Get Snapshot Information

Connect to your vCenter and use the following commands.

[box]

Connect-viserver vCenter-Name 
THEN AUTHENTICATE
Get-VM | Get-Snapshot | Select-Object VM, Name, SizeGB, Created

[/box]

That was easy!

Get Snapshot Information : With RV Tools

You can also get the same information from RVTools, which if you don’t already use, do so!

Solution: PowerShell Delete Snapshots

You can delete all snapshots by simply piping the command above to Remove-Snapshot, But you will porbably want to do that on a VM by VM basis. Use the cfollowing command.

[box]

 Get-VM VM-Name| Get-Snapshot | Remove-Snapshot

[/box]

Related Articles, References, Credits, or External Links

NA

Windows Create NFS Share

Windows Create NFS Share KB ID 0001869

Problem

It has been a while since I mentioned this, but if you have a Windows server, and you would like to present an NFS Share, the process is pretty straight forward. The following procedure was carried out on Windows Server 2022, but the process is pretty much the same going all the way back to Server 2012.

Solution : Windows Create NFS Share

Install Server for NFS (GUI)

You need to add the “Server For NFS” Server role. Server Manager > Manage > Add roles and features >  Next > Next > Next  > Next > Expand  “File and Storage Services” > Expand “File and ISCSI Services” > Server for NFS > Next > Next > Next > Install.

 

Install Server for NFS (PowerShell)

I much prefer this method. From an Administrative PowerShell prompt, use the following command.

[box]

Install-WindowsFeature FS-NFS-Service -IncludeManagementTools 

[/box]

Note: In some instances you may be asked to reboot (post role installation.)

Windows Create NFS Share

Assuming you have a folder to share > Right Click > Properties > NFS Sharing > Manage NFS Sharing > Tick ‘Share this folder” > Permissions > Change access to ‘Read and Write” and tick allow root access > OK > Apply > OK > Apply > OK.

Related Articles, References, Credits, or External Links

Windows NFS Overview

PowerShell Inventory Operating Systems in Active Directory

PowerShell Inventory KB ID 0001838

Problem

I needed to get a list of operating systems  ‘in-use‘ in my active directory this week. bear in mind this will pull information from all enables computer accounts in AD, so if you are ‘not good‘ at tidying out old machines and servers you might get a lot of garbage in your output!

Solution: PowerShell Inventory

Use the following PowerShell.

[box]

Get-ADComputer -Filter 'enabled -eq "true"' `
-Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
Sort-Object -Property Operatingsystem |
Select-Object -Property Name,Operatingsystem,OperatingSystemVersion,IPv4Address

[/box]

All being well, your output should look something like this.

If you wanted to output that information to CSV then use the following.

[box]

Get-ADComputer -Filter 'enabled -eq "true"' `
-Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
Sort-Object -Property Operatingsystem |
Select-Object -Property Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
Export-Csv -Path “C:\Temp\AD-Operating-Systems.csv” -NoTypeInformation

[/box]

If you wanted to output that information to HTML then use the following.

[box]

Get-ADComputer -Filter 'enabled -eq "true"' `
-Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
Sort-Object -Property Operatingsystem |
Select-Object -Property Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
ConvertTo-Html | Out-File C:\Temp\AD-Operating-Systems.htm

[/box]

Related Articles, References, Credits, or External Links

NA

VMware: PowerCLI Errors

PowerCLI Errors KB ID 0001830

Problem

I was doing some work recently and tried to connect to my vCenter server and was greeted with this.

PS C:\Users\administrator.PNL> connect-viserver vc-70.pnl.com
connect-viserver : Object reference not set to an instance of an object.
At line:1 char:1
+ connect-viserver vc-70.pnl.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-VIServer], NullReferenceException
+ FullyQualifiedErrorId : System.NullReferenceException,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

Some internet searching led me to find out I simply needed to update PowerCLI  – but when I did that this happened.

