Windows

Remove disabled users from Distribution Lists & Security Groups in Active Directory

One of my clients had several disabled users showing up in distribution lists and security groups and this was creating unnecessary noise in email, alerts, etc. I highly encourage all administrators to keep their AD neat and tidy.

The following PowerShell script searches for disabled users in Groups and Distribution Groups and removes them:

Hope this helps!

Active Directory: Changing passwords for users in bulk using a .csv file

Many accounts in your AD might need a password change. What if you want to do this in bulk ?

First, we need to the userlist. Depending on your requirements we need to get a list of users (specifically samaccountname). For random password generation I recommend using http://manytools.org/network/password-generator/ as it can generate up 1000 for free.

Here is what my UserList.csv look like:

Make sure you do the following on a domain controller or connecting to your domain controller via PS-remote with elevated permissions.

Run this in PowerShell (Open PowerShell in Admin Mode)

PowerShell:

-Reset
Specifies to reset the password on an account. (User is not prompted to change password).
To use this parameter, you must set the -NewPassword parameter.
You do not need to specify the -OldPassword parameter.

VMware: Intermittent Error: Unexpected character ‘’ (code 65279 / 0xfeff) in prolog; expected ‘<' at [row,col {unknown-source}]: [1,1] pop up in Windows vSphere client ?

Recently, I got the error below when using the vSphere client.

Problem:

error

I have only tested this solution on:

2016-10-04_11-41-47

Solution:

Repair your installation of Microsoft Visual J#® 2.0 Redistributable Package – Second Edition (x64)

Download

The error went away after repair.

In trying to google the error some user have reported that uninstall the patch KB3147458 worked for them. I didn’t have the patch.

Hope this helps.

Windows: Hide Internet Explorer 11 address bar & navigation bar

Applies to:

Windows Server 2008R2, Windows Server 2012R2, Windows 10

There are two ways this can be accomplished depending on your needs for the controlled environment.

GPO:

I would like to first clarify that there is not a single GPO to just hide TABS in IE11. There is however a way you can enforce IE in Full View Mode which by default will remove the TABS and Address bar via a GPO.

The GPO  you can use to enforce the Full-Screen view is available on both Computer and User configuration policy. Below is the gpo location path in group policy editor console.

  • GPO NAME: Enforce full-screen mode
  • LOCATION: Computer or User configuration – Computer Configuration\Administrative Templates\Windows Components\Internet Explorer
  • KEY LOCATION: Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions

SCREENSHOT: GPO CONSOLE

2352.GPO-LOCATION

WINDOWS REGISTRY:

This will cause the IE address bar to not show. I disabled the Navigation bars too so it gives a clean window experience.

SCREENSHOT: REGISTRY LOCATION WITH VALUES

1172.GPO-REGISTRY-LOCATION

Download the Registry file.

The GPO and keys will cause the browser to open in full view with no address bar or tabs

7536.FULL-VIEW-AFTER-GPO

Excel: Check email addresses in bulk if format is correct or not

So had a request today to clean up email addresses as some of them were not valid. This was needed for over 1500 email addresses.

So used the formula below and was able to find all addresses that were “FALSE”. I filtered them out and was able to fix them as needed.

Here’s what you need to do:

If your e-mails are in A column, go in the B column and in the B1 cell and copy paste this code:

Then, go down and left on the B1 cell so you can copy and paste the code to the other cells.  For all the valid e-mails, it will give you ‘TRUE’ and for the invalid ‘FALSE’.

2016-08-25_14-34-49

DFS Namespace service could not initialize cross forest trust information

After you install Active Directory on Windows Server 2008 R2, you may start seeing the following error message after the server boots:

The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

This occurs because the DFS Namespace service attempts to access Active Directory before it has completely initialized.
To resolve this issue, we simply have to force the DFS Namespace service to start after the Active Directory service has initialized. We can do this by setting the DFS Namespace service to depend on the Active Directory service as well as setting it to a Delayed Startup mode.

To make those changes, start regedit and make the following changes :

  1. Navigate to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dfs
  2. Modify the DependOnService value and add NTDS to the list.
  3. Create a new DWORD value named DelayedAutostart and set its value to 1.

DNS broken after Windows Update KB3145126

I noticed the DNS broke on my servers after Windows Update.

The problem was KB3145126. Read more about it here.

After a quick removal and reboot, DNS was operational again.

To remove/uninstall KB3145126, open powershell and run the following:

Hope this helps.

Check Proxy settings from Powershell

To check the proxy settings like ProxyOveride or if it is enabled or not:

To disable proxy from PowerShell:

To enable proxy from PowerShell:

 

IE Enable/Disable Proxy Settings via Registry

Whatever the reason may be to enable or disable proxy, here is a simple registry hack to turn it on or off.

Open powershell in admin mode.

Enable:

Disable:

The above method require an IE restart, alternatively if you don’t want to restart IE. Make similar change under:

To find your SID read here.

Disable IPv6 on Windows Core Server 2008 R2 – 2012 R2

GUI Version:

2016-08-09_17-13-27

  1. Open Control Panel > Network & Internet > Network & Sharing Center > Change Adapter Settings > Choose the Adapter
  2. Right Click – Select Properties
  3. Networking Tab
  4. DeSelect IPv6
  5. Close

No GUI… No problem (Core):

After doing the above procedure you might have to use the registry editor aswell to completely disable the ipv6 tunnel

Here’s what to do to disable IPv6 on Core Windows Server

First check the interface that you want to disable.

2016-08-09_17-01-41

To completely disable IPv6 on a Windows Server 2008/2012-based computer yourself, follow these steps:

    1. Open Registry Editor.
    2. Locate the following registry subkey:
    3. In the details pane, click New, and then click DWORD (32-bit) Value.
    4. Type DisabledComponents, and then press ENTER.
    5. Double-click DisabledComponents, and then type 0xffffffff in Hexadecimal or 4294967295 in Decimal.Note The 0xffffffff value or the 4294967295 value disables all IPv6 components except for the IPv6 loopback interface.
      http://support.microsoft.com/kb/929852

      Also we can try this command to Disable IPv6 in Windows

    6. Reboot
    7. Re-run the above command to see if the interface shows IPv6 addresses