Feb 12

PowerShell™ Notes for Professionals & other books

Stack Overflow used to run an interesting project – Stack Overflow Documentation. It is currently shut down, but thanks to it we now have interesting free books like “PowerShell™ Notes for Professionals book“:

Please keep in mind it was created by SO content that may not be very accurate, like what I’d recently discovered:Are the cmdlets in a pipeline executing in parallel?

Anyway I’d recommend it since it contains an essentials compilation of PowerShell common tasks and language specifics.Good reading indeed!

There are also other books that may catch your interest:http://books.goalkicker.com/

Jan 10

Dynamic Objects in Active Directory

Sometimes we need to create users/groups/computers in Active Directory that will be used temporary (by a contractor, for testing etc.). The typical workflow is: Create > Use for a while > Delete. The deletion is manual and often these objects are being forgotten which poses some security risks.

It is little known fact that we can create the so called Dynamic objects (DOs, a.k.a. temporary objects) that get deleted from AD automatically when the associated TTL expires. Microsoft added this capability in Windows Server 2003. In fact the “Dynamic object” is an auxiliary class (OID = 1.3.6.1.4.1.1466.101.119.2). When linked to an object it adds some new attributes like the entryTTL (Entry-TTL) and ms-DS-Entry-Time-To-Die attribute.

Continue reading

Jan 05

WinRM would not listen on port 5985

The WinRM was configured to allow remote administration via a GPO but it wouldn’t let us connect with Enter-PSSession. The firewall rule was there passing the traffic on TCP port 5985.

Checking WinRM config showed something strange:

Listener [Source=”GPO”]
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = null

So WinRM was actually configured but wasn’t listening on any network interface. Why?

Continue reading

Jan 03

What is Add-PrinterDriver actually used for?

As of Windows 8.1 / Server 2012 R2 there is one beautiful cmdlet -Add-PrinterDriver. It dramatically simplifies driver/printer installation.

Naturally you will be tempted to install a driver from an .inf file like this:

But you will be blamed:

So it does not work as you/we may think. Sigh… So then what it is used for?

Continue reading

Aug 18

PowerShell вече е с отворен код и работи под Линукс!

Добри новини за любителите на PowerShell! Вече можем да използваме любимия shell под Linux и Mac 🙂

PowerShell is open sourced and is available on Linux

Не пропускайте и видеото с Бащата на PowerShell – Jeffrey Snover

Ето и кадри от събитието 🙂

Great day!

Jan 15

“Could not retrieve default replication accounts” during RODC Promotion

The task was to promote the first RODC in a mixed OS domain with Windows 2003 Forest/Domain functional levels. Before DC promotion the AD Schema was successfully extended and there was one Writable Domain Controller (Windows Server 2013 R2) up and running.

I noticed some RODC related groups are missing even trough adprep finished without any errors:

  • Read-only Domain Controllers
  • Allowed RODC Password Replication Group
  • Denied RODC Password Replication Group

I thought they will appear after first RODC promotion. But that was not the case!

These groups, along with many others, are created AFTER you transfer the PDC role to a domain controller, running Windows Server 2008 or later!

After transferring the PDC role these groups were created:

Nice to know it 🙂

Thereafter the first RODC was promoted successfully!

References:

Dec 14

Set-ADUser : Insufficient access rights to perform the operation when setting the Title attribute in Active Directory

Представете си, че имате обикновен потребител в Active Directory домейн, примерно Updater@pkg.lab. Искате той да има право да променя полето Title на определен списък с потребители.

Атрибутът Title отразява длъжността (т.е. Job Title) на потребителя в организацията.

За тази цел сте делегирали права Read/Write за атрибута Title в определени организационни единици:

Continue reading