PS C:\Users\administrator.PNL> Update-Module VMware.PowerCLI
PackageManagement\Install-Package : Authenticode issuer ‘CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert
Inc, C=US’ of the new module ‘VMware.VimAutomation.Sdk’ with version ‘13.1.0.21605170’ is not matching with the authenticode issuer ‘CN=VeriSign Class 3 Public Primary Certification Authority – G5, OU=”(c) 2006 VeriSign, Inc. – For authorized use only”, OU=VeriSign Trust Network, O=”VeriSign, Inc.”, C=US’ of the previously-installed module ‘VMware.VimAutomation.Sdk’ with version ‘12.0.0.15939651’. If you still want to install or update, use -SkipPublisherCheck parameter. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:2089 char:20 + … $sid = PackageManagement\Install-Package @PSBoundParameters + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Microsoft.Power….InstallPackage:InstallPackage) [Install-Package],
Exception
+ FullyQualifiedErrorId : AuthenticodeIssuerMismatch,Validate-ModuleAuthenticodeSignature,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackage

Errm OK?

Solution: PowerCLI Errors

Seems like the fix for both errors is to simply update PowerCLI, updating actually does not work (as you can see). So, you need to FORCE an clean install of PowerCLI and also ignore the certificate error (above) with a SkipPublisherCheck switch.

[box]

Install-Module VMware.PowerCLI -Force -SkipPublisherCheck

[/box]

Then all was well with the world!

Related Articles, References, Credits, or External Links

NA

Windows: Copy User Membership to Another User

Copy User Membership KB ID 0001828

Problem

If you have a lot of user groups and simply want to copy/clone one users group membership to another user, then with PowerShell that’s quite simple to do.

Solution: Copy User Membership

Here I have two users ALane who is a member of a few groups and APatel who is simply a member of domain admins.

Although we can see above what groups ALane is a member off let’s prove that will PowerShell.

[box]

Get-ADUser -Identity ALane -Properties memberof | Select-Object -ExpandProperty memberof

[/box]

Copy User Membership

Then let’s copy the groups from ALane to APatel.

[box]

Get-ADUser -Identity ALane -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members APatel

[/box]

And finally, lats make sure APatel is a member of those groups.

[box]

Get-ADUser -Identity APatel -Properties memberof | Select-Object -ExpandProperty memberof

[/box]

Or simply look in Active Directory users and computers (you might need to refresh if you already had APatel’s properties open!)

Related Articles, References, Credits, or External Links

NA

Install Windows Terminal on Windows Server 2022

Windows Terminal KB ID 0001827

Problem

I’ve been aware of Windows Terminal for a while, I’ve just never felt the need to set it up. Most of my work for the website involves me taking screenshots on Windows Server OS. So, when I decided to take a look at it I had to jump through a few hoops to get it to work, in the words of Juan Sánchez Villalobos Ramírez, Chief metallurgist to King Charles V of Spain, “I would save you that pain”. (If you get that reference, we can be friends).

Solution: Windows Terminal on Server 2022

So, Windows Server OSs cannot access the Windows Store, so you need to manually download the app packages (msibundle) then install them with PowerShell. If you want to install on Server 2022 then don’t download the Windows 11 package, if you do and try and install it you will see something like.

Deployment failed with HRESULT: 0x80073CFD, A Prerequisite for an install could not be satisfied. Windows cannot install package Microsoft.WindowsTerminal_1.16.10262.0_x64__8wekyb3d8bbwe because this package is not compatible with the device. The package requires OS version 10.0.22000.0 or higher on the Windows.Desktop device family. The device is currently running OS version 10.0.20348.1668

I walked back though a few versions before I realised you need to download the Windows 10 versions. go here and check for the latest version.

Previous Windows Server Versions: In some cases you may need to download and install the Preinstall kit (See above page for download link) Simply download it as a Zip file, extract it, and then use Add-AppxPackage to install the msibundle for that first. But for Server 2022 you don’t need to do that.

Firstly, you need to download another package as it’s a pre-requisite, the following commands will download and install it.

Note: Ensure C:\Temp Exists!

[box]

Invoke-WebRequest -Uri https://aka.ms/Microsoft.VCLibs.x64.14.00.Desktop.appx -outfile C:\Temp\Microsoft.VCLibs.x86.14.00.Desktop.appx
Add-AppxPackage C:\Temp\Microsoft.VCLibs.x86.14.00.Desktop.appx

[/box]

Once complete you can download and install the Windows Terminal Package (Check for the latest version and change the URL accordingly).

