• There are some ways to do it differently:

    1. Logon to the Domain Controllers with the Schema Master role.
    2. Make sure the login account is part of the Enterprise Admins, Organization Management  & Schema Admins AD group.
    3. Right Click, then Run as Administrator on the cmd. prompt.

    Then let us know how it goes.

  • I need some guidance in what is the best way to deploy WDS and MDT servers across two different geographical offices?

    The bandwidth is only 100 MBps between the two office location.

    • Should I create two different WDS & MDT servers (one in each office location)?
      However, the issue here is that I will need to manually copy the image files across the WAN which can be done via Robocopy after business hours. I assume I can use DFS-R for the OS Image replication. But not sure how to configure this.
    • Should I create one main WDS & MDT server in the main office?
      However, the issue here is the bandwidth contention issue which can impact the network performance in between the sites when deploying a new image.

    So what would be the best practice or the suggested action?

    Any help would be greatly appreciated.

  • IT Engineer changed their profile picture 2 weeks, 1 day ago

  • Leo, many thanks for sharing the great script 🙂
    this is so cool and more than what I need.

    I thank you for the help.

  • That is great, thanks for the sharing and the update guy.

    @Luc: when I execute your script, the OU Location content is always showing as @{CanonicalName=Domain.com/All Corp/Domain Admin Accounts/Global.Admin}

    Isthere any way to fix that result?

  • IT Engineer changed their profile picture 8 months ago

  • Hi People

    I'd like to get some assistance in fixing the PowerShell script below to list the member of an AD security group called Domain Admins and export it to .CSV file.

    $ADGroupType = 'security'
    $ADGroupNamePattern = 'Domain Admins'
    $ResultFile = "C:TEMPMyResult.csv"
    
    function ConvertFrom-DN {
        [cmdletbinding()]
        param(
        [Parameter(Mandatory,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)] 
        [ValidateNotNullOrEmpty()]
        [string[]]$DistinguishedName
        )
        process {
            foreach ($DN in $DistinguishedName) {
            Write-Verbose $DN
                foreach ( $item in ($DN.replace(',','~').split(","))) {
                    switch ($item.TrimStart().Substring(0,2)) {
                        'CN' {$CN = '/' + $item.Replace("CN=","")}
                        'OU' {$OU += ,$item.Replace("OU=","");$OU += '/'}
                        'DC' {$DC += $item.Replace("DC=","");$DC += '.'}
                    }
                } 
                $CanonicalName = $DC.Substring(0,$DC.length - 1)
                for ($i = $OU.count;$i -ge 0;$i -- ){$CanonicalName += $OU[$i]}
                if ( $DN.Substring(0,2) -eq 'CN' ) {
                    $CanonicalName += $CN.Replace('~',',')
                }
                $qwer = [PSCustomObject]@{
                    'CanonicalName' = $CanonicalName;
                }
                Write-Output $qwer
    
            }
        }
    }
    
    Function Get-ADGroupMemberRecursive {
    [CmdletBinding()]
    Param(
        [Parameter(ValueFromPipeline=$true)]
        $Identity,
        [string[]]$Property
    )
        Begin {
            $splat = @{}
            If ($Property) {$splat['Property'] = $Property}
        }
        Process {
            Get-ADGroupMember -Identity $Identity | ForEach-Object {
                If ($_.objectClass -eq 'User') {
                    Get-ADUser -Identity $_ @splat | Select-Object -Property @{n='Group'; e={$Identity.Name}}, whenCreated, lastLogon, lastLogonTimeStamp
                } ElseIf ($_.objectClass -eq 'Group') {
                    Get-ADGroupMemberRecursive -Identity $_ @splat
                }
            }
        }
    }
    
    Get-ADGroup -Filter "(groupCategory -eq '$ADGroupType') -AND (name -like '$($ADGroupNamePattern)')" |
        Get-ADGroupMemberRecursive -Property Mail |
        Select-Object Group, 
            Name, 
            SamAccountName, 
            Mail, 
            whenCreated, 
            @{n='Last Logon'; e={[datetime]::FromFileTime($_.lastLogon)}},
            @{n='Last Logon TimeStamp'; e={[datetime]::FromFileTime($_.lastLogonTimeStamp)}}, 
            @{n='OU Location'; e={ConvertFrom-DN ($_.DistinguishedName)}}  |
        Export-Csv -Path $ResultFile -NoTypeInformation
    
    ii $ResultFile

    The problem with the script above is:

    1. The LastLogon date/time stamp is always showing as 1/01/1601 11:00:00 AM.
    2. The column that is filled correctly is just the AD Group Name and the TimeStamp like above?

    Thank you very much in advance.

  • Hi People,

    My predecessor has configured group policy forcing all of my corporate users in one site office (approximately 900+ people) staff to use online mode for Exchange 2013 as opposed to cached exchange mode.

    The Outlook installed version is ranging from 2010 up to 2016.

    Due to that Group policy above, it has caused multiple request to the IT support team frequently to have to configure the users email accounts down to the level of adding proxy server and "msstd:server.domain.com" details manually.

    https://support.microsoft.com/en-us/help/2754898/outlook-exchange-proxy-settings-dialog-box-always-displays-the-interna

    When I disable the policy hoping to set it back to Cached mode by default, I found out the workstations UNABLE to switch back to cached exchange mode, and errors occurred when the OST files were being created.

    So can anyone here please assist me how to fix this issue to set back the Outlook users to be on Cached mode without visiting more than 100+ workstations daily ?

    Do I have to enable each user as their local administrator on their own desktop or delete the profile manually one by one which cannot be configured through GPO ?
    Any help would be greatly appreciated.
    Thanks in advance.

  • Yes, it works great.

    Thank you for writing such a great script Alex !

  • IT Engineer became a registered member 3 years, 5 months ago