PowerShell: Bulk Add/Remove Users From Groups
KB ID 0001475 Problem I had to do this a few weeks ago, so I documented it. I had a list of usernames in a CSV file and I needed to bulk-add them to a security group. Bulk Add Group Users Solution Firstly you will need the usernames (sAMAccountNames) in .csv format like so, (Note: As a header Im using User-Name.) I’ve saved the file to C:\Temp on my server. Execute the following commands; Import-Module ActiveDirectory ...
PowerShell: Bulk Enable / Disable Users
KB ID 0001469 Problem I needed to work out how to bulk disable some domain users from a .CSV file this week, so I thought I’d write it up. Disable Domain Users in Bulk from CSV Well firstly, you need to have your users in a CSV file. For the live job I just exported all the SamAccountNames to a CSV, but here for testing I just loaded a few in manually; Then execute the following two commands; Import-Module ActiveDirectory ...
PDC Emulator: Cannot Sync Time From External NTP Server
KB ID 0001464 Problem I was involved in a question on Experts Exchange this week where the asker could not get their PDC to sync time from an external NTP server. He was seeing an Event ID 12 Error; Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to...
Scheduled Task Error 0x1
KB ID 0001457 Problem While replacing a server, I copied over some scripts, (batch files) the client was using to back up some data. I scheduled them on the new server, but noticed they were finishing with a status of 0x1. (and not actually backing anything up!) Solution Edit the properties of the job > General Tab > Tick “Run with the highest privileges”. Note: You can also tick “Do not store password. This...
Dcpromo Error: No Other Active Directory Controllers?
KB ID 0001453 Problem I was trying to demote a domain controller yesterday morning, it was a 2008 R2 Domain controller, (in fact it was SBS 2011). I’d already added a nice new Server 2016 Domain Controller to the domain, and transferred all the FSMO roles, so I was surprised when I tried to gracefully demote the old DC and got this; You did not indicate that this Active Directory domain controller is the last domain controller...
PowerShell: Finding Stale User and Computer Accounts
KB ID 0001438 Problem I do this a lot, (usually prior to big migrations), most organisations have no mechanism for removing old users and computers from Active Directory, some don’t even disable the accounts. Find Users Who Have Never Logged On Use the following PowerShell Command; Get-ADUser -Filter { LastLogonDate -notlike “*” -and Enabled -eq $true } -Properties LastLogonDate | Select-Object @{...