Group membership isn’t consistent in AD Users and Computers

This was the case of another interesting troubleshoot I ran across where users weren’t enumerating properly in a PowerShell script. Problem statement: An admin was working on a project known as the “Active Directory Group Cleanup”, in which they needed to find and remove members from groups. So, he created a PowerShell script using Get-ADGroupMember….


The future of old apps with Windows 10

The past is hard to let go of, let’s be honest. In the IT world, there is a lot of truth to some of the old tools are also some of the best. You SCCM (or dare I still say SMS) guys should know this, for those who still use things like ccmclean instead of…


PS without BS: Creating Random Test Users in Active Directory

This was an interesting ask, and kind of showcases a couple of different techniques. The ask was to create 20 random users in Active Directory for test purposes. So, I grabbed a list of (debateably) a list of the most common male and female first names and the most common surnames. I then randomize these…


Clean up Group Policy Now! – How and Why

ACT I: Introduction In my mind, one of the things that put Windows over the top in the (cough) post Windows NT4 era was the ability to manage it with this new phenomenon called “Group Policy”. If anyone remembers the days of using logon scripts (some still do), AT commands (anyone remember Kixstart?), SMS, and…


Troubleshooting Internet Explorer and the CRL mystery

This was an interesting case, and didn’t see much on this when I searched around the public internet, so want to leave a little something in case it helped someone else. The Problem Statement Users on Windows 7 and Internet Explorer 11 or Microsoft Edge on Windows 10 were experiencing no issues going to a…


Detecting port availability and blockage: Part 2, The Trace

Note: For Part 1 of this blog, “The players”, Click Here So, back to our scenatio and detecting port blocking. A little copy and paste from Part 1: Nature of blocked ports Port blocking is a somewhat secret event to tracing, but there are some very easy methods to determine if this is happening. Let’s…


Detecting port availability and blockage: Part 1, The Players

Note: For Part 2 of this blog, “The trace”, Click Here In a recent blog “Welcome to the domain, just kidding”, I referenced RPC port 135 was being blocked as the root cause for why the computer could join the domain, and then the trust was broken. So, the question remains: How do you detect…


Protecting from Accidental Deletion (or not)

An interesting conversation came up today regarding the Active Directory feature “Protect from accidental deletion”. What does this actually mean? So, the good news is that any object in AD, being OUs, users, groups, you name it – If it’s important to you or your organization, you can go into the Object tab (advanced features)…


SCCM: For those nasty incremental collections

One feature that is easily misunderstood in SCCM is one of “incremental updates to collections”, which is this innocent little box: “Use incremental updates for this collection”. What I have noticed over time is that many customers use this as “Standard Operating Procedure” and hurt server performance by applying this to all collections they create….


Welcome to the domain. Just kidding.

I ran across a strange issue recently in regards to joining a server to the domain, so I hope this helps someone else running into the issue. Problem statement: A routine, run of the mill domain join of a server. The account was pre-populated (or not, wouldn’t matter) in Active Directory. Upon joining the domain,…