Having a local administrator of your workstations can come in handy. Sometimes you might need to logon locally to troubleshoot or rejoin a computer to your domain. You can create a group policy that creates a local admin users and sets the local password. Admins make a common mistake when they want to add a … Read moreAdding a security group to the Local Administrator Group in AD
When you have a lot of conference rooms, equipment or special rooms mailboxes it is hard to list or find available free rooms during a particular time slot. Luckily, Office365 and Outlook 2013/2016 have a special feature called ‘Room Lists’, which enable you to find and schedule a room quickly based on availability and offer … Read moreOffice365: List Your Business Can’t Live Without
Office 365 Groups are a shared workspace for email, conversations, files, and events where group members can collectively get stuff done. It compliments the introduction of Microsoft Teams. The main thing to keep in mind is that this feature is still evolving. Why is it important to control Office 365 Group creation? This feature is … Read moreCleaning up Office365 Groups Mess
One of my clients had several disabled users showing up in distribution lists and security groups and this was creating unnecessary noise in email, alerts, etc. I highly encourage all administrators to keep their AD neat and tidy. The following PowerShell script searches for disabled users in Groups and Distribution Groups and removes them:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# This script removes all disabled users from all security and distribution groups in the specified "searchOU" Import-Module ActiveDirectory $searchOU = "OU=Groups,DC=domain,DC=local" $adgroup = Get-ADGroup -Filter 'GroupCategory -eq "Security" -or GroupCategory -eq "Distribution"' -SearchBase $searchOU $adgroup | ForEach-Object{ $group = $_ Get-ADGroupMember -Identity $group -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | ForEach-Object{ $user = $_ $uname = $user.Name $gname = $group.Name Write-Host "Removing $uname from $gname" -Foreground Yellow Remove-ADGroupMember -Identity $group -Member $user -Confirm:$false } } |
… Read moreRemove disabled users from Distribution Lists & Security Groups in Active Directory
Microsoft Teams was announced yesterday and many want to jump right in. I noticed when users wanted to create teams, new distribution groups started getting added. I wanted to find out my ‘In cloud’ distribution groups and was surprised there was no property for the item. I was able to find out the groups … Read moreFind out ‘in cloud’ Distribution Groups
Every Exchange user has an OWA mailbox policy that governs what they can and can’t do with their mailbox. Updating this mailbox policy removes the ability for users to create Groups. Because OWA policies are per user, you can limit the ability to create Groups for some users and not others. At this time, the … Read moreDisable Office group creation
Majority of the system administrators I’ve met forget this very important rule. When an account is not needed remove its membership from the security/ distribution groups, otherwise you get disabled account showing up in groups, and that looks ugly. You will need Quest ActiveRoles for Powershell installed to get this working. Depending on the size … Read moreRemove group membership of disabled accounts
|
1 2 3 4 5 6 |
$users = Get-ADGroupMember "AD Group with Users to be Enabled for ActiveSync" foreach ($line in $users) { $user = $line.samaccountname Set-CASMailbox $user -ActiveSyncEnabled:$true Get-CASMailbox $user | Select-Object Name, ActiveSyncEnabled } |