WINDOWS. PS. Search duplicate member in AD Groups

It search in groups members equals or similars and return the %

https://gallery.technet.microsoft.com/PowerShell-to-Find-Stale-441759fc

Run script:

long time later ....

The result is at "GroupMembershipComparison.csv". We tranform the data at columns

 

Now can view...

Check at Windows 2012 R2
by GoN | Published: December 5, 2017 | Last Updated:

WINDOWS. PS. Mail by default

[ ] Introduction

I have a lot of user at my Exchange, all users have more of one email, for O365 project I need assign one specific default email.

I prepared one list with a login name and the new default email account.

[ ] The script

**********************************

# Import AD Module
#Import-Module ActiveDirectory

#Si queremos hacer un BAckup antes:
#Get-Mailbox -ResultSize Unlimited |Select-Object DisplayName,PrimarySmtpAddress > Backup

#Log
$LogFile = "C:\scripts\O365\EmailDefault\logUpdates.txt"

write-Host 'Starting to update AD Attributes.......' -NoNewline -ForegroundColor Yellow
write-Host "`r`n"

# Import CSV into variable $LIST_users

#fICHERO DE USUARIOS A ACTUALIZAR
$LIST_users = Import-Csv C:\scripts\O365\EmailDefault\UserList.TXT -delimiter ";"
# Loop through CSV and update users if the exist in CVS file

$LIST_users|Foreach{


Write $_.Login
Write-output "`n++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`r`n" >> $LogFile
        Write-output $_.Login | out-file -filepath $LogFile -append
Write-output "`n====================================================================`r`n" >> $LogFile
Set-Mailbox $($_.Login) -Primarysmtpaddress $($_.DefaultAddress) -confirm:$false -Emailaddresspolicyenable $False 2>> $LogFile


}

Write-Host 'done!' -ForegroundColor Green

*********************************

[ ] The Log

For check I can verify my log ($LogFile = "C:\scripts\O365\EmailDefault\logUpdates.txt") with the results.

REF: https://technet.microsoft.com/es-es/library/hh847746.aspx

Check at Exhange 2007

by GoN | Published: November 16, 2017 | Last Updated:

WINDOWS. PS. Easy uptade user attributes.

I explain a simple and quicly script to update user AD attributes. At this example update 3 atributes from AD users

[ ] Source txt tributes:

LOCATION_NAME , COMPANY_NAME, LOCATION_ADDRESS

Source user data: C:\tmp\Upgradeusersdata\users.csv

[ ] Destination AD atributes: 

Office, Company, StreetAddress

[ ] Script:

/***********************************************************************/
# Import AD Module
Import-Module ActiveDirectory

$Delimiter = ";"

write-Host 'Starting to update AD Attributes.......' -NoNewline -ForegroundColor Yellow
# Import CSV into variable $LIST_users

$LIST_users = Import-Csv C:\tmp\Upgradeusersdata\users.csv $Delimiter
# Loop through CSV and update users if the exist in CVS file

$LIST_users|Foreach{

Set-ADUSer -Identity $_.Login -Office $_.LOCATION_NAME -Company $_.COMPANY_NAME -StreetAddress $_.LOCATION_ADDRESS
Write $_.Login

}

Write-Host 'done!' -ForegroundColor Green


/***********************************************************************/

The "-Identity" will be our index.

Check at Windows 2012 R2
by GoN | Published: November 3, 2017 | Last Updated:

CISCO. How to access a switch with limited permissions

I explain how to create one user to acces to switch with limited permitions, for example for create one network opertator or Help desk user.

Configure Switch. Commands:

aaa new-model
aaa authentication login default local
aaa authorization exec default local

privilege interface level 10 duplex

privilege interface level 10 speed

privilege interface level 10 shutdown

privilege interface all level 10 switchport

privilege interface level 10 description

privilege interface level 10 no duplex

privilege interface level 10 no speed

privilege interface level 10 no shutdown

privilege interface all level 10 no switchport

privilege interface level 10 no description

privilege interface level 10 no

privilege configure level 10 interface

privilege exec level 10 configure terminal

privilege exec level 10 configure

privilege exec level 10 show mac

privilege exec level 10 show arp

privilege exec level 10 show running-config interface

privilege exec level 10 show logging

privilege exec level 10 show interfaces

privilege exec level 10 show

Configure User. Asign user privileges. Commands:

(config)# username NOMBRE privilege 10      
   

With this configuration the user Jxxxx can to access to privilege 10 and lower

Other example. Commands:

username gontest privilege 5 password gontest
privilege exec level 4 show running-config view full

Check at 2960/ 3780 SW 
by GoN | Published: October 10, 2017 | Last Updated: 

WINDOWS. PS. Easy uptade computer attributes.

