Archive

Posts Tagged ‘Active Directory’

Change the Case of a User Logon Name

August 21, 2012 2 comments

I need to change the case of a user’s logon name from TUser to tuser. Seems simple enough but turns out there’s a little trick.

I open up the properties of the user & select the Account tab.

I change both fields to tuser & click OK.

I open the properties again to double check & notice that the User logon name (pre-Windows 2000) changed but User logon name did not.

The trick is to rename the account without actually renaming it. Right click the account & select Rename.

Now retype the name exactly how it currently is & press Enter. So in my case I just type Test User & press Enter. That will bring up the Rename User dialog box. From there change the case in the User logon name textbox (& pre-Windows 2000 if not already done) & click OK.

Look at the properties of the account & the case had been changed.

Categories: Computers Tags:

Quickpost: Users & Phone Numbers

April 9, 2012 Leave a comment 
Get-QADUser -SearchRoot "abc.com/Company/Users" | Select DisplayName,title,department,physicalDeliveryOfficeName,telephoneNumber | Export-Csv C:Tempphonebook.csv
Categories: Computers Tags:

No Certificate Templates Could Be Found Error

February 14, 2012 6 comments

I was doing a little Active Directory Certificate Services (AD CS) testing in the lab. I came across the following error when browsing to the web enrollment page, “No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.”

Searching around online I found plenty of articles & posts on this error but none of the solutions fixed my issue. After three days of troubleshooting here’s what worked for me.

Being a lab at some point I had changed the Authentication settings in IIS on both CertEnroll & CertSrv to Anonymous Authentication Enabled & Windows Authentication Disabled.

When I changed them back to the defaults which are Anonymous Authentication Disabled & Windows Authentication Enabled I stopped getting the error.

Categories: Computers Tags: , , , , ,

Update Fax Numbers in AD Using PowerShell

January 4, 2012 Leave a comment

Just a quick post on how to change the fax number for several users who use 555-555-1234 to 555-555-4321.

 Get-QADUser -SearchRoot "abc.com/ABC/Users" -LdapFilter '(facsimileTelephoneNumber=555-555-1234)' | Foreach-Object{Set-QADuser -Identity $_ -ObjectAttributes @{facsimileTelephoneNumber='555-555-4321'}}
Categories: Computers Tags: ,

Making AD Changes using PowerShell (Company Attribute)

May 31, 2011 Leave a comment

Note – This post deals with making bulk changes to Active Directory. If you’re not careful you could really screw things up. Always test in a lab before making such changes in production.

This is just a quick post for a little something I had to do today. I’ve been doing some Active Directory cleanup & noticed we have some users that have the Company attribute populated & some that don’t.

Using the Quest ActiveRoles Management Shell for Active Directory (http://www.quest.com/powershell/activeroles-server.aspx) I ran the following cmdlet to add the correct company name to all users in a specific OU & all sub-OUs who do not have the Company attribute populated.

Get-QADUser -SearchRoot "abc.com/ABC/Users" -Company "" | ForEach-Object{Set-QADUser -Identity $_ -Company "ABC Company"}
Categories: Computers Tags: ,

Making AD Changes using PowerShell

April 21, 2011 Leave a comment

Note – This post deals with making bulk changes to Active Directory. If you’re not careful you could really screw things up. Always test in a lab before making such changes in production.

I recently had a situation where I had to change the numeric value of the Department attribute in Active Directory then move it to extensionAttribute1 attribute. Below are the steps I went through to accomplish this.

Note – Some of these might seem weird but they were things I had to do that were specific to the environment.

You will need to install the Quest ActiveRoles Management Shell for Active Directory. (http://www.quest.com/powershell/activeroles-server.aspx)

All the values in the Department field were between 10000 and 10999. I needed to add 1000 to each one to make the values between 11000 and 11999. Before I did anything I wanted to export the current values. I opened ActiveRoles Management Shell for Active Directory & ran the following command.

Get-QADUser -SizeLimit 0 -IncludedProperties extensionAttribute1 -LdapFilter '(|(department=*)(extensionAttribute1=*))' | select name,samAccountName,dn,department,extensionAttribute1 | Export-Csv C:\Temp\export.csv

I did a little spot checking in the CSV file just to make sure all the data looked good. Then I ran the following script to add 1000 to each value. (You’ll need to save this to a .ps1 file & run it.)

Get-QADUser -SizeLimit 0 -LdapFilter '(department=10*)' | Foreach-Object{
if($ea1 = $_.department -as [int])
{
Set-QADuser -Identity $_ -ObjectAttributes @{department=($ea1+1000)}
}
}

To make sure there were no more numbers in the 10000s I ran the following command which returned no results as expected.

Get-QADUser -SizeLimit 0 -LdapFilter '(department=10*)' | select name,department,extensionAttribute1

Next I needed to copy the values from the Department attribute to extensionAttribute1. I ran the following script.

Get-QADUser -SizeLimit 0 -IncludedProperties extensionAttribute1 -LdapFilter '(department=11*)' | Foreach-Object{
if($ea1 = $_.department -as [int])
{
Set-QADuser -Identity $_ -ObjectAttributes @{extensionAttribute1=$ea1}
}
}

Finally I removed the values from the department attribute by running the following script.

Get-QADUser -SizeLimit 0 -LdapFilter '(department=11*)' | Foreach-Object{
if($ea1 = $_.department -as [int])
{
Set-QADuser -Identity $_ -ObjectAttributes @{department=''}
}
}
Categories: Computers Tags: ,
Follow

Get every new post delivered to your Inbox.

Join 87 other followers

%d bloggers like this: