Archive for the ‘Active Directory’ Category

Microsoft Ignite 2016 Slidedeck and Video downloader


Have you missed the Microsoft Ignite 2016 event… problem!! MVP Michel de Rooij has created a script to download all the content (videos and slidedecks). So you can watch all the content again.

This script will download all the Ignite 2016 slidedecks and videos that are available from Techcommunity via the OneDrive URL on the session page. Video downloads will leverage a utility which can be downloaded from, and put it in the same folder as the script. The script itself will try to download the utility when the utility is not present.

Special credits goes to:
Original scraper for slidedecks by Mattias Fors,
Adjusted for video downloading by Michel de Rooij,
Enhancements by Scott Ladewig

Download the script here.



How to: Change computername in Windows Explorer on Windows Server 2012 R2

When you’re are using a lot of virtual machines or environments, it’s somethimes realy usefull to see in what environment or on what server you’re logged in. If created a really nice solution for my servers, basically Remote Desktop Services in different environments, that does exact my I need! I’ve changed the displayname in Windows Explorer to the value “user on server”, for example: “mark on prod-rds-01″.

You can set this new value with Group Policy Preferences or some other scripting.

1.) Create a new GPO in the Group Policy Management Console
2.) Navigate to “User Configuration / Preferences / Windows Settings / Registry
3.) Create a new registry item and browse to the following registry key:
4.) Change the default REG_SZ value to “%username% on %computername%”
5.) Login to the specific server where you targeted the GPO and open Windows Explorer
6.) The name of your computer has changed to “username on computername”

2015-12-04_11h19_20    2015-12-04_11h20_16    2015-12-04_11h20_48

2015-12-04_11h21_11    2015-12-04_11h21_40    2015-12-04_11h37_48

How to: View configured mailbox quota’s in Exchange 2010/2013 using Out-GridView

When you’ve configured mailbox quota’s within your Exchange 2010/2013 environment, you’ve to check the configuration sometimes. Using Microsoft PowerShell, you can watch the current configuration within a few second, so this is extremely powerfull!! But, when you have to query for some specific user or result, it’s not that easy.

There’s a very usefull command within PowerShell that I’m using almost for all my scripts….Out-GridView. When using the parameter Out-GridView, the results are not showing within the PowerShell screen, but in a separate window! Within this window, you can very easy add some search criteria….for example: specific user, quota or an overview per database.

One requirement is that the Windows Feature “Windows PowerShell Integrated Scripting Environment (ISE)” is installed on the Exchange servers or mangement server from where you’re running the commands.

1.) Open the Exchange Management Shell (EMS)
2.) For an overview of the current mailbox quota, use the following command.
Get-Mailbox -Identity mswinkels | ft Name, IssueWarningQuota, ProhibitSendQuota, ProhibitSendReceiveQuota
3.) The results of this command is shown within the PowerShell window
4.) Now we’re running the same command, but replace “ft” (format-table) with “select” and add the parameter “Out-GridView”
Get-Mailbox -Identity mswinkels | Select Name, IssueWarningQuota, ProhibitSendQuota, ProhibitSendReceiveQuota | Out-GridView
5.) Now the results are in a separate window! Extreme usefull when you’ve have to search for a specific result or results.

25-06-2015 10-11-47    25-06-2015 10-13-47    25-06-2015 10-15-00

25-06-2015 10-16-22    25-06-2015 10-20-51    25-06-2015 10-21-12

How to: Deploy packages using collection variable with ConfigMgr 2012 R2

During a OS deployment you don’t want to deploy all your packages and software to every workstation. You can deploy the software after a full OS deployment, but you can also deploy packages during the OSD using collection variables. Now it is possible to deploy packages only if a specific machine is a member of a collection. This collection can be query based, for example OU membership or Active Directory security group, or it can be static (direct membership).

In this example I’ve created a realy simple deployment, Adobe Reader 11.0. I’ve two virtual machines, SCWIN81-01 and SCWIN81-02. Both machines are members of the collection “Deploy – Windows 8.1 Enterprise x64″, where the task sequence is deployed on. Machine SCWIN81-01 is also member of the collection “Install – Adobe Reader 11.0″. This collection has a limited collection of “Deploy – Windows 8.1 Enterprise x64″. Both machines are deployed on the same time, the only difference is that machine SCWIN81-01 has Adobe Reader 11.0 installed and machine SCWIN81-02 not. Why……based on the collection variable during the OSD :)

1.) First create the collections
2.) Make the specific machines members of the right collections (query based or direct membership)
3.) Open the properties of the collection “Install – Adobe Reader 11.0″ and navigate to the “Collection Variables” tab
4.) Add one or more variables with some values. In this example the variable is “APP-AdobeReader” with the value “Yes”
5.) Open the task sequence and add a package installation step
6.) Add the package with the program and navigate to the “Options” tab
7.) Select “Add Condition” and select “Task Sequence Variable”
8.) Enter the collection variable you’ve created earlier with the same value. In my example:
Task Sequences Variable APP-AdobeReader equals “Yes”
9.) Select “Apply” and close the task sequence.
10.) Start the OSD on both machines and wait until the installation is done!
11.) Watch the differences between both machines, if everything is okay, one machine has Adobe Reader installed and the other not.

This is an extremely powerfull thing within ConfigMgr, and really helpfull is some scenario’s. For example VDI golden image deployments or hybrid environments with laptops/desktops or multiple organizations using one ConfigMgr environment. One main reason could be consolidation in task sequences. If you want, there should be only one task sequence for all you different deployments. This is why I’m loving collection varaibles! :)

2014-12-22_15h45_33    2014-12-22_15h46_26    2014-12-22_15h46_48

2014-12-22_15h47_23    2014-12-22_15h49_46    2014-12-22_15h50_15

2014-12-22_15h50_37    2014-12-22_15h51_16    2014-12-22_15h51_58

How to: Apply Windows updates during OSD with ConfigMgr 2012 R2

During a OS deployment with ConfigMgr 2012 R2, you definitely want to apply the latest Windows updates and patches, for example with Windows Server Update Service (WSUS). You can also integrate WSUS within ConfigMgr 2012 R2, but in this example WSUS is not integrated!!

This example is also very usefull to create a fully patches golden image in ConfigMgr 2012 R2 (Build & Capture). After the task sequence you’ve a fully patches Windows 8.1 machine that you can use for example VDI environments.

1.) Fist open your task sequence
2.) Create a new computer group “Desktops” within the WSUS console (or choose another name, for exmaple: servers, laptops, etc.)
3.) Add a custom group within the task sequence
4.) Add the following steps in your task sequence
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v WUServer /t REG_SZ /d /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v WUStatusServer /t REG_SZ /d /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v TargetGroup /t REG_SZ /d “Desktops” /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /v TargetGroupEnabled /t REG_DWORD /d 1 /f
Run Command Line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU” /v UseWUServer /t REG_DWORD /d 1 /f
Run Command Line:
wuauclt.exe /resetauthorization /detectnow
5.) Don’t forget to set the name of your WSUS server and computer group in the commands above!
6.) Create a new package in ConfigMgr 2012 R2 with the following two files in it, located in the MDT 2013 deployment share directory
7.) Don’t create a program in this package, but you only have to distribute it to the distribution point(s)
8.) Add a new step “Run Command Line” to the task sequence with the following command:
cscript.exe ZTIWindowsUpdate.wsf
Select the package where the source files are located
9.) Deploy the task sequence to your client collection!

COAU_01    COAU_02    COAU_03

COAU_04    COAU_05    COAU_06

COAU_07    COAU_08    COAU_09

COAU_10    COAU_11    COAU_12

How to: Disable first sign-in animation in Windows 8.1 using ConfigMgr 2012 R2

When a user login the very first time on a Windows 8 of 8.1 machine, they will see a “animation” with some helpful tips. During this stage the userprofile is being created and prepared. While the first sign-in animation may be helpful to new users to see, but it slows down the logintimes. So let’s turn this animation off using ConfigMgr 2012 R2.

1.) Open your task sequence
2.) Add a action “Run Command Line” after Setup Windows and ConfigMgr
3.) Copy and paste the following command line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” /v EnableFirstLogonAnimation /t REG_DWORD /d 0 /f
4.) Give it the value 0 to disable and 1 to enable
5.) Deploy your task sequence to a collection of devices

FRA_01    2014-12-22_10h44_09    2014-12-22_10h44_50

How to: Add computer to security group with ConfigMgr 2012 during OSD

In some cases you’ve to add computer to a Active Directory security group. For example Direct Access laptops. In this example I’ve created a VBS script for adding a computer to an Active Directory security group during OSD in ConfigMgr 2012 R2.

1.)  Create a new package within ConfigMgr 2012 R2 without a program
2.) Distribute the new package to you distribution point(s)
3.) Copy the script “ADgroup.vbs” to the source location of your new package
4.) Add a step “Run Command Line” to your task sequence
5.) Add the command line: cscript.exe adgroup.vbs [name of your AD group]
6.) Select the package “Scripts”
7.) Select a account with enough privileges to add (new) computer object to the Active Directory
8.) Deploy your task sequence to a collection

You can download the script here. (Right-click and save…)

2014-12-12_15h53_47    2014-12-12_15h58_35    2014-12-12_15h59_14

2014-12-12_15h59_50    2014-12-12_16h42_54    2014-12-12_16h43_11

2014-12-12_16h43_34    2014-12-12_16h43_48

How to: Set Microsoft Office initials with Active Directory information using RES Workspace Manager 2014

When you’ve installed Microsoft Office in your environment, the first time the user starts one of the Office products, they receive a pop-up box for the initials. Default there are two things the user has to fill in. The username and the initials. The username is the displayname within Active Directory. The initials is the first letter of the username. But, what if you want to fill this field also with some Active Directory information, like the property Initials.

In this environment I’m using RES Workspace Manager 2014, so there’re also possibilities to set some user variables in your session. First I’ve created a new environment variable with a query to read the information from Active Directory.

1.) Open the RES Workspace Manager Console and create a new environment variable. In my example it is Initials
2.) Give the new variable the following value $adinfo(Initials) There’re some more values possible, like firstname, lastname, etc….
3.) Login to your session, in my example a Windows 8.1 VDI desktop and open the command prompt
4.) Type the command set and search for the new variable Initials. It’s the information from the Active Directory
5.) Now return to the RES Workspace Manager Console and create a new User Setting (User Registry)
6.) The values are stored in the following registrykey:
7.) Add this path in the new registry setting and create two new REG_SZ keys
UserInitials with the value %Initials%
with the value %Username%
8.) Configure the Access Control and the Workspace Container
9.) Login again into a new session and start Microsoft Office, for example Word, Excel, Outlook, PowerPoint, etc…
10.) Open the options and take a look at the user initials.

This is a realy powerfull solution to control your users initials. You can choose to apply the User Registry settings once, so the users are able to edit the initials. You can use a User Preference to store this information in a .UPR (User Preference) with RES Workspace Manager.

2014-08-12_15h40_07    2014-08-12_15h40_16    2014-08-12_15h40_47

2014-08-12_15h41_41    2014-08-12_15h43_17    2014-08-12_15h45_09