I explain a simple and quicly script to update AD attributes. At this example update the "location" atribute from AD computers.

[ ] File: UpdatePC.PS1

Import-Module ActiveDirectory
$Delimiter = "," 
$PCs = Import-csv C:\Script\UpdateADattributes\PCs.csv -Delimiter $Delimiter
ForEach($Computer In $PCs)
{
    Set-ADComputer -Identity $Computer.Name -Location $Computer.NewLocation -Confirm:$false
}


[ ] File: PCs.csv

Name,NewLocation
XXXX1445,UnLugar54xx
XXXX047,UnLugar56xx


[ ] Check

Command: get-adcomputer w1001445 -properties * | Select name, location

Check at Windows 2012 R2
by GoN | Published: September 21, 2017 | Last Updated: October 3, 2017

NAGIOS. Logo

For change the Nagios logo to other picture, there are a lot of ways, this is one method:

[ ] In Nagios Core Version 4.2.4 save your logo in /usr/local/nagios/share/images/sblogo.png file

Before:

Later:

[ ] In Nagios XI. One option for custom logo component is navigate to Admin > Manage Components > Custom Logo. 

Fill the new file logo in "Logo Image:"

Later:

Check at Nagios
by GoN | Published: September 19, 2017 | Last Updated: 

WINDOWS. PS. You cannot run this script is not digitally signed.

To solve the problem for run on script that is not digitally signed:

Command: powershell.exe -ExecutionPolicy ByPass -command "XXXXXXXXXX"

Check at Windows 2012 R2
by GoN | Published: September 18, 2017 | Last Updated: 

WINDOWS. PS. Event Viewer. Search Events

If you have some Domain Controlers and you need look for a special event, you can use this command:

[ ] Search for ALL domain controllers

COMMAND: Get-Eventlog –ComputerName ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).FindDomainController() “Security” -InstanceID “4740” -Message *”USERNAME”* | Format-List Timegenerated, Message

[ ] Search for one domain controllers

COMMAND:  Get-Eventlog -ComputerName xxxxDC01 “Security” -InstanceID “4769” | Format-List Timegenerated, Message

COMMAND: Get-Eventlog -ComputerName ServerDC “Security” -InstanceID “4740” -Message *”USERNAME”* | Format-List Timegenerated, Message


Other options are use the Windows event forwarder. http://gonsystem.blogspot.com.es/2016/07/windows-suscripciones-y-envio-de.html

REF: http://jeffwouters.nl/index.php/2012/05/powershell-searching-for-the-cause-of-a-user-account-that-keeps-getting-locked-out/

Check at Windows 2012 R2
by GoN | Published: September 14, 2017 | Last Updated: 

WINDOWS. SPAIN change special character Ñ at username

In Spanish keyboard there one special character the "ñ" .

When you need change the this character in one user, the system report one error and don't to does the change.

A simple trick can help us.

Example. User: España

If you change the character "ñ" for "n" you recived this error 

For solve the problem firt you need change the "ñ" by other character and press "Apply"

Later you can change "other character" by one "n"

Check at Windows 2012 R2
by GoN | Published: September , 2017 | Last Updated: 

WINDOWS. PS. GPO. Force gpupdate synchronitation - replication

[ ] Check the last GPO synchronitation

Command: gpresult /scope computer /v | more

Run CMD as administrator.

[ ] To get info OU or Machine

[ ] Apply the synchronitation to one Computer

Command:Get-ADComputer -Filter * -SearchBase "CN=PCXXXX5,OU=Test,OU=Maquinas,OU=Casa,OU=dept,DC=dominio,DC=LOCAL" | Foreach-Object {Invoke-GPUpdate -Computer $_.name -Force -RandomDelayInMinutes 0}

[ ] Apply the synchronitation to all computer in one OU

Command:Get-ADComputer -Filter * -SearchBase "OU=Test,OU=Maquinas,OU=Casa,OU=dept,DC=dominio,DC=LOCAL" | Foreach-Object {Invoke-GPUpdate -Computer $_.name -Force -RandomDelayInMinutes 0}

When you apply the command "Invoke-GPUpdate" all computers can view this screen

You can check the synchronitation whith the firt step.

