Changing "Sessions" information on user account in Active Directory with Powershell

Doing some digging with a teammate today it was incredibly difficult to find information on how to automate the settings change of the Sessions tab on a user object.  Different paths indicate we need to edit the userParameters attribute but you’ve probably found that it’s a binary blob and not easily manageable.  Perhaps you went down…

3

NTDS performance counters missing

Thought I’d doc this for any others who run into this issue.  I had to demote/promote a machine this morning and when it finished promoting I found it was missing all the NTDS\* counters in perfmon.  I ran LODCTR /Q and saw that it looked wrong:   C:\Windows\system32>lodctr /q:NTDS Performance Counter ID Queries [PERFLIB]:    …

3

Interacting with Data Collector Sets via Powershell

Background: In an earlier post I talked about some new features for Windows 2008 and Vista.  One of those new features that is often overlooked are the data collector sets (DCS).  One particular role that leverages data collector sets is active directory.  Active directory has put “hooks” into tracing that can really take a lot…

6

Check that driver file versions match on all your cluster nodes via Powershell

This is more of a proof of concept, but I’ve used it with success internally.  Take it and do with it what you want.  Many thx to Brandon who did the “heavy lifting” when I got stuck! Overview: Ever run into cluster issues and wanted to see if the driver file versions matched on all…

5

SET-ACL on registry key

Man it was hard to find info on using set-acl on a registry key!   I was looking for a way to set an ACL that once set would be inherited by child keys and values.    We needed to give “Local Service” full control on the registry key below and have the subkeys inherit the permission. …

6

Display warning text when someone logs onto your servers

This works for Windows 2003 and Windows 2008.  We use it during our reliability study to let the server owners know that they shouldn’t reboot their boxes without a good reason.  You can use it for whatever you’d like. 🙂 The two keys to set: reg add “\\brad-dc-01\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v LegalNoticeCaption /t REG_SZ /d “MSIT…

2

Getting Access Denied when trying to query rootMSCluster namespace remotely against Windows 2008.

Ran into a weird issue where I was getting access denied when trying to query nodes remotely in powershell.  The query was working fine against Windows 2003 cluster names and worked locally when ran on a Windows 2008 cluster node, it just didn’t work remotely.   Against 2k3: PS C:\Debuggers> gwmi -q "Select name from…

7

Domain doesn't know about my computer account? I vouch for my computer, you can trust me...

Had an issue where a server would not allow logon via termian services each time you attempted to logon it would return this:     Soooooooooo, what to do here?  First, we made sure the account existed in the directory since that’s why it appeared to be complaining.  So I opened LDP and verified it…

5