[box]

Invoke-WebRequest -Uri https://github.com/microsoft/terminal/releases/download/v1.16.10261.0/Microsoft.WindowsTerminal_Win10_1.16.10261.0_8wekyb3d8bbwe.msixbundle -OutFile C:\Temp\Microsoft.WindowsTerminal_Win10_1.16.10261.0_8wekyb3d8bbwe.msixbundle 
Add-AppxPackage -path C:\Temp\Microsoft.WindowsTerminal_Win10_1.16.10261.0_8wekyb3d8bbwe.msixbundle

[/box]

Now you can launch Windows Terminal.

Related Articles, References, Credits, or External Links

NA

Windows: Migrate DHCP HA

Migrate DHCP HA KB ID 0001826

Problem

I got an email last week.

“Hi thanks for your video. I have two win 2012 DC DHCP on a failover/load balance config and want to migrate to new Win 2022 VMs. What’s the exact procedure? If it’s a single VM it’s easy but I’m not sure about if it’s on a failover setup.”

Well migrating the domain controller element I’ve covered before.

Migrate From Server 2012 to Server 2022 Domain Controllers

And Migrating stand-alone DHCP servers is easy.

Migrate DHCP Scope(s) to Windows Server 2022

But what if you have your DHCP servers deployed in HA – be that Load Balanced, or Hot Standby (failover)? 

How do you migrate DHCP to a new platform then ?

Solution: Migrate DHCP HA

There was very little information I could find on this subject, you can drop down to one DHCP server and perform a simple migration to Server 2022 then setup HA again of course, but I think the following solution is much more elegant, and there’s NO DOWNTIME to worry about.

Windows Migrate DHCP HA – Step 1 Remove HA

In my example I have some 2012 R2 Servers running DHCP (it does not matter if they are in Load balancing mode or Hot Standby, the approach is the same just the commands will vary.

I’ve got two new Windows Server 2022 servers updated and added to the domain ready to take on the DHCP HA roles.

The first thing I’m going to do is remove the failover partnership. You can do this on either of the legacy DHCP servers but the one you run the command on will be the DHCP server that remains operational after you remove the partnership (in this case 2012-dhcp-1.dingdong.com).

 

Use the following syntax, the first command gets the failover groups name, you then delete that failover group.

[box]

Get-DHCPServerv4Failover
Remove-DHCPServerv4Failover "Failover-Group-Name"

[/box]

Windows Migrate DHCP HA – Step 2 Uninstall DHCP

Go to the server you have just removed the partnership from, it will not be performing DHCP but still has the role installed.

To Remove DHCP from the redundant legacy server use the following PowerShell commands. WARNING the last command will reboot the server.

[box]

Uninstall-WindowsFeature DHCP
Uninstall-WindowsFeature RSAT-DHCP
Restart-Computer

[/box]

Windows Migrate DHCP Failover – Step 3 Create HA to Server 2022

We will now create a failover partnership to the first of our two new Windows Servers.

Firstly we need to install the DHCP role on BOTH of our new Windows Servers, register them in AD, and change a registry key to stop server manager bugging you about running the DHCP setup wizard.

[box]

Install-WindowsFeature DHCP -IncludeManagementTools
netsh dhcp add securitygroups
Add-DhcpServerInDC -DnsName 2022-DHCP-1.dingdong.com -IPAddress 192.168.110.18
Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2

[/box]

NOW CARRY OUT THE NEXT STEP ON THE REMINING LEGACY DHCP SERVER

To create a Load Balanced Failover partnership (with a 50/50 load balance) use the following syntax. (change the values in red accordingly).

[box]

Add-DhcpServerv4Failover –ComputerName “2012-DHCP-1.dingdong.com” –PartnerServer “2022-DHCP-1.dingdong.com” –Name “DHCP-LOAD-BALANCE” –LoadBalancePercent 50 -MaxClientLeadTime 1:00:00 -StateSwitchInterval 00:45:00 -ScopeId 192.168.110.0 -SharedSecret “Password123"

[/box]

To create a Hot Standby (failover) partnership, use the following command instead.

