Category: Active Directory

How to: Disable first sign-in animation in Windows 8.1 using ConfigMgr 2012 R2

When a user login the very first time on a Windows 8 of 8.1 machine, they will see a “animation” with some helpful tips. During this stage the userprofile is being created and prepared. While the first sign-in animation may be helpful to new users to see, but it slows down the logintimes. So let’s turn this animation off using ConfigMgr 2012 R2.

1.) Open your task sequence
2.) Add a action “Run Command Line” after Setup Windows and ConfigMgr
3.) Copy and paste the following command line:
reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” /v EnableFirstLogonAnimation /t REG_DWORD /d 0 /f
4.) Give it the value 0 to disable and 1 to enable
5.) Deploy your task sequence to a collection of devices

FRA_01    2014-12-22_10h44_09    2014-12-22_10h44_50

How to: Add computer to security group with ConfigMgr 2012 during OSD

In some cases you’ve to add computer to a Active Directory security group. For example Direct Access laptops. In this example I’ve created a VBS script for adding a computer to an Active Directory security group during OSD in ConfigMgr 2012 R2.

1.)  Create a new package within ConfigMgr 2012 R2 without a program
2.) Distribute the new package to you distribution point(s)
3.) Copy the script “ADgroup.vbs” to the source location of your new package
4.) Add a step “Run Command Line” to your task sequence
5.) Add the command line: cscript.exe adgroup.vbs [name of your AD group]
6.) Select the package “Scripts”
7.) Select a account with enough privileges to add (new) computer object to the Active Directory
8.) Deploy your task sequence to a collection

You can download the script here. (Right-click and save…)

2014-12-12_15h53_47    2014-12-12_15h58_35    2014-12-12_15h59_14

2014-12-12_15h59_50    2014-12-12_16h42_54    2014-12-12_16h43_11

2014-12-12_16h43_34    2014-12-12_16h43_48

How to: Set Microsoft Office initials with Active Directory information using RES Workspace Manager 2014

When you’ve installed Microsoft Office in your environment, the first time the user starts one of the Office products, they receive a pop-up box for the initials. Default there are two things the user has to fill in. The username and the initials. The username is the displayname within Active Directory. The initials is the first letter of the username. But, what if you want to fill this field also with some Active Directory information, like the property Initials.

In this environment I’m using RES Workspace Manager 2014, so there’re also possibilities to set some user variables in your session. First I’ve created a new environment variable with a query to read the information from Active Directory.

1.) Open the RES Workspace Manager Console and create a new environment variable. In my example it is Initials
2.) Give the new variable the following value $adinfo(Initials) There’re some more values possible, like firstname, lastname, etc….
3.) Login to your session, in my example a Windows 8.1 VDI desktop and open the command prompt
4.) Type the command set and search for the new variable Initials. It’s the information from the Active Directory
5.) Now return to the RES Workspace Manager Console and create a new User Setting (User Registry)
6.) The values are stored in the following registrykey:
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Userinfo
7.) Add this path in the new registry setting and create two new REG_SZ keys
UserInitials with the value %Initials%
Username with the value %Username%
8.) Configure the Access Control and the Workspace Container
9.) Login again into a new session and start Microsoft Office, for example Word, Excel, Outlook, PowerPoint, etc…
10.) Open the options and take a look at the user initials.

This is a realy powerfull solution to control your users initials. You can choose to apply the User Registry settings once, so the users are able to edit the initials. You can use a User Preference to store this information in a .UPR (User Preference) with RES Workspace Manager.

2014-08-12_15h40_07    2014-08-12_15h40_16    2014-08-12_15h40_47

2014-08-12_15h41_41    2014-08-12_15h43_17    2014-08-12_15h45_09

2014-08-12_15h45_25

How to: Configure a “Boot to desktop” group policy for Windows 8.1

New in Windows 8.1 is the “Boot to Desktop” feature, where the user can choose not to boot to the Windows Tiles, but directly to the desktop! That’s a really nice feature if you ask me! How can we centrally configure and manage these feature for all my users or just a group of users? Exactly, through a group policy with User Preferences. It’s a user settings, so you could also use RES Workspace Manager for example.

