All posts by albajock1816

CMD Tip: Open an elevated command prompt from a standard command prompt

powershell -Command “Start-Process cmd -Verb RunAs”

Advertisements

Add Network Shares to Windows 10 library

The Scenario

I have a Windows library on my domain-joined Windows 10 client created for Sales related folders – the library is called Sales. Currently I have added a few local directories on my C drive to it, but now I want to add a network share \\fileserver1\sales

The Problem

Natively you cannot add network shares to Libraries, ONLY local directories.

The Solution

You use the MKLINK command to create a symbolic link to an empty local folder that is already added to the Library

  1. Create a local, empty folder with the name you want to view in the library pane, like Sales. i.e. C:\Sales
  2. Add this local folder to your Sales library
  3. Delete C:\Sales – You’ll notice the link is not removed from the library itself
  4. Open an elevated command prompt and create a symbolic link between the network share and the now-deleted local C:\Sales directory: mklink /D C:\Sales \\fileserver1\sales
  5. Return to the Library pane and expand the Sales library, all the content from \\fileserver1\sales will now be visible.

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Enable SID History for Active Directory Forest Trusts

The Scenario

I am the System Administrator for a company Myretoun Inc which has the domain myretoun.local. Myretoun Inc have just purchased a rival company Dumyat Ltd. Their domain is dumyat.local. I have been tasked with migrating all Dumyat users over to the Myretoun domain.

Having created the Forest Trust between myretoun.local and dumyat.local I’ve started migrating users from dumyat.local to myretoun.local using Microsoft’s Active Directory Migration Tool (ADMT). As part of the migration process I have migrated SID History along with the users and the groups they are members of.

The problem

Now the Dumyat users are members of myretoun.local they need to be able to access shares that still reside on servers on the dumyat.local domain. I need to be able accomplish this using the existing dumyat.local domain security groups and thus the sidHistory attribute of the migrated user and groups.

The Solution

There are two NETDOM commands needed to be run, one on each side of the Forest Trust.

Disable SID Filtering

By default Windows filters (blocks) the sidHistory attribute from traversing the trust from myretoun.local to dumyat.local. To allow it to traverse the trust you must disable SID Filtering from the the domain where the (migrated) users have the sidHistory attribute, which in this case is myretoun.local

On the myretoun.local domain open a command prompt as a user who is a member of Enterprise Admins group and enter the following command:

Netdom trust myretoun.local /D:dumyat.local /quarantine:Yes /userD:myretoun\enterpriseadminaccount /passwordD:*

by using the /passwordD:* you will be prompted to enter your password to run the command.

Enable SID History

All the previous Quarantine:Yes command does is allow the sidHistory attribute to be passed across the trust, but until SID History is enabled on the other (dumyat.local) domain it cannot be used to grant access to resources. To allow this you must enable SID History, again using the NETDOM command.

On the dumyat.local domain open a command prompt as a user who is a member of Enterprise Admins group and run the following command:

netdom trust dumyat.local /D:myretoun.local /enablesidhistory /userD: dumyat\enterpriseadminaccount /passwordD:*

Once these two commands have been run, allow sufficient time for the changes to be replication throughout your Active Directory topology before you test access with a myretoun.local user accessing dumyat.local resources.

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Microsoft Virtual Machine Converter: Hyper-V 2016 VM Could Not Locate Integration Services Installation Disk Image

The Scenario

I have used Microsoft Virtual Machine Converter 3.1 to convert a VMware VM running Windows Server

The Problem

The conversion completes but produces an error right at the end when it tries to install Hyper-V Integration Services on the guest OS:

Could not locate Integration Services installation disk image

The older Wndows Server OS is looking for the C:\windows\system32\vmguest.iso file to mount and install but it is no longer included in Hyper-V 2016 – with 2016 guest VMs get Integration Services updates directly from Windows Update.

The Solution

The solution is to copy the vmguest.iso file from an existing Hyper-V 2012 R2 installation to the 2016 Hyper-V server. Then mount this ISO to the DVD Drive of the guest VM. Then in the OS of the VM run the installer.

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Check LDAP DNS Using NSLOOKUP

The Scenario

I have just created an Active Directory Forest Trust between my domain (DomainA.local) and the acquired domain (DomainB.local)

The Problem

I need to be to confirm that DNS on my domain is able to source the Domain Controllers on the trusted domain using SRV records.

The Solution

Use NSLOOKUP to check if the DNS servers used by the local server can locate the domain controllers on the trusted forest using the SRV records.

Open a Command Prompt and type the following 3 lines:
nslookup
set type=all
_ldap._tcp.dc._msdcs.domainb.local

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Desired State Configuration – A very basic intro

I’ve seen this topic before when reviewing the 70-410 exam books, though for that exam very little is mentioned or indeed required. So until now I’ve given it scant notice. However, having read more about it I can see it will continue to have a growing use in the years ahead, as my requirement to provision multiple standardised servers grows. DSC really looks like it can replace the need for storage-heavy VM templates and multiple GPOs and can quickly deploy standardised servers and maintain the initial settings in the event they are changed by well-meaning, but meddling System Administrators.

As I have only just dipped my toe into the DSC ocean, this post is really as much for my benefit as anyone eases (though I’m always glad to see you of course). It’s just a basic step-through to create a MOF file and apply that to the target. I don’t mention any of the underlying concepts and terminology because there’s a plethora of information out there on Technet and beyond.

Task: I need to ensure a new directory is created on my domain controller (CIV-DC1)

Create the Configuration file:

Configuration AccountingDir {

Import-DscResource –ModuleName ‘PSDesiredStateConfiguration’

Node CIV-DC1 {
#create a new directory in the C drive called accounting

File Accounting { 
Type = “Directory”
Ensure = “Present”
DestinationPath = “C:\Accounting” }

} #Node-complete

} #configuration-complete

#run this to create the MOF file
#the name of the configuration file
AccountingDir -OutputPath c:\temp

#run this to apply the MOF file to the target
Start-DscConfiguration -path C:\temp -Wait -Verbose -Force

NB: The image below will be used during the next section, I used the PowerShell ISE:

DSC-steps

NB: Please note line 3, when I did not have this I got the following error:

DSC-warning

Step 1: Load the Configuration Function Into Memory

Select the Configuration text and run this in ISE

Step 2: Generate the MOF file

Highlight the command (the name of the Configuration and specify a location where therMOF file will be stored) and run this in ISE, you should get the following output:

dsc-step2-output

Step 3: Apply the MOF settings to the target

Highlight the Start-DscConfiguration line, which includes the location of the MOF file (you don’t stipulate the actual MOF file) and run in ISE. The target for the MOF file is stipulated in the first lines of the MOF file so PowerShell and LCM know what the target is. If it is successfully applied you will see the following:

dsc-step3-output

Visually checking on CIV-DC1 shows the new directory:

dsc-results

You can also run a test to confirm if the settings in the MOF file are still active/applied on the target using the Test-DscConfiguration command:

DSC-testing

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Wifi Security key is incorrect (when it’s not!) – Windows 10 & KB4053579

The Scenario

My Windows 10 Professional (build 1607) has recently installed two updates; KB4049411 and KB4053579

The Problem

After these two updates were installed and the computer rebooted I could not get my computer to connect to my wifi, it kept failing with the error “The security key is incorrect”.

I knew the key was correct because I was able to access my router from another laptop and confirm the password I was entering was correct. I even tried using the WPS auto-configuration but that didn’t work either.

The Solution

I decided to uninstall both those updates as that was the only change my , starting with KB4053579. After uninstalling this one, and without a reboot, I tried connecting to my wifi, this time it worked without any issue. I didn’t uninstall KB4049411.

I don’t usually like uninstalling updates given they’re meant to secure my device or make it more stable, nor would I normally advocate anyone else doing the same but I really didn’t have a choice here. Please consider the security implications before doing so yourself. I will attempt to reinstall it in a few days once I get my work finished and will post an update here afterwards to let you know the outcome.

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

PS Tip: PowerShell Catches

In this example I want to check if a list of users samAccountNames returns a list of matching displaynames. In the event that the user is not found I don’t want a system error displayed, I want a custom error message. This is done using a Try & Catch statement, the Try element being the test and the Catch element what I want the custom error to be.

$users = get-content C:\team-members.txt
Foreach ($user in $users) {
try {
(get-aduser $user).Name
}
catch {“$user not found in AD!” #this text will replace the system error output
}
}

Office/Excel Tip: Add cell value to text string, including inverted commas

I have a spreadsheet with the Active Directory current_ObjectID attribute in column H and the new_ObjectID I want to apply in column J.

The powershell script to make the change I want is this:

Rename-ADObject –Identity “<current_objectGUID>” –NewName “<new_objectGUID>”

To autopopulate the current and new ObjectID values from their respective columns and keep the inverted commas around the ObjectID values I needed to type the following:

=”Rename-ADObject –Identity “””&H3&””” -NewName “””&J3&””””

PS Tip: Is Hyper-Threading enabled on my computer

Open an elevated PS session and enter the following:

get-wmiobject -Class win32_processor | ft -Property NumberOfCores, NumberOfLogicalProcessors -auto

If Hyper-threading is enabled you’ll have twice the number of logical processors that you have of physical cores. In my case Hyper-threading is enabled due to the 4-8 ratio.

ht-enabled

 

Disclaimer: provided “AS IS” with no warranties and confer no rights