Posts Tagged ‘Active Directory’

How to: Add computer to security group with ConfigMgr 2012 during OSD

In some cases you’ve to add computer to a Active Directory security group. For example Direct Access laptops. In this example I’ve created a VBS script for adding a computer to an Active Directory security group during OSD in ConfigMgr 2012 R2.

1.)  Create a new package within ConfigMgr 2012 R2 without a program
2.) Distribute the new package to you distribution point(s)
3.) Copy the script “ADgroup.vbs” to the source location of your new package
4.) Add a step “Run Command Line” to your task sequence
5.) Add the command line: cscript.exe adgroup.vbs [name of your AD group]
6.) Select the package “Scripts”
7.) Select a account with enough privileges to add (new) computer object to the Active Directory
8.) Deploy your task sequence to a collection

You can download the script here. (Right-click and save…)

2014-12-12_15h53_47    2014-12-12_15h58_35    2014-12-12_15h59_14

2014-12-12_15h59_50    2014-12-12_16h42_54    2014-12-12_16h43_11

2014-12-12_16h43_34    2014-12-12_16h43_48

How to: Set Microsoft Office initials with Active Directory information using RES Workspace Manager 2014

When you’ve installed Microsoft Office in your environment, the first time the user starts one of the Office products, they receive a pop-up box for the initials. Default there are two things the user has to fill in. The username and the initials. The username is the displayname within Active Directory. The initials is the first letter of the username. But, what if you want to fill this field also with some Active Directory information, like the property Initials.

In this environment I’m using RES Workspace Manager 2014, so there’re also possibilities to set some user variables in your session. First I’ve created a new environment variable with a query to read the information from Active Directory.

1.) Open the RES Workspace Manager Console and create a new environment variable. In my example it is Initials
2.) Give the new variable the following value $adinfo(Initials) There’re some more values possible, like firstname, lastname, etc….
3.) Login to your session, in my example a Windows 8.1 VDI desktop and open the command prompt
4.) Type the command set and search for the new variable Initials. It’s the information from the Active Directory
5.) Now return to the RES Workspace Manager Console and create a new User Setting (User Registry)
6.) The values are stored in the following registrykey:
7.) Add this path in the new registry setting and create two new REG_SZ keys
UserInitials with the value %Initials%
with the value %Username%
8.) Configure the Access Control and the Workspace Container
9.) Login again into a new session and start Microsoft Office, for example Word, Excel, Outlook, PowerPoint, etc…
10.) Open the options and take a look at the user initials.

This is a realy powerfull solution to control your users initials. You can choose to apply the User Registry settings once, so the users are able to edit the initials. You can use a User Preference to store this information in a .UPR (User Preference) with RES Workspace Manager.

2014-08-12_15h40_07    2014-08-12_15h40_16    2014-08-12_15h40_47

2014-08-12_15h41_41    2014-08-12_15h43_17    2014-08-12_15h45_09


Released: Exchange Server 2013 RTM Cumulative Update 1

Yesterday, the Microsoft Exchange Team has released Cumulative Update 1 for Exchange 2013 RTM. CU1 is the minimum version of Exchange 2013 required for on-premises coexistence with supported legacy Exchange Server versions. The final build number for CU1 is 15.0.620.29.

This is the Exchange 2013 product level required for co-existence with previous versions of Exchange, being Exchange Server 2010 SP3 or Exchange Server 2007 SP3 Rollup 10.

The Exchange Team provided a description of the major changes in CU1. You will find the announcement here;
Here are some of the major changes in CU1:

  • Includes Address Book Policy Routing Agent (info);
  • Allows group memberships to be managed by groups (again, as it was possible in Exchange 2007 but not in );
  • Access to Public Folders you have added as favorites via your favorites menu either in Outlook or Outlook Web App (still no regular Public Folder tree access though);
  • EAC has been enhanced and now includes Unified Messaging management and migration options;
  • Many probes, monitors, and responders have been updated and improved over the RTM release;
  • Get-HealthReport cmdlet has been streamlined and its performance has been optimized;
  • Supports the Exchange Server 2013 Management Pack for SCOM 2007 R2 and SCOM 2012 (due at a later date);
  • High Availability changes

You can download Cumulative Update 1 for Exchange 2013 here.

Be aware, this update requires some preparation first. So be carefull and read the release notes before hitting the install button ;)

Z-Hire Active Directory, Exchange, Lync User Creation Tool

Z-Hire automates the IT account creation process for Exchange mailbox, Active Directory, Lync accounts, Office 365 cloud and SalesForce cloud deployments. With just a click of the button, your Exchange mailbox, and Active directory user and Lync accounts will be created simultaneousy. This tool can also create and set custom settings for Office 365 accounts using templates. Z-Hire serves as the platform for new hire accounts by allowing auto-creation of major IT user accounts with the option for custom scripts. Z-hire will increase your new hire user account deployment time by 600%, without the need for complicated and expensive identity management solutions. This tool makes creating Active Directory users a breeze. Some of the features include:

- Environment Auto detection (AD/Exchange/Lync/Office 365/SalesForce)
- Copy existing Active Directory User to Z-Hire Template (new in version 4.8.1)
- Support for Active Directory user, Exchange Mailbox, Lync 2010, Office 365 user and SalesForce user accounts
- Template based deployment (allows consistency for all user accounts)
- Office 365 account creation with major attributes
- Active Directory user account creation with major attributes
- Active Directory group selection
- Active Directory user duplicate SamAccountName verification
- Lync 2010 account creation supporting all policies
- SalesForce user creation support all major attributes
- Faster performance (compared to previous version)
- Best of all, this AD User Creation Tool is free!

System Requirements
- Windows 7 X64 w/ .NET 3.5 (Domain Joined)
- Windows Server 2008 X64  w/ .NET 3.5 (Domain Joined)
- Windows Server 2008 R2 X64  w/ .NET 3.5 (Domain Joined)

Permission Requirements
- Ability to create Active Directory user
- Ability to create Exchange Mailbox
- Ability to create / enable Lync user

Supported Environments
- Active Directory (all versions)
- Exchange 2007 (all versions)
- Exchange 2010 (all versions)
- Lync 2010 (both Standard and Enterprise versions)
- Office 365 Cloud
- SalesForce CRM Cloud

Download Z-Hire tool on Microsoft Gallery

How to: Windows 2012 Server deploy remote domain controllers using Server Manager – part II of II

A few weeks ago I’ve posted an article about how to remotely Install a domain controller within Windows 2012 Server using the Server Manager.

How to: Windows 2012 Server Deploy remote domain controllers using Server Manager – Part I of II

Since Windows 2012 Server, creating a new domain controller is much eassier then ever before. There is another option to create a new domain controller….Yes, using Windows PowerShell!!

As you can see in part I of the post, there are two domain controllers. I have installed a clean Windows 2012 Server within my labenvironment, called Server2.

1.) Logon to Server1 with the Administrator account
2.) Open Windows PowerShell
3.) Type the following command:
Install-WindowsFeature -Name AD-Domain-Services -ComputerName Server2
4.) After the Windows feature is installed succesfully, type the following command:
Invoke-Command –ComputerName Server2 –ScriptBlock {Import-Module ADDSDeployment;Install-ADDSDomainController –NoGlobalCatalog:$False –CreateDNSDelegation:$False –Credential (Get-Credential) –CriticalReplicationOnly:$False –DatabasePath “C:\Windows\NTDS” –DomainName “” –InstallDNS:$True –LogPath “C:\Windows\NTDS” –NoRebootOnCompletion:$False –SiteName “Default-First-Site-Name” –SysVolPath “C:\Windows\SysVol” }
When prompted for credentials, enter the username and password of your domain administrator account!

In my labenvironment, I have used the following parameters:
-ComputerName, this is the name of the new domain controller
-NoGlobalCatalog:$False, the new domain controller becomes also an Global Catalog Server
-CreateNDSDelegation:$False, there are no ohter DNS servers available for DNS delegation
-Creadential(Get-Credential), before executing the command, there will be an popup asking your admin crerdentials
-CriticalReplicationOnly:$False, this entry specifies whether the installation operation performs only important replication before a restart and then skips the noncritical and potentially lengthy part of replication. The noncritical replication occurs after the role installation is complete, and the computer restarts
-Databasepath, the location of the ADDS database (NTDS.DIT)
-DomainName, specifies the fully qualified domain name of your domain
-InstallDNS:$True, the new domain controllers becomes also an DNS server
-LogPath, this is the path of the fully qualified, non-UNC directory on a hard disk on the local computer that will  host the AD DS log files.
-NoRebootOnCompletion:$False, there will be no reboot at the end of the installation
-SiteName, this is the name of your Active Directory site where the new domain controller becomes a member of
-SysVolPath, this folder contains all content replicated to the other domain controller (NETLOGON and SYSVOL directories)
5.) After executing the commands above, and the installation has finished, the new domain controller becomes vissible in your Active Directory environment
6.) All you have to do now is waiting for the next Active Directory replication, so all your domain controllers are synchronized





How to: Windows 2012 Server deploy remote domain controllers using Server Manager – part I of II

A great new feature whitin Windows 2012 Server is the possibility to manage servers remote through the Windows Server Manager. In part one of this blogpost, I’m going to deploy a new domain controller to my existing domain in my lab environment through the GUI. In part two of the blogpost, I’m going to deploy again a new domain controller. But now I’m going to use Microsoft Powershell.

I already installed two clean Windows 2012 Servers with the right IP configuration. The servers are added to the Windows Server Manager within my first domain controller, so we’ve the possibility to manage this servers! As you can see, in the begin there’s only one domain controller available.

1.) Login to the existing domain controller of your domain
2.) Open the Server Manager
3.) Navigate to All Servers
4.) Select server SERVER1
5.) Select Manager – Add Roles and Features
6.) Click Next
7.) Select Role-based or feature-based installation
8.) Select server SERVER1
9.) Select server role Active Directory Domain Services and click Next
10.) Click Add Features to install the right Windows features to manage your Active Directory environment
11.) In the confirmation screen, click Install
This will install the server role and features only, not configuring!
12.) After the installation succeeded succesfully, click the red flag on top of the screen
13.) Navigate to Post-deployment Configuration and click Promote this server to a domain controller
14.) Supply the right credentials and click Next
15.) Type the Directory Service Restore Mode (DSRM) password and click Next
16.) In the review screen, you can save the Powershell script to perform this actions automatically the next time.
17.) After the configuration is finished, you’ll see the new domain controller within:
Active Directory Users and Computers
Active Directory Sites and Services








How to: Install a domain controller in Windows Server 2012

Now the Release Candidate version of Windows Server 2012 is available, I’ve setup a new testlab to play with this new version of Windows. A few posts ago you’ve seen the installation of Windows Server 2012. Now we’re going to prepare this server to become a domain controller. The simple command “DCPROMO” don’t work anymore, so we’ve to do some additional actions.

1.) Open the Server Manager and select Add roles and features
2.) Select Role-based or features-based installation
3.) Select the right server, in my example W2012 (
4.) Select the roles Active Directory Domian Services and DNS Server
5.) Select the features Group Policiy Management and DNS Server Tools
6.) After the installation of this roles and features, there’s a notification within the Server Manager Dashboard
7.) Select Promote this server to a domain controller. A Deployment Configuration Wizard starts
8.) Select Add a new forest and fill in the Root domain name. In my example TESTLAB.LOCAL
9.) Both Forest and Domain functional level are Windows Server 2012 Release Candidate
10.) If the domain controller is also an DNS Server, check the Domain Name System (DNS) server
11.) The domain controllers becomes also an Global Catalog (GC)
12.) You could choose to install an Read only domain controller (RODC)
13.) Fill in the NetBIOS name of the new domain. In my example TESTLAB
14.) Specify the location of the AD DS database, log files, and SYSVOL directory. Default it will be
C:\Windows\NTDS and C:\Windows\SYSVOL
15.) After all configuration, there’s a last prerequisites check. After this step, you can hit Install
16.) The server will reboot and the new Domain Controller is ready to use.

You can script all the steps above with powershell. You can use the following script.

# Windows PowerShell script for AD DS Deployment

Import-Module ADDSDeployment Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath “C:\Windows\NTDS” -DomainMode "Win2012" -DomainName “TESTLAB.LOCAL” -DomainNetbiosName "TESTLAB" -ForestMode “Win2012″ -InstallDns:$true -LogPath “C:\Windows\NTDS” -NoRebootOnCompletion:$false -SysvolPath “C:\Windows\SYSVOL” ` -Force:$true