PowerShell: Bulk Add/Remove Users From Groups
KB ID 0001475 Problem I had to do this a few weeks ago, so I documented it. I had a list of usernames in a CSV file and I needed to bulk-add them to a security group. Bulk Add Group Users Solution Firstly you will need the usernames (sAMAccountNames) in .csv format like so, (Note: As a header Im using User-Name.) I’ve saved the file to C:\Temp on my server. Execute the following commands; Import-Module ActiveDirectory ...
PowerShell: Bulk Enable / Disable Users
KB ID 0001469 Problem I needed to work out how to bulk disable some domain users from a .CSV file this week, so I thought I’d write it up. Disable Domain Users in Bulk from CSV Well firstly, you need to have your users in a CSV file. For the live job I just exported all the SamAccountNames to a CSV, but here for testing I just loaded a few in manually; Then execute the following two commands; Import-Module ActiveDirectory ...
PDC Emulator: Cannot Sync Time From External NTP Server
KB ID 0001464 Problem I was involved in a question on Experts Exchange this week where the asker could not get their PDC to sync time from an external NTP server. He was seeing an Event ID 12 Error; Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to...
Scheduled Task Error 0x1
KB ID 0001457 Problem While replacing a server, I copied over some scripts, (batch files) the client was using to back up some data. I scheduled them on the new server, but noticed they were finishing with a status of 0x1. (and not actually backing anything up!) Solution Edit the properties of the job > General Tab > Tick “Run with the highest privileges”. Note: You can also tick “Do not store password. This...
Dcpromo Error: No Other Active Directory Controllers?
KB ID 0001453 Problem I was trying to demote a domain controller yesterday morning, it was a 2008 R2 Domain controller, (in fact it was SBS 2011). I’d already added a nice new Server 2016 Domain Controller to the domain, and transferred all the FSMO roles, so I was surprised when I tried to gracefully demote the old DC and got this; You did not indicate that this Active Directory domain controller is the last domain controller...
PowerShell: Finding Stale User and Computer Accounts
KB ID 0001438 Problem I do this a lot, (usually prior to big migrations), most organisations have no mechanism for removing old users and computers from Active Directory, some don’t even disable the accounts. Find Users Who Have Never Logged On Use the following PowerShell Command; Get-ADUser -Filter { LastLogonDate -notlike “*” -and Enabled -eq $true } -Properties LastLogonDate | Select-Object @{...
Windows RDP: ‘An authentication error has occurred’
KB ID 0001433 Problem When attempting to RDP to a remote machine; An authentication error has occurred. The function requested is not supported Remote computer: {name} This could be due to CredSSP encryption oracle remediation. Or you may just see; An authentication error has occurred. The function requested is not supported Remote computer: {name} Solution This is happening after you have a applied a windows security update it...
Remote Desktop Services: Balancing Sessions Hosts and Connection Brokers
KB ID 0001424 Problem I got an email from a colleague who was setting up an RDS farm, (2012 R2). He was having some problems and asked me; “If the Connection Broker brokers the connections to the Session Hosts, how do I RDP to the Session Broker?” This threw me completely, I usually jump on the console in VMware or use a third party remote management tool, I don’t tend to to RDP onto servers. I had fallen into the...
Cisco WLC: EAP-TLS Secured Wireless with Certificate Services
KB ID 0001420 Problem Ah certificates! If I had a pound for every time I’ve heard “I don’t like certificates”, I could retire! The following run through is broken down into the following parts; Setup the Cisco WLC (WLAN) Setup NAP (RADIUS). Setup Certificate Auto Enrolment. Setup Group Policy to Deliver the Wireless Settings. Note: If you are scared of certificates, sometimes it’s easier to setup password...
PowerShell: Cannot Be Loaded Because Running Scripts is Disabled
KB ID 0001417 Problem If you’ve arrived here, you are trying to run a script, and you cant; PS C:\Users\{User-name}> .\{script-name}.ps1 .\{script-name} : File C:\Users\{User-name}\{script-name} cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170. At line:1 char:1 + .\{script-name} + ~~~~~~~~~~~~~~~~~~ +...