1.) Navigate to your Group Policy Management Console
2.) Create a new Group Policy and disable the Computer Settings
3.) Open the policy and navigate to User Configuration / Preferences / Windows Settings / Registry
4.) Create a new Registry Item
5.)  Choose for Hive “HKEY_CURRENT_USER” and Navigate in the Key Path to:
Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage
6.) The Value name is “OpenAtLogon
6.) Choose the Value type “REG_DWORD
7) The Value data is:
Boots to Desktop = “0”
Boots to Start Menu = “1”
8.) Attach the group policy to a organizational unit(s) and login to your Windows 8.1 machine!

2014-04-16_10h33_44    2014-04-16_10h33_55    2014-04-16_10h35_15

2014-04-16_10h44_40    2014-04-16_10h44_50    2014-04-16_10h45_18

2014-04-16_10h45_31    2014-04-16_10h46_12    2014-04-16_10h46_33

2014-04-16_10h47_03    2014-04-16_10h52_42

Released: Exchange Server 2013 RTM Cumulative Update 1

Yesterday, the Microsoft Exchange Team has released Cumulative Update 1 for Exchange 2013 RTM. CU1 is the minimum version of Exchange 2013 required for on-premises coexistence with supported legacy Exchange Server versions. The final build number for CU1 is 15.0.620.29.

This is the Exchange 2013 product level required for co-existence with previous versions of Exchange, being Exchange Server 2010 SP3 or Exchange Server 2007 SP3 Rollup 10.

The Exchange Team provided a description of the major changes in CU1. You will find the announcement here;
Here are some of the major changes in CU1:

  • Includes Address Book Policy Routing Agent (info);
  • Allows group memberships to be managed by groups (again, as it was possible in Exchange 2007 but not in );
  • Access to Public Folders you have added as favorites via your favorites menu either in Outlook or Outlook Web App (still no regular Public Folder tree access though);
  • EAC has been enhanced and now includes Unified Messaging management and migration options;
  • Many probes, monitors, and responders have been updated and improved over the RTM release;
  • Get-HealthReport cmdlet has been streamlined and its performance has been optimized;
  • Supports the Exchange Server 2013 Management Pack for SCOM 2007 R2 and SCOM 2012 (due at a later date);
  • High Availability changes

You can download Cumulative Update 1 for Exchange 2013 here.

Be aware, this update requires some preparation first. So be carefull and read the release notes before hitting the install button 😉

Z-Hire Active Directory, Exchange, Lync User Creation Tool

Z-Hire automates the IT account creation process for Exchange mailbox, Active Directory, Lync accounts, Office 365 cloud and SalesForce cloud deployments. With just a click of the button, your Exchange mailbox, and Active directory user and Lync accounts will be created simultaneousy. This tool can also create and set custom settings for Office 365 accounts using templates. Z-Hire serves as the platform for new hire accounts by allowing auto-creation of major IT user accounts with the option for custom scripts. Z-hire will increase your new hire user account deployment time by 600%, without the need for complicated and expensive identity management solutions. This tool makes creating Active Directory users a breeze. Some of the features include:

– Environment Auto detection (AD/Exchange/Lync/Office 365/SalesForce)
– Copy existing Active Directory User to Z-Hire Template (new in version 4.8.1)
– Support for Active Directory user, Exchange Mailbox, Lync 2010, Office 365 user and SalesForce user accounts
– Template based deployment (allows consistency for all user accounts)
– Office 365 account creation with major attributes
– Active Directory user account creation with major attributes
– Active Directory group selection
– Active Directory user duplicate SamAccountName verification
– Lync 2010 account creation supporting all policies
– SalesForce user creation support all major attributes
– Faster performance (compared to previous version)
– Best of all, this AD User Creation Tool is free!

System Requirements
– Windows 7 X64 w/ .NET 3.5 (Domain Joined)
– Windows Server 2008 X64  w/ .NET 3.5 (Domain Joined)
– Windows Server 2008 R2 X64  w/ .NET 3.5 (Domain Joined)

Permission Requirements
– Ability to create Active Directory user
– Ability to create Exchange Mailbox
– Ability to create / enable Lync user

Supported Environments
– Active Directory (all versions)
– Exchange 2007 (all versions)
– Exchange 2010 (all versions)
– Lync 2010 (both Standard and Enterprise versions)
– Office 365 Cloud
– SalesForce CRM Cloud

Download Z-Hire tool on Microsoft Gallery

Server Posterpedia v2 available in the Windows Store!

Yesterday, Microsoft has released the new version of the Posterpedia App. This is very nice app, available in the Windows store. Server Posterpedia is an interactive app that uses technical posters as a reference for  understanding Microsoft technologies.

There are posters available for Microsoft Hyper-V, Exchange, Server 2008, SharePoint, Windows Azure, SQL, etc.

You can download the app using the following URL: http://blogs.technet.com/b/windowsserver/archive/2012/11/20/server-posterpedia-v2-available-in-the-windows-store.aspx or in the App Store!

       

How to: Windows 2012 Server deploy remote domain controllers using Server Manager – part II of II

A few weeks ago I’ve posted an article about how to remotely Install a domain controller within Windows 2012 Server using the Server Manager.

How to: Windows 2012 Server Deploy remote domain controllers using Server Manager – Part I of II

Since Windows 2012 Server, creating a new domain controller is much eassier then ever before. There is another option to create a new domain controller….Yes, using Windows PowerShell!!

As you can see in part I of the post, there are two domain controllers. I have installed a clean Windows 2012 Server within my labenvironment, called Server2.

1.) Logon to Server1 with the Administrator account
2.) Open Windows PowerShell
3.) Type the following command:
Install-WindowsFeature -Name AD-Domain-Services -ComputerName Server2
4.) After the Windows feature is installed succesfully, type the following command:
Invoke-Command –ComputerName Server2 –ScriptBlock {Import-Module ADDSDeployment;Install-ADDSDomainController –NoGlobalCatalog:$False –CreateDNSDelegation:$False –Credential (Get-Credential) –CriticalReplicationOnly:$False –DatabasePath “C:\Windows\NTDS” –DomainName “Contoso.com” –InstallDNS:$True –LogPath “C:\Windows\NTDS” –NoRebootOnCompletion:$False –SiteName “Default-First-Site-Name” –SysVolPath “C:\Windows\SysVol” }
When prompted for credentials, enter the username and password of your domain administrator account!

In my labenvironment, I have used the following parameters:
-ComputerName, this is the name of the new domain controller
-NoGlobalCatalog:$False, the new domain controller becomes also an Global Catalog Server
-CreateNDSDelegation:$False, there are no ohter DNS servers available for DNS delegation
-Creadential(Get-Credential), before executing the command, there will be an popup asking your admin crerdentials
-CriticalReplicationOnly:$False, this entry specifies whether the installation operation performs only important replication before a restart and then skips the noncritical and potentially lengthy part of replication. The noncritical replication occurs after the role installation is complete, and the computer restarts
-Databasepath, the location of the ADDS database (NTDS.DIT)
-DomainName, specifies the fully qualified domain name of your domain
-InstallDNS:$True, the new domain controllers becomes also an DNS server
-LogPath, this is the path of the fully qualified, non-UNC directory on a hard disk on the local computer that will  host the AD DS log files.
-NoRebootOnCompletion:$False, there will be no reboot at the end of the installation
-SiteName, this is the name of your Active Directory site where the new domain controller becomes a member of
-SysVolPath, this folder contains all content replicated to the other domain controller (NETLOGON and SYSVOL directories)
5.) After executing the commands above, and the installation has finished, the new domain controller becomes vissible in your Active Directory environment
6.) All you have to do now is waiting for the next Active Directory replication, so all your domain controllers are synchronized