How automatically set DSRM password or something like that via Powershell

function set-DSRMPass {
Begin {write-host „`n“
Write-Host -ForeGroundColor Yellow „Set new DSRM password …… “ ;
}
Process {

#$ntdspasschange = ‚ntdsutil „set dsrm password“ „reset password on server null“‚
#invoke-expression $ntdspasschange

$pass = Read-Host „password“ -AsSecureString
$wshell = New-Object -ComObject wscript.shell;
$wshell.Run(„cmd.exe“)
sleep 5
$wshell.SendKeys(‚ntdsutil‘)
$wshell.SendKeys(‚{ENTER}‘)
sleep 5
$wshell.SendKeys(‚set dsrm password‘)
$wshell.SendKeys(‚{ENTER}‘)
sleep 5
$wshell.SendKeys(„reset password on server null“)
$wshell.SendKeys(‚{ENTER}‘)
$wshell.SendKeys(„$pass“)
$wshell.SendKeys(‚{ENTER}‘)
sleep 5
$wshell.SendKeys(„$pass“)
$wshell.SendKeys(‚{ENTER}‘)
$wshell.SendKeys(‚q‘)
$wshell.SendKeys(‚{ENTER}‘)
$wshell.SendKeys(‚q‘)
$wshell.SendKeys(‚{ENTER}‘)
}
#ntdsutil „set dsrm password“ „reset password on server null“ q q

}

 

 

 

 

 

Powershell does not show all

Perhaps you have a same problem, which I have some minute ago. It is good time to write this show article and share with you how solve this trouble.

This is our problem:

PowershellNotShowAll

 

 

Solution is this variable – $formatenumerationlimit

When we set this variable to 200 -> $formatenumerationlimit = 200 , powershell will show us more. When I set variable to $formatenumerationlimit= -1, powershell will show us all

 

🙂

 

 

Active Directory on Windows Server version(DFL, FFL) – new features

ActiveDirectory

 List of changes with Domain and Forest functional levels

 

2008 Domain functional level:

  • Multiple password policies per domain
  • User-viewable last logon information
  • Increased Kerberos encryption
  • DFS replication for SYSVOL shares

 

2008 R2 Domain functional level:

  • Better and more automated service account management
  • Security logs and access lists based on authentication type

 

2008 R2 Forest functional level:

  •  AD „recycle bin“

 

2012 R2 Domain functional level:

  • Restricted admin mode – Mstsc /restrictedadmin (it is not store admin passwordon remote desktop to LSA)
  • LSA Protection
  • Protected user groups
  • Authentication Polices
  • Silos (management for authentication polices)
  • COMPOUND ID
  • Kerberos Armoring

 

2012 R2 Forest functional level:

  • nothing

relax

MS SCOM 2007 R2 – Audit Reports

scom2007r2

If you need to create own audit reports in MS SQL Report Builder for MS SCOM, you need to know how do it in Report Builder. You need also know little bit about SQL  and better  to know about PL/SQL.

Usual target of your interest will be audit reports from AD (User logins ….). If you need to create own report for user logins, the point of your interest will be MS SQL view – AdtServer.dvAll located in OperationManagerAC database.

 

Table join for EventID on Server 2008 and newer

SELECT distinct
li.TargetDomain
,li.TargetUser
,li.PrimaryUser
,li.String06 GuiDID_li
,lo.String06 GuiDID_lo
,li.String01 as LogonType1
, li.EventMachine
, li.Source
, li.String13 as AuthPackage
, li.String12 as LogonProcess
, li.String03 as LogOnFrom
–, cast(CAST(li.CreationTime as time) as DATEtime) as LoginDateTime
–, dateadd(D,DATEDIFF(D,li.CreationTime, lo.CreationTime), cast(CAST(lo.CreationTime as time) as DATEtime)) as LogoutDateTime
–, CAST(li.CreationTime as time) as LoginTime
, li.CreationTime as LoginDate
, lo.CreationTime as LogoutDate
–, DATEDIFF(SECOND,li.CreationTime, lo.CreationTime) as diff
,li.String02 as LogonType2

