Calendar

December 2008
M T W T F S S
« Aug    
1234567
891011121314
15161718192021
22232425262728
293031  

Subscribe

  • Subscribe via Feedburner
  • Subscribe in Yahoo
  • Subscribe in NewsGator Online
  • Add to Newsburst from CNET News.com
  • Add to Google
  • Add to My AOL
  • Add to netvibes
  • Subscribe in Bloglines

Archive for the 'Active Directory' Category

PowerShell Toolbox

Published by ryangl September 2nd, 2007 in Active Directory, Downloads, Group Policy, Powershell, Releases, Tools, Windows Server 2003 and Windows Server 2008. Comments

Adam Bell has a detailed, growing list of PowerShell tools that are currently available.  Bookmark the page as new tools are added when available.

Here is a sample:

/N Software NetCmdlets
- a broad range of network management and messaging capabilities. The current release contains more than 30 Cmdlets providing access to network and host protocols such as SNMP, LDAP, DNS, Syslog, HTTP, WebDav, FTP, SMTP, POP, IMAP, Rexec/RShell, Telnet, and more. This is a commercial product.

Codeplex PoshConsole
- utilises WPF features to improve on the PS shell. This tool aims to be a more modern replacement for the default shell. This is an open source product.

Codeplex PowerShell Community Extensions
- working towards providing widely useful set of additional cmdlets, providers, aliases, filters, functions and scripts for PowerShell. This is an open source product.

Codeplex PSEventing
- Trap and respond to synchronous & asynchronous .NET events within your powershell scripts with an easy to use suite of cmdlets. This is an open source product.

Microsoft PowerShell SDK
- The Windows PowerShell SDK is written for command developers who require reference information about the APIs provided by Windows PowerShell. This is a free download from MSDN.

PowerGadgets
- data visualization product that creates gadgets for displaying output from your PS data in Windows. Very simple to create. This is a commercial product.

PowerLocker PowerPad
- a small editor to develop and test your function or script. This is a free product.

Quest ActiveRoles Management Shell for AD (aka Quest AD Cmdlets)
- perform administrative tasks like discovering the AD environment, changing user properties, modifying group membership, provisioning new user accounts, and performing multiple other tasks within Active Directory. This is a free product.

Quest PowerGUI
- an extensible graphical administrative console for managing systems based on Windows PowerShell. This is a free product.

SAPIEN PrimalScript 2007
- fully-customizable user interface with multiple tabs, dockable pane, IDE for use with PowerShell and other scripting languages. This is a commercial product.

You can view the entire list here

Lead, Follow, or Move » PowerShell Toolbox

Using group Policy to Configure Citrix Client Settings

Published by ryangl September 2nd, 2007 in Active Directory, Citrix, Group Policy and Guides. Comments

It has always been relatively easy to install/distribute Citrix ICA clients to workstations in the past. This can be done via Citrix Web Interface, the Citrix Automatic Client Update Utility, or even Active Directory. One of the challenges though is how to modify/maintain a client’s settings from a central location once deployed. Fortunately, Citrix has created a Active Directory Group Policy Template called icaclient.adm. This Group Policy Template and be downloaded from the following URL: http://support.citrix.com/article/CTX112957&se…125116. This template allows you to control 23 Citrix-specific rules. Among the things available in this template are:

  • Trusted Server Configuration
  • Session Reliability
  • ICA Client Proxy settings
  • Kerberos Authentication
  • Smart Card Authentication
  • Remote client device access such as drive mappings, printer, microphone, clipboard, etc.
  • User experience settings such as audio, display, graphics, etc.

Sources:

How to Configure Version 10.x of the Presentation Server Client Using the Icaclient.adm Template

How to Configure Single Sign-on for Web Interface Using Version 10.x of the Presentation Server Client

How to Configure the Trusted Server Configuration Rule

Jason Conger Blog » Blog Archive » Using group Policy to Configure Citrix Client Settings

Group Policy ADMX Syntax Reference Guide

Published by ryangl September 2nd, 2007 in Active Directory, Group Policy and Guides. Comments

This reference guide provides information for creating and editing custom ADMX files. These XML-based files allow the administrator to create a user interface in the Group Policy Object Editor and Group Policy Management Console to display Group Policy settings.

After you have become familiar with ADMX files and the ADMX format, you can then use the ADMX syntax section as technical reference. This section provides an alphabetical reference that lists all ADMX elements and attributes used when creating an .admx file and an .adml file.

To download the above Microsoft Group Policy white paper please refer to the following page, ADMX Syntax Reference.

Release: Microsoft Group Policy Diagnostic Best Practice Analyzer

Published by ryangl September 2nd, 2007 in Active Directory, Group Policy, Releases and Windows Server 2003. Comments

Microsoft has released a free tool to analyze Group Policy best practices analyzer. The Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA) is designed to help you identify Group Policy configuration errors that may prevent policy settings from being applied as expected or may prevent features from functioning as expected.

The tool can provide:

  •  Audit of Policy settings that are not being applied as expected.
  • A feature is not functioning as expected. (For example, a mapped drive is not visible on client computers.)
  • A computer has:
  • Stopped responding during logon or startup.
  • Restarted during logon or startup.
  • Experienced delays during logon or startup.

