Check UserID for Differences

January 4, 2013

What prompted me to look for this solution was an error we received while trying to run –

Get-CSUser TBOLTON

I received this error –

Management object not found for identity "tbolton".
+ CategoryInfo : InvalidData: (tbolton:UserIdParameter) [Get-CsUser], ManagementException
+ FullyQualifiedErrorId : Identity,Microsoft.Rtc.Management.AD.Cmdlets.GetOcsUserCmdlet
+ PSComputerName : BigDog.ad

The issue turned out to be the Alias Setting on the General Page in Exchange.  For what ever reason the entry there was BOLTONTIM

Today I found what Get-CSUser was keying off of in AD, it was keying off of, “MailNickName”.

# Used To Check for any differences in a UserID

# Example - PS C:\>Check-UserID TBOLTON

Function Check-UserID {
param(
[parameter(Mandatory = $true)]
[String] $UID)
$User=(Get-ADUser $UID -Properties *)
$UserSAM=$User.SamAccountName
$UserName=$User.Name
$UserCN=$User.CN
$UserNickName=$User.MailNickName
# Report if there are differences
if (($UserSAM -eq $UserName) -and ($UserName -eq $UserNickName))
{
"`r`n"
Write-Host -foregroundcolor Green "The UserId"  $UID  "WAS a match"
"`r`n"
Write-Host -foregroundcolor Green "SAM Account:  " $UserSAM
Write-Host -foregroundcolor Green "User Name: -- " $UserName
Write-Host -foregroundcolor Green "CN: --------- " $UserCN
Write-Host -foregroundcolor Green "Mail ALias: - " $UserNickName
"`r`n"
} else {
"`r`n"
     Write-Host -foregroundcolor Red "The UserId"  $UID  "did NOT match"
"`r`n"
Write-Host -foregroundcolor Red "SAM Account:  " $UserSAM
Write-Host -foregroundcolor Red "User Name: -- " $UserName
Write-Host -foregroundcolor Red "CN: --------- " $UserCN
Write-Host -foregroundcolor Red "Mail ALias: - " $UserNickName
"`r`n"
    }
}

——————————————————————————–
In this example my account is intentionally set up wrong while the first account is set up correctly.
 CheckUserID
Advertisements

Enforce Plain Text Outlook 2010

January 10, 2012

There are many companies, both large and small, that would like to require their users to use Plain Text only in their Outlook 2010 Emails.  If you have attempted this you have more than likely set up the appropriate settings available in Group Policy shown below.

I even went as far to ensure this setting on the Exchange 2010 Server Side via Powershell.
Where * is the Default Domain.

Set-RemoteDomain -Identity:* -ContentType MimeText
Get-RemoteDomain -Identity:* | fl - will show the settings.
http://technet.microsoft.com/en-us/library/aa997857.aspx

After finding that the users were still able to select Format Text and change their text to both Rich Text and HTML I decided I had to dig deeper.

I found that I could manually change this feature while logging in with my account but this only affected my logon experience, not the other users.

With the New Message open click  File – Options

Click on Mail – Editor Options

Click on Customize Ribbon – Main Tabs from the drop down – Format Text – Format
Now you can remove Format and those options will no longer appear.

Notice that the Rich Text and HTML options are now gone and the default is Plain Text.

The next step was to reverse the settings placing the Format Text option back in place. Then I made a backup of the entire registry called B4.REG. I then made the changes listed above and once the settings were in place, I created another backup of the registry called Aftr.REG.
My plan was to use WINMerge to find where they change had occurred in the registry to help me find the control ID for the item that I wanted to disable via Group Policy shown below.

As you can see all I need is the Command Bar ID and I will be able to block it. There is even a link listed
http://officeredir.microsoft.com/r/rlidOffice14RibbonControlIDsO14?clid-1033

Thank You Microsoft!

But as you see this link offers no help whatso ever…  Thanks Microsoft… sigh

Working with the two REG files B4.REG and Aftr.REG showed me nothing of any use. I was not able to find a change in the registry that would show me the needed Command Bar ID’s. I also used Process Explorer and Process Monitor, but again nothing that indicated where this was located in the registry where I could manually change a setting.
After endless Google links that provided endless bad information, I came across a link for this app.

Built-in Control Scanner
You use Built-in Controls Scanner to find command bar names and built-in controls IDs.
http://www.add-in-express.com/products/commandbars-controls-ids.php

I installed this on one of my test machines and opened Outlook 2010 and started a new message then selected the Format Text tab.

I then stated the App with Outlook selected.

 THERE WAS MY ANSWER!

