Clik here to view.
Sub-Select Query - The Holy Grail of SMS Collections
Learned a cool trick this week for building SMS/SCCM collections that will return a list of computers that "do not have something". Building a collection that returns a group computers with a...
View ArticleClik here to view.
Determine Active Directory Schema Version
You can query Active Directory to determine the schema version as shown below. Replace “dc=domainname” with your information dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base...
View ArticleClik here to view.
PowerShell Script to Query UserAccountControl Flags
One of the services I provide as a Premier Field Engineer is performing health and security assessments in a customer’s environment and providing them a detailed report. Recently I was performing an...
View ArticleClik here to view.
How to Determine Which DNS Server(s) Have Scavenging Enabled Using PowerShell
One of my duties as a Microsoft Premier Field Engineer (PFE) is to make sure the products a customer is currently using are configured properly and the customer is getting all the functionality the...
View ArticleClik here to view.
Understanding and Managing the Certificate Stores Used for Smart Card Logon
Recently I was onsite helping a customer clean up some certificates related to smart card logon. One of the things I find challenging about PKI and specifically about smart card logon is remembering...
View ArticleClik here to view.
How to find user accounts with Kerberos preauthentication disabled.
One of my duties as a Premier Field Engineer is to perform Active Directory Risk Assessments (aka ADRAP). During these risk assessments we review the configuration of key components of Active...
View ArticleHow to update the list of Name Servers on a DNS Zone with a Script
I was working with a customer this week doing some Active Directory cleanup tasks. We were decommissioning the last of their Windows Server 2003 domain controllers so we could upgrade the domain and...
View ArticleClik here to view.
How to Modify Security Inheritance on Active Directory Objects using PowerShell
A couple of weeks ago I was working with a customer analyzing a number of user accounts affected by AdminSDHolder protection. User accounts that are members of privileged groups such as Domain Admins...
View ArticleThe Best MMC Keyboard shortcut ever!
I was reading an internal email thread today and one of my peers mentioned he used to use a keyboard shortcut that would expand an entire tree in a management console but could not remember what the...
View ArticleList of Rollup Updates for Windows 8/8.1 & Windows Server 2012 / 2012 R2
I put this list together for a couple of customers who were asking for the latest Service Pack for these operating systems. It turns out we don’t have “Service Packs” available but we do have “Update...
View ArticleClik here to view.
PowerShell Script to Query UserAccountControl Flags
One of the services I provide as a Premier Field Engineer is performing health and security assessments in a customer’s environment and providing them a detailed report. Recently I was performing an...
View ArticleHow to Start and Save Virtual Machines with PowerShell
I have a Hyper-V lab I run on my laptop (Windows 8.1, dual quad processor, 32G RAM, 2 HDs) that has 7-9 virtual machines (VMs) running. When I’m done working on my lab I typically SAVE all the running...
View ArticleClik here to view.
How to Configure and Use a PowerShell Profile
When you open a PowerShell window to perform some work all the aliases, functions and variables you create are only available in your current session. If you exit the session all these changes are...
View Article