The tools will also help determine if:

  • Policy settings are configured in a way that poses a security risk.
  • Necessary services are running.
  • You are connecting over a slow link.
  • Loopback mode is in effect.

Using the GPDBPA, you can:

  • Scan the Group Policy configuration on either a client computer (managed node) or domain controller
  • View a report of potential issues
  • Schedule a scan to run at a future time, or schedule scans to run on a recurring basis.

Click to download the appropriate version of the Group Policy Diagnostic Best Practice Analyzer:

· Group Policy Diagnostic Best Practice Analyzer for Windows XP

· Group Policy Diagnostic Best Practice Analyzer for Windows XP x64 Edition

· Group Policy Diagnostic Best Practice Analyzer for Windows Server 2003

· Group Policy Diagnostic Best Practice Analyzer for Windows Server 2003 x64 Edition

Allowing scripts to be run via PowerShell

Published by ryangl August 16th, 2007 in Active Directory, Downloads, Management, Powershell and Tools. Comments

Running scripts via Powershell is disable by default.  There is a key to note that you can run commands or cmdlets from the PowerShell console, just not scripts.  To enable this feature you can do one of two things, however one trumps the other:

Via PowerShell

Modify your ExecutionPolicy via the Set-Execution cmdlet

First run Get-ExecutionPolicy to see what level you are at.  By default, this setting is set to Restricted. 

To see what settings are available for you to set, you can type

Get-Help Set-ExecutionPolicy

This output shows that we have four options:  Restricted, AllSigned, RemoteSigned, and Unrestricted.

To set your ExecutionPolicy to Unrestricted (not recommended for production) you would enter:

Set-ExecutionPolicy Unrestricted

To validate you settings after running the Set-ExecutionPolicy, run:

Get-ExecutionPolicy

From the command above, your ExecutionPolicy is now set to Unrestricted.  You can now run any scripts you like, signed or unsigned. (Bet your administrator is happy to hear that!)

Now for the other method for setting this policy

Via Group Policy

Seeing how the first method would be a nightmare to manage, Microsoft has released the ADM files for PowerShell that allow you to configure this setting via Group Policy.  Any settings made via Group Policy will overwrite those set manually via the PowerShell Console. 

powershellADM 

You can download the PowerShell ADM here

Active Directory Account Management using PowerShell

Published by ryangl August 14th, 2007 in Active Directory, Management, Powershell, Windows Server 2003 and Windows Server 2008. Comments

 PowerShell and the Quest Active Directory cmdlets are a dream come true for any AD Administrator.  Methods that used to take more complicated means are now simple one-liners.  

One of the nice improvements of AD cmdlets 1.0.4 is the way you can get enable, disable, and unlock AD user accounts with simple one-liners.

Here are a few oneliners demonstrating the new functionality:

#Get all disabled accounts
Get-QADUser -Disabled $true

#Get all locked accounts in the accounting department
Get-QADUser -Locked $true -Department Accounting

#Enable all the disabled accounts
Get-QADUser -Disabled $true | Enable-QADUser

#Unlock a specific user account
Unlock-QADUser DSotnikov

Dmitry’s PowerBlog: PowerShell and beyond

Download details: Windows PowerShell Graphical Help File

Published by ryangl July 21st, 2007 in Active Directory, Powershell, Windows Server 2003 and Windows Server 2008. Comments

get-help-big

The PowerShell help section, located is not the friendliest doc to review when you need to run a script using PowerShell.   Luckily, Microsoft released the Graphical chm file that is both easy to use and practical

gui-help-big

Download this utility / help file here

View the Windows PowerShell 1.0 help (including cmdlet help and the About topics) in a fully-searchable, graphical format (a standard Windows .chm file). Also included in the help file is the VBScript to Windows PowerShell Conversion Guide.

Download details: Windows PowerShell Graphical Help File

Active Directory Explorer v1.0

Published by ryangl July 21st, 2007 in Active Directory, Management and Tools. Comments

adexplorer

Microsoft has released AD Explorer, a complementary tool to everyone’s favorite ADSI Edit.  Think of AD Explorer as ADSI Edit with improved navigation and the ability snapshot your AD database.

You can download Active Directory Explorer here

Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object’s schema, and execute sophisticated searches that you can save and re-execute.

AD Explorer also includes the ability to save snapshots of an AD database for off-line viewing and comparisons. When you load a saved snapshot, you can navigate and explorer it as you would a live database. If you have two snapshots of an AD database you can use AD Explorer’s comparison functionality to see what objects, attributes and security permissions changed between them.

AD Explorer works on Windows 2000 and higher.

Active Directory Explorer v1.0

Complete Linux-AD Authentication Details

Published by ryangl July 21st, 2007 in Active Directory, Guides, Linux, Schema and Windows Server 2003. Comments

Scott Lowe has published a very thourough process detailing the steps required for Active Directory authentication for Linux.   

Complete Linux-AD Authentication Details » blog.scottlowe.org

Books

PowerShell

Other PowerShell Books
Server 2003 & Server 2008

Other Microsoft Books