Server Core: Navigating an old but new world

Lately, I’ve done a lot of posting on Server Core and one thing I’ve neglected to write on is how you actually navigate in this new world. Starting with Windows Server 1709 (and at the time of this writing), the “current branch” models of Windows Server will not have a GUI and your one and…


Active Directory and the impact on Schema Updates

There are some considerations in modifying the Active Directory schema. I am hoping this will be helpful to others that may have similar questions. Despite the short intro, let’s get into the details: Main player: The Schema Master The Schema Master is one of the 5 FSMO roles in Active Directory. By default, the first…


PS without BS: Some useful GPO cleanup scripts

Just a quick blog with a lot of punch to it: Some easy and great ways to clean up Group Policy. What are some of the reasons for this? Well… Your GPO infrastructure may be out of control. You may have forgotten what policies are linked You may have policies that are enforced without settings…


Demystify PKI – Act II: Certificate Logging

This is a quick blog on how to enable certificate logging, as by default this is not enabled in Windows. For reference, this is a multi-part blog on PKI, here are the other entries: Demystify PKI (aka AD Certificate Services) – Act I: Cryptography First, a common falacy is that all things are located in…


PS without BS: Removing WMI Queries from GPMC

One of the neat features back in (cough) Windows Server 2003 was the addition of WMI filters to Group Policy. I’m not going to waste a lot of time this morning on a history lesson, but WMI filters in GPO have some valuable benefits, but unfortunately nothing in this life is free. The answer a…


PS without BS: Fixing the user primary group

This is a Part 2 from my blog Group membership isn’t consistent in AD Users and Computers. In this blog, I will go though a remediation script on how to set all user accounts to the primary group of “Domain Users”. For more information on the backstory, see the link. Now, to the script. There…


Group membership isn’t consistent in AD Users and Computers

This was the case of another interesting troubleshoot I ran across where users weren’t enumerating properly in a PowerShell script. Problem statement: An admin was working on a project known as the “Active Directory Group Cleanup”, in which they needed to find and remove members from groups. So, he created a PowerShell script using Get-ADGroupMember….


The future of old apps with Windows 10

The past is hard to let go of, let’s be honest. In the IT world, there is a lot of truth to some of the old tools are also some of the best. You SCCM (or dare I still say SMS) guys should know this, for those who still use things like ccmclean instead of…


PS without BS: Creating Random Test Users in Active Directory

This was an interesting ask, and kind of showcases a couple of different techniques. The ask was to create 20 random users in Active Directory for test purposes. So, I grabbed a list of (debateably) a list of the most common male and female first names and the most common surnames. I then randomize these…


Clean up Group Policy Now! – How and Why

ACT I: Introduction In my mind, one of the things that put Windows over the top in the (cough) post Windows NT4 era was the ability to manage it with this new phenomenon called “Group Policy”. If anyone remembers the days of using logon scripts (some still do), AT commands (anyone remember Kixstart?), SMS, and…