Finding Groups that have disabled users in them

This is just a quick powershell script to find all users who are a member of a certain group (of certain groups).
We were running out of licenses for one of the products we use internally. This product is tied to group memberships. Instead of clicking on each indivual group or disabled user (approximate 40 groups or 560 disabled users), I figured I would draft up a quick powershell to do the work for me.

Write-Host "Importing the ActiveDirectory Module" -foregroundcolor green
Import-Module ActiveDirectory | out-null 
Write-Host "Filtering AD Groups" -foregroundcolor green

#This will filter your groups. Change *changeme* to the group(s) you want filter. Keep the * if you want to wildcard it 
$Groups = (Get-AdGroup -filter * | Where {$_.name -like "*changeme*"} | select Name -expandproperty Name)
Write-Host "Preparing the CSV Template" -foregroundcolor green

#This will create the template for you to export to CSV 
$csv = @() 
$Record = [ordered]@{ 
"Group Name" = "" 
"Name" = "" 
"Username" = "" 
"Enabled" = ""
} 
Write-Host "The Magic is happening. Getting all Disabled Members" -foregroundcolor green

#The Magic
Foreach ($Group in $Groups) 
{ 
 $ArrayOfMembers = Get-ADGroupMember -Identity $Group -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | Select Name,SamAccountname,Enabled
 foreach ($Member in $Arrayofmembers) 
 {
 $Record."Group Name" = $Group
 $Record."Name" = $Member.Name
 $Record."UserName" = $Member.SamAccountname
 $Record."Enabled" = $Member.Enabled
 $objRecord = New-Object PSObject -property $Record
 $csv += $objrecord
 } 
}

#The Export
Write-Host "Exporting to CSV" -foregroundcolor green
$csv | export-csv "C:\temp\ADSecurityGroups.csv" -NoTypeInformation | out-null
Write-Host "Complete" -foregroundcolor green

Continue reading Finding Groups that have disabled users in them

Install and configure SQL AlwaysON AG with Listener on Azure

This is going to be a multi-part post, based on a very recent deployment.

I had to urgently build an AlwaysOn Availability Group and Listener in Azure on SQL Server 2014. The only issue was,  I have limited Azure and SQL knowledge. I can maintain and install, and create a few scripts here and there. But not enough to be called a DBA or Cloud Boff. However, I decided this would be an awesome thing to learn how to do. So, during the course of man flu, about 40 hours of crunch time, I can now install, configure and maintain a SQL AlwaysON AG with Listener on Azure.

So, lets get cracking.

Prerequisites:

  • 1x Domain Controller
  • 1x Service account for the SQL Server Service and for the SQL Server Agent Service
  • 1x Delegated permissions on AD for the cluster to create computer objects.
  • 1x Load balancer (on Azure)
  • 2x Windows Servers installed with a minimum of SQL 2012 installed
  • Shared location on each node (this will be used for adding DBs to the using a “Full” model)

Some of these pre-requisites are listed in this post – so don’t worry if you don’t know how to do certain things.

Continue reading Install and configure SQL AlwaysON AG with Listener on Azure

Step by Step Moving FSMO roles in Server 2012 R2

I needed to move our FSMO roles to a centralised server today, the main cause for this was firewall ruling (cannot add rules mid-week) and an urgent requirement for Domain controllers in our Azure Production environment.

We were unable to dcpromo our Azure server and after 2 days of troubleshooting, wiresharking and several work-a-rounds – we decided to move the FSMO roles yet again. Now, I know for a fact that continuously moving the FSMO roles is NOT HEALTHY for a domain environment, I was totally against it, but I bit the bullet and did as I was told.

They are now in their new home, On-Premise Site A,  and will not be moved again. However, due to Microsoft best practice, we will split the Schema master and Domain Naming Master off to DC2 once all firewall rules are in place.
Continue reading Step by Step Moving FSMO roles in Server 2012 R2

Scripted configurations of SNMP v2

Today I went through the process of scripting the configuration of SNMP configurations for multiple OS/devices. The reason for this is that there has never been a formality or standardisation of this and sometimes we tend to forget this and or that. So, in case you would also like to script it, here is what we use.

The defaults:

sysLocation:
For this, you could either use “3rd floor, of some office” or, if you are a global company, with  monitoring system that makes use of the GoogleMaps API (e.g. Observium) and would like to show various location globally – use a google API name – e.g. London, UK or Cape Town, South Africa etc.

sysContact:
This could be a name or an email address or telephone number

Community:
Something that is configured on your server and on your device/workstation/server that allows communications. There is also a permission set that will get applied to this.

target:
This is the place you are sending information to

port:
This is by default, 161/UDP, unless you change it.

Continue reading Scripted configurations of SNMP v2

Creating Superseded Applications in SCCM 2012 R2


Today I was investigating upgrading an application we use for email signature management called Symprex. I want to upgrade it using SCCM and realised that internally we didn’t have any “How-To” documentation on deploying an application from start to finish, so what better way to add a post to my blog and some internal documentation.

sccm-2012-r2-logo

So, what is supersedence exactly?

Microsoft TechNet gives us a pretty good explanation:

“Application management in Microsoft System Centre 2012 Configuration Manager allows you to upgrade or replace existing applications by using a supersedence relationship. When you supersede an application, you can specify a new deployment type to replace the deployment type of the superseded application and also configure whether to upgrade or uninstall the superseded application before the superseding application is installed.
When you supersede an application, this applies to all future deployments and Application Catalog requests. This will not affect the existing installations of the application.”

Taken directly from Technet

Continue reading Creating Superseded Applications in SCCM 2012 R2

Using Lansweeper to find computers that do not have a specific windows update installed

So, today I was asked “How do I use product “X”” to to pull a report to list all systems that do not have a specific hotfix installed.

I will not be listing product “X” as

  1. It cannot do what was asked
  2. I don’t want to bad mouth the software, as what it’s actual purpose is, it does the job damn well.

So, below is a report (You can implement this via the “Report Builder” in Lansweeper).

Continue reading Using Lansweeper to find computers that do not have a specific windows update installed

Resetting DSRM or Directory Services Restore Mode password in Server 2012 R2

Today I needed to reset a DSRM password, not because we forgot it, but more due to wanting to have different passwords for our domain controllers.

Although, you could have the same password for each Domain Controller – this is not always secure. If your server gets compromised and they hack the DSRM password, they will try that exact password on a different server in order to gain access to it.

What is DSRM?

DSRM is a special boot mode (or option) for Windows Server Domain Controllers (ONLY). Think of it as a kind of “SafeMode” for directory services. With DSRM, the administrator is able to repair, recover or restore Active Directory services.  DSRM is configured during the promotion of Active Directory Services. This Administrator account that you configure is completely unrelated and separate to the DOMAIN\Administrator account.

Continue reading Resetting DSRM or Directory Services Restore Mode password in Server 2012 R2