Transcript – how restore AD Object from recycle bin – S2K8 R2

Publikováno 13.3.2012 | Autor: marwin

**********************

Windows PowerShell Transcript Start

Start time: 20120313094724

Username  : VDI\amasv

Machine                : DCHV (Microsoft Windows NT 6.1.7600.0)

**********************

Transcript started, output file is C:\Users\amasv\Documents\PowerShell_transcri

pt.20120313094724.txt

PS C:\Windows\system32> Get-ADObject -SearchBase „cn=Deleted Objects,DC=vdi,DC=fujitsu,DC=lab“ -Filter {lastKnownParent -eq „OU=accounts,DC=vdi,DC=fujitsu,DC=lab“} -IncludeDeletedObjects

 

 

Deleted           : True

DistinguishedName : CN=martin skapa\0ADEL:704fed33-f62c-4401-9d4b-760748508fb1,

CN=Deleted Objects,DC=vdi,DC=fujitsu,DC=lab

Name              : martin skapa

DEL:704fed33-f62c-4401-9d4b-760748508fb1

ObjectClass       : user

ObjectGUID        : 704fed33-f62c-4401-9d4b-760748508fb1

 

Deleted           : True

DistinguishedName : CN=martina R.\0ADEL:0295617c-30aa-4ef2-bc19-5191714752

94,CN=Deleted Objects,DC=vdi,DC=fujitsu,DC=lab

Name              : martina R.

DEL:0295617c-30aa-4ef2-bc19-519171475294

ObjectClass       : user

ObjectGUID        : 0295617c-30aa-4ef2-bc19-519171475294

 

 

 

PS C:\Windows\system32> Get-ADObject -SearchBase „cn=Deleted Objects,DC=vdi,DC=fujitsu,DC=lab“ -Filter {lastKnownParent -eq „OU=accounts,DC=vdi,DC=fujitsu,DC=lab“} -IncludeDeletedObjects | Restore-ADObject

or simple command

Get-ADobject -filter {displayName -eq „martin“ } -includeDeletedObjects | Restore-ADObject

PS C:\Windows\system32> Stop-Transcript

**********************

Windows PowerShell Transcript End

End time: 20120313094801

**********************

 

Rubriky: Active Directory | Komentáře nejsou povolené u textu s názvem Transcript – how restore AD Object from recycle bin – S2K8 R2

Prepare AD Schema before Install MS Exchange 2010

Publikováno 6.2.2012 | Autor: marwin

(HUB, CAS, MBX)

import-module servermanager
get-windowsfeature
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy –Restart

OR

d:\scripts> servermanagercmd -ip exchange-all.xml (name of script depends on installation)

——————————————–

EDGE – OS Preparation command

Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart

——————————————-

 
setup /PrepareLegacyExchangePermissions
setup /PrepareSchema
setup /PrepareAD /OrganizationName: „First Organization“

( over this command you can  re-create ms Exchange system arbitration accounts – DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}, FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042, SystemMailbox{1f05a927-26fe-4252-a803-85bab5b9ca2b}, SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} )
setup /PrepareAllDomains:FQDN

 

 

Rubriky: Exchange Server / Exchange Online | Komentáře nejsou povolené u textu s názvem Prepare AD Schema before Install MS Exchange 2010

dsmod – useful commands

Publikováno 18.12.2011 | Autor: marwin

Get members of group

dsget user „CN=UserName,OU=xxxxx,,DC=domain,DC=domain“ -memberof -expand

dsget group „CN=GroupName,DC=domain,DC=domain“ -members

Get inactive computers

dsquery computer -inactive 8 -limit 500 „OU=xxxxx,,DC=domain,DC=domain“

inactive = weeks

default limit is 100 objects

Rubriky: Active Directory | Komentáře nejsou povolené u textu s názvem dsmod – useful commands

Commands to allow using AD Trust -SID History

Publikováno 14.12.2011 | Autor: marwin

source domain – source.com

target domain – target.com

On target domain DC

netdom trust source.com /d:target.com /enablesidhistory:yes

netdom trust target.com /d:source.com /enablesidhistory:yes

netdom trust source.com /d:target.com /quarantine:no

 

 

Rubriky: Active Directory | Komentáře nejsou povolené u textu s názvem Commands to allow using AD Trust -SID History

How to tell if lastLogontimeStamp is in sync

Publikováno 14.12.2011 | Autor: marwin

1. Using repadmin to check the value of lastLogontimeStamp on all DC’s in a domain for one user:

repadmin /showattr * (or put name of DC server) /attrs:lastLogontimeStamp

Example:

repadmin /showattr * CN=user1,OU=accounting,DC=domain,dc=com /attrs:lastLogontimeStamp

2. Using repadmin to dump the lastLogontimeStamp for all users in a domain including users that have no data in the lastLogontimeStamp attribute:

repadmin /showattr * /subtree /filter:“(&(objectCategory=Person)(objectClass=user))“ /attrs:lastLogontimeStamp

3. Dump lastLogonTime stamp for users but only ones that have the attribute populated

repadmin /showattr * dc=domain,dc=com /subtree /filter:“((&(lastLogontimeStamp=*)(objectCategory=Person)(objectClass=user)))“ /attrs:lastLogontimeStamp

Rubriky: Active Directory | Komentáře nejsou povolené u textu s názvem How to tell if lastLogontimeStamp is in sync