[box]

Add-DhcpServerv4Failover -ComputerName “2012-DHCP-1.dingdong.com” –PartnerServer “2022-DHCP-1.dingdong.com” -Name “DHCP-HOT-STANDBY” -ServerRole Active -ReservePercent 10 -MaxClientLeadTime 1:00:00 -StateSwitchInterval 00:45:00 -ScopeId 192.168.110.0 -SharedSecret “Password123

[/box]

Windows Migrate DHCP Failover – Step 4 Break Replication

If you are replicating many scopes then wait a while for the servers to be ‘in sync’, the next step seems counter intuitive, as you are going to delete the very thing you have just created, but this procedure is carried out on the NEW DHCP SERVER NOT THE LEGACY ONE, (so the DHCP scope is removed from the last remaining legacy DHCP server.)

On the first new DHCP server execute the following commands. (same commands you used above in step 1).

[box]

Get-DHCPServer4Failover 
Remove-DHCPServer4Failover "Failover-Group-Name"

[/box]

Windows Migrate DHCP HA – Step 5

Now just as you did in step 2, remove the DHCP role form the last remaining legacy DHCP server.

Again, use the following commands. WARNING the last command will reboot the server.

[box]

Uninstall-WindowsFeature DHCP
Uninstall-WindowsFeature RSAT-DHCP
Restart-Computer

[/box]

Windows Migrate DHCP Failover – Step 6 Deploy new DHCP HA Configuration

Lastly, we setup a new failover relationship that is setup the same as the one we setup in step 3, but this time with the last remaining new DHCP server.

Like so.

[box]

Add-DhcpServerv4Failover –ComputerName “2022-DHCP-1.dingdong.com” –PartnerServer “2022-DHCP-2.dingdong.com” –Name “DHCP-LOAD-BALANCE” –LoadBalancePercent 50 -MaxClientLeadTime 1:00:00 -StateSwitchInterval 00:45:00 -ScopeId 192.168.110.0 -SharedSecret “Password123"

[/box]

You can now migrate any remaining roles or applications form the old servers, remove them from the domain and decommission them.

 

Related Articles, References, Credits, or External Links

Configure DHCP for Failover

OneDrive GPO (Domain Group Policy)

OneDrive GPO KB ID 0001821

Problem

The administrative template that you get with Win11 is somewhat out of date, so if you want to manage OneDrive with domain group policy your options are limited, if only there was a newer administrative template!

Well, there is, and it gets updated and sent to you quite regularly. Microsoft just do a good job of hiding it.

Solution OneDrive GPO

Depending on your deployment the files you need can be in different locations, the biggest challenge is finding them. execute the following PowerShell to locate them.

[box]

$OnePath = ("$env:LOCALAPPDATA\Microsoft\OneDrive", `
"$env:ProgramFiles(x86)\Microsoft\OneDrive", `
"$env:ProgramFiles\Microsoft OneDrive")
$OnePath | foreach{
    Get-ChildItem "$_\*\adm\onedrive.adm?" -ErrorAction SilentlyContinue
}

[/box]

As you can (above) see mine are in my user profile. The folder that they are in will also give you the build number, so you can check occasionally for updates (that will get pulled down when your OneDrive client gets updated).

Go to that directory and you will find the ADMX and ADML files.

Note: For anyone who is not English speaking, there may be a different ADML file in the locale folders you can see above.

Copy the OneDrive.admx file into your PolicyDefinitions folder (if unsure of the path, see below. obviously substitute your own domain name and here I’m on a domain controller so the SYSVOL volume on my local drive).

Now change to the INPUT LOCALE folder (in my case en-US) and copy the OneDrive.adml file into that folder.

Then when you are in the Group Policy Management Editor you will see the updated OneDrive options.

[box]

Computer Configuration > Policies > Administrative Templates > OneDrive

[/box]

If you can’t see them ensure your policy definitions have been setup correctly.

Related Articles, References, Credits, or External Links

Setup up a Central ‘PolicyDefinitions’ Store (for ADMX files)