FROM
(SELECT * FROM AdtServer.dvAll WHERE EventId = 4624) AS li LEFT OUTER JOIN
(SELECT * FROM AdtServer.dvAll WHERE EventId = 4634) AS lo
on li.String01 = lo.String01

WHERE li.EventId = 4624
and li.CreationTime > dateadd(DAY,-3,GETDATE())
and DATEDIFF(SECOND,li.CreationTime, lo.CreationTime) > 0
and li.TargetUser not like ‚%$‘
–and li.TargetUser = lo.TargetUser
–and li.String13 not like ‚MICROSOFT_AUTHENTICATION_PACKAGE_V1_0‘
and li.String06 not in (‚{00000000-0000-0000-0000-000000000000}‘)
–and li.String02 in (‚2′,’10‘)
and li.String02 in (‚2′,’10‘)
and li.TargetUser not like ‚/_%‘ escape ‚/‘
and li.TargetUser = ‚user‘
–and li.EventMachine = ‚dc2008‘

 

SCOMMSSQLREPORT2008

This description of strings could you little help, if your ACS agent are running on Windows Server 2008 and newer.:

, String01 as TargetLogonId
, String02 as LogonType
, String03 as LogOnFrom
, String04 as ipPort
, String05 as TargetServerNetBiosName
, String06 as LogonGuid
, String07 as String07
, String08 as String08
, String09 as KeyLength
, String10 as Process_ID
, String11 as ProcessName
, String12 as LogonProcess
, String13 as AuthPackage
, String14 as String14
, String15 as String15
, String16 as String16
, String17 as String17
, String18 as String18
, String19 as String19
, String20 as String20
, String21 as String21
, String22 as String22

—————————————

, String14 as String14
, String15 as String15
, String16 as String16
, String17 as String17
, String18 as String18
, String19 as String19
, String20 as String20
, String21 as String21
, String22 as String22

=  is default  -> n/a

 

Table join for EventID on Server 2003

SELECT distinct
, li.TargetDomain
, li.PrimaryUser
, li.EventMachine
, li.Source
, li.String09 as AuthPackage
, li.String02 as LogOnFrom
, cast(CAST(li.CreationTime as time) as DATEtime) as LoginDateTime
, dateadd(D,DATEDIFF(D,li.CreationTime, lo.CreationTime), cast(CAST(lo.CreationTime as time) as DATEtime)) as LogoutDateTime
, CAST(li.CreationTime as time) as LoginTime
, li.CreationTime as LoginDate
, lo.CreationTime as LogoutDate
, DATEDIFF(SECOND,li.CreationTime, lo.CreationTime) as diff
,li.String01 as LogonType

FROM
(SELECT * FROM AdtServer.dvAll WHERE EventId = 528) AS li LEFT OUTER JOIN
(SELECT * FROM AdtServer.dvAll WHERE EventId = 538) AS lo ON
li.PrimaryLogonId = lo.ClientLogonId

where
li.String01 in (’10‘,’2′)
and li.CreationTime > dateadd(DAY,-6,GETDATE())
and DATEDIFF(SECOND,li.CreationTime, lo.CreationTime) > 0
and li.PrimaryUser not like ‚%$‘
–and li.PrimaryUser = lo.PrimaryUser
–and li.CreationTime > ‚12.12.2014‘
–and li.String13 not like ‚MICROSOFT_AUTHENTICATION_PACKAGE_V1_0‘
and li.String02 in (‚2′,’10‘)
and li.PrimaryUser not like ‚/_%‘ escape ‚/‘
and li.PrimaryUser = ‚username‘

SCOMMSSQLREPORT

This description of Strings could you little help, if your agent are running on Windows Server 2003 and older:

, String01 as LogonType
, String02 as LogOnFrom
, String03 as String03
, String04 as TargetServerNetBiosName                                                                                                                                                                                                                                                                                                                 , String05 as LogonGuid                                                                                                                                                                                                                                                                                                                                               , String06 as CallerProcessID

, String07 as –
, String08 as LogonProcess
, String09 as AuthPackage

, String10 as String10
, String11 as String11
, String12 as String12
, String13 as String13
, String14 as String14
, String15 as String15
, String16 as String16
, String17 as String17
, String18 as String18
, String19 as String19
, String20 as String20
, String21 as String21
, String22 as String22