I once wrote a post on how to generate random passwords that would comply with Active Directory complexity rules quite a while back. My script on TechNet Gallery has now reached over 2000 downloads and I thought it might be time to revisit the topic with a few updates. First off I’ve just updated the script, mainly for better performance.
I’ve also realized that a common scenario is when a user calls the service desk asking for a new password.
[TL,DR: I’ve written a script to retrieve IP Addresses from subnets not defined in Active Directory. It is published on Technet Gallery: Get-MissingSubnets]
Active Directory uses Sites to define where in the topology a computer resides and thereby determining which server that should be used for certain services. For example sites are used to determine which Domain Controller a client should use as a logon server and if one of my clients log on at a site somewhere in Australia I probably don’t want it to process Group Policies from a Domain Controller in the US.
The VMware vShield driver is a system driver named vsepflt.
It is easy to check the status of this driver by running msinfo32.exe and navigating to “Software EnvironmentSystem Drivers”
This can however be a bit cumbersome on an environment with more than one virtual machine. That’s why I recommend using PowerShell instead.
The System Drivers category displayed by msinfo32 is nothing else than the WMI-class Win32_SystemDriver, so I wrote a short function that can be used to inventory the status of the VMware vShield driver.
When working with Active Directory and Powershell using ldap filters is a great way of searching the directory with great performance. The only problem is that ldap filters tend to be a bit hard to read and sometimes they appear to be a jitter of parentheses with some cryptic values in between.
When I write ldap filters I usually write them as multiline indented text, for example let say I wanted to search for all users (not contacts or computers) that is enabled and not set to expire.
I was playing around with the cmdlets in the DFSR-module the other day and realized that none of them could (as far as I could tell) give me a reliable count on the number of items in the DFSR Backlog.
My plan was to initiate a replication of two folders and then have a script monitor the backlog to generate status messages to keep me informed of the progress.
I searched for a way to accomplish this by looking at the commands in the DFSR module that have the verb Get