More info: http://gonsystem.blogspot.com.es/2017/06/windows-ad-replication.html

Check at Windows 2012 R2
by GoN | Published: September 4, 2017 | Last Updated: 

WINDOWS. PS. Test-Connection a new ping

Other possibility to do a PING with Power Shell is the command "Test-Connection " / "Test-NetConnection"

[ ] Check with times.

Command: Test-Connection google.com,adidas.com,nike.com

[ ] Only Check without times.

Command: Test-Connection google.com,adidas.com,nike.com -Quiet 

[ ] Check differnts sources

Command: Test-Connection google.com,adidas.com,nike.com -source XXXdc01, XXXdc02

To check all path

Test-Connection XXXdc01 -source  XXXdc02

Test-Connection XXXdc02 -source  XXXdc01

[ ] With information path

Command: Test-NetConnection nike.com -TraceRoute

1

My computer have one Proxy to go to internet it is the cause that I have a few IP at my TracerRouter.

[ ] Check computer port

Command: Enter-PSSession -ComputerName selected_host -Credential selected_User

[ ] More information

Command: Test-NetConnection XXXXXdc01

Command: Test-NetConnection google -port 443

Links: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/test-connection?view=powershell-5.1

Check at Windows 2012 R2 & W10
by GoN | Published: September 1, 2017 | Last Updated: Dec 1, 2020

WINDOWS. PS. Check OU computers

Subject: Check compurters OU to check there ara some host. Scheduler one daily task and inform us by email only if there are some host.

When you add new computer to AD by default is assigned to "Computers" OU, this script remember you to move at other OU.

[ ] Get-ADComputer

COMMAND: Get-ADComputer -Filter * -SearchBase "CN=COMPUTERS, DC=Mydomain, DC=local" | select-object -expand name

COMMAND: Get-ADComputer -properties * -Filter * -SearchBase "CN=COMPUTERS, 
DC=MyDomain, DC=local" | select name, DNSHOSTNAME,WHENCHANGED,WhenCreated | Format-Table

[ ] PS Script

#Creado 31/7/2017
#
#
Import-Module ActiveDirectory
#
#
#******************************************************************************************************* 
#[COMMON VARIABLES]

$emailbody = $nul
$emailbody = @()

$body= Get-ADComputer -properties * -Filter * -SearchBase "CN=COMPUTERS, DC=MyDomain, DC=local" | select name, DNSHOSTNAME,WHENCHANGED,WhenCreated | Format-Table | Out-String 

# [SEND EMAIL]
# 

If (!$body) {

} 
else 
{
$PSEmailServer = "11.116.116.2"
Send-MailMessage -From "OUComputers@micompany.es" -To "ServiceDesk@micompany.es; it@micompany.es" -Subject "PCs sin asignar en OU\COMPUTERS" -Body $body 
}

[ ] Schedule daily report

Check at Windows 2012 R2
by GoN | Published: July 31, 2017 | Last Updated: September 28, 2017

WINDOWS. GPO. Result GPO

Sometimes we need verify if a GPO are applied corretly.

 

There are 2 good commands very similars to check the GPOs applied in one Host.

CMD:

Output Screen: "gpresult /V /scope computer | more"

Output HTML file: "gpresult /H c:\rsop2.HTML"

PowerShell:

Output HTML file: "Get-GPResultantSetOfPolicy -user domain\user.name -computer MyManchine -ReportType Html -Path C:\destination\rsop.HTML"

Check at Windows 2012 R2
by GoN | Published: July 27, 2017 | Last Updated: 

WINDOWS. GPO. Deploy Fonts

Sometime ago was very easy install font at Operating System, you had to copy the font file in c:\windows\fonts, it was very simply. Now there are few changes.

This post explain how to create a new GPO to deploy font at hosts.

[ ] Rename files to cut her name size (max 8 characters)

I copy/rename the "SourceSansPro-Regular.ttf" at "SSPR.ttf"

[ ] Create a public folder for distribte the new file fonts.

Users need to be able to read this folder.

[ ] GPMC.msc. Now we create a new GPO

Assign GPO to compueter OU.

[ ] Configure parameters:

In "Value Date" the file font name (ex: file.ttf)

In Key Path: "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts"

In Value Name -> The font name to view at program (EX:"SourceSansPro-Regular" to view at Word program)

[ ] Apply GPOs: "GPupdate /force" or/and Restart the computer "GPupdate /force /sync"

[ ] To check in a destinantion host

CMD:

Explorer:

Word: 

Regedir:

Check at Windows 2012 R2
by GoN | Published: July 26, 2017 | Last Updated: July 27, 2017