In Group Police I updated  –  User Configuration\Administrative Templates\Microsoft Outlook 2010\Disable Items in User Interface\Custom  I entered the Command Bar ID’s along with a description.

Enter the Command Bar ID’s here.  5564 and 5565

I ran Gpupdate /Force on the test machine and reopened Outlook 2010 and started a new email message.  As you can see, the Rich Text and HTML Text options are gone.  This will ensure that they users cannot use this option to bypass policy.

I hope this helps someone that has been trying to configure this setting.  If there is an easier way to do this please post the link here.


AD Clean up with Powershell for Beginners.

December 28, 2011

The questions and answers were developed straight from Microsoft Technet and I have included the link.

Active Directory Cmdlets in Windows PowerShell

Windows PowerShell™ is a task-based command-line shell and scripting language designed especially for system administration. This reference topic for the information technology (IT) professional introduces the 76 Windows PowerShell cmdlets that you can use to manage and administer the Active Directory® directory service and Active Directory Domain Services (AD DS).

http://technet.microsoft.com/en-us/library/ee617195.aspx

The purpose of this crossword was to hopefully introduce some reluctant Administrators to Powershell, especially those that administer Active Directory (AD).

You do not have to be a NASCAR or INDY racer to realize the benefits of being able to drive a car, so what are you waiting for when it comes to learning Powershell?  Powershell will be a mandatory requirement in the very near future, if it is not already in your area.

If you find that Powershell can (will) make your life much easier, then I would highly suggest these links to open your mind and your world to Powershell.

Mark Minasi – Mark Minasi is a senior contributing editor for Windows IT Pro, an MCSE, and the author of more than 30 books, including Mastering Windows Server 2008 R2 (Sybex). He writes and speaks around the world about Windows networking.
http://www.minasi.com/forum/default.asp

Find Users with Get-ADUser – http://www.windowsitpro.com/article/windows-power-tools/getaduser-determine-logged-141189

Read the rest of this entry »


Powershell for Beginners crossword

December 15, 2011

I put together a Powershell for Beginners crossword puzzle.  I hope you enjoy it.  I even learned a thing or two while  putting it together.  I will be working on a Clean Up AD Version, thanks to my good friend Mark Minasi, soon.

I also want to thank Jeffery Hicks and Claus Nielsen for urging me to complete this little project.

PDF can be downloaded from link below.

Powershell for Beginners


icacls – changing permissions on files and folders.

June 23, 2010

Update – Excellent Post  How to Handle NTFS Folder Permissions, Security Descriptors and ACLshttp://blogs.technet.com/b/josebda/archive/2010/11/12/how-to-handle-ntfs-folder-permissions-security-descriptors-and-acls-in-powershell.aspx

I was asked about changing permissions from the root of a drive and all sub-folders.  My immediate reaction was to use the Microsoft tool that replaced cacls – icacls.  Apparently the person that came up with the new name  “must” have just received their new iPad. <g>

I remembered a Technet article from a friend Gregg Shields – http://technet.microsoft.com/en-us/magazine/2009.07.geekofalltrades.aspx

Read the rest of this entry »


Start – Stop Service with Powershell and Ping

June 7, 2010

Ran into a request for an OCS Mediation Server that is contacting an OCS Front End Pool over a WAN link.

“We have a remote OCS Mediation server that contacts the OCS Front End Pool over a WAN link. I need that Mediation server to ping those front end servers periodically to verify that the WAN link is up. If the ping on two of the servers fails,  I need it to stop the OCS Mediation service on the mediation server until it can successfully ping the two front end server across the WAN again at which point it would then bring the Service on the Mediation server back up.”

 

With a LOT of assitance from Jeffery Hicks and Claus Thude Nielsen a simple script was created.

Read the rest of this entry »


Automate the Windows 2003 Defragmenter Without Paying Extra…

June 7, 2010

Taken from the Windows IT Pro site  —  http://www.windowsitpro.com/article/windows-shell-bat-and-cmd/automate-the-windows-2003-defragmenter-without-paying-extra.aspx

Excellent Article Daniel..!

Defragmentation is a great way to keep workstations and servers running

at their best performance. Windows Server 2003 comes with a

defragmenter: dfrgntfs.exe. However, you can’t automate this

defragmenter unless you purchase a program such as Diskeeper. I didn’t

have money for such a program in my budget, so I created and scheduled a

batch file named Defrag.bat.

As Listing 1 shows,

Listing 1: Defrag.bat

@Echo Off

defrag.exe c: -f

defrag.exe e: -f

defrag.exe f: -f

Read the rest of this entry »