Category Archives: Active Directory

Active Directory performance counters, Security System-Wide Statistics

Problem: You cannot see the counterset “Security System-Wide Statistics” with powershell when you run the command Get-Counter -ListSet “Security System-Wide Statistics” Or when you run the “Get-Counter “\Security System-Wide Statistics\Kerberos Authentications” you get “Internal performance counter API call failed. Error: c0000bb8” … Continue reading

Posted in Active Directory, Performance | Comments Off on Active Directory performance counters, Security System-Wide Statistics

Smartcard logon problems

You are able to logon to Windows but when logged on you cannot use “Run as another user” Error Message: A specified logon session does not exist. It may already have been terminated Reason: Certificates on the smart card is … Continue reading

Posted in Active Directory, PKI | Tagged , , | Comments Off on Smartcard logon problems

Hantera rättigheter på Deleted Objects i Active Directory

Om du vill hantera rättigheterna för Deleted Objects i Active Directory måste du först ta ägarskap på objektet. Med verktyget ldp.exe kan du hantera detta på ett relativt enkelt sätt. 1. För att ldp.exe ska kunna se Deleted Objects måte du först lägga … Continue reading

Posted in Active Directory | Tagged | Comments Off on Hantera rättigheter på Deleted Objects i Active Directory

Add photos to Active Directory users with Powershell

$Photo = [byte[]](Get-Content D:\Pictures\User1.jpg -Encoding byte) Set-ADUser User1 -Replace @{thumbnailPhoto=$Photo} This is a useful plugin for ADUC. http://www.dewdney.co.uk/adext/adext.zip

Posted in Active Directory | Tagged | Comments Off on Add photos to Active Directory users with Powershell

Group Policy Permission – Inconsistent permissions in SYSVOL

Problem: When you click on a policy you get: The permissions for this GPO in the SYSVOL folder are inconsistent with those in Active Directory. It is recommended that tehse permissions be consistent. To change the SYSVOL permissions to thos … Continue reading

Posted in Active Directory | Tagged , | Comments Off on Group Policy Permission – Inconsistent permissions in SYSVOL

Howto give a Domain User access to Domain Controller logs

If you try to get the Security Eventlog from a Domain Controller by using the Get-Eventlog in Powershell you get the error “Requested registry access is not allowed” In Windows 2008 and 2008 R2 there is a builtin groups called … Continue reading

Posted in Active Directory, Powershell | Comments Off on Howto give a Domain User access to Domain Controller logs

Deleting Domain Controllers in ADUC from a remote machine

Problem When you try to delete a domain controller in ADUC from a remote machine you get an error message. Active Directory Domain Services Windows cannot delete object LDAP://DomainController1.domain.com/CN=DomainController-2,OU=Domain Controllers,DC=domain,DC=com because: The specified module could not be found. Soloution Log on to a domain controller … Continue reading

Posted in Active Directory | Tagged , | Comments Off on Deleting Domain Controllers in ADUC from a remote machine

Delegate permission to set Kerberos Constrained Delegation in Active Directory

Problem: You try to enable Kerberos Constrained Delegation with a non admin account but you have Full Access over the object. i.e. George has been given Full Access in Active Directory over the OU “Servers”. When he tries to change settings … Continue reading

Posted in Active Directory | Tagged , | Comments Off on Delegate permission to set Kerberos Constrained Delegation in Active Directory

Restore objects in Active Directory using Recycle Bin and Powershell

To see the Deleted Objects container you must run the command as Domain Administrator. This is one of many examples how to restore an object from Recycle Bin using Powershell Get-ADObject -SearchBase ‘CN=Deleted Objects,DC=domain,DC=com’ -Filter {name -like ‘*Test*’ } -IncludeDeletedObjects … Continue reading

Posted in Active Directory, Powershell | Tagged , , | Comments Off on Restore objects in Active Directory using Recycle Bin and Powershell

How to see who is logged on locally in Windows

Sometimes you want’s to see who is logged into Windows on a remote computer. There are several ways to do this. None of these methods will notify the logged on user in any way. If you are using Windows XP … Continue reading

Posted in Active Directory, Windows | Tagged , | Comments Off on How to see who is logged on locally in Windows