Archive for the ‘Active Directory’ Category

Just a place holder for now, I will come back and update with some more info when I get a chance. (more…)


Nothing too exciting in this one, just had to do a quick comparison of user home folders against what was set in Active Directory as part of file server permission’s remediation task.

Just a simple one here, but want to keep it on file. This will rebuild the tokenGroups attribute for a user, which is a dynamic attribute, i.e. not part of the schema. Useful for working out why people are getting token bloat and kerberos issues. (more…)

Nearly every environment I work in has the annoying warnings on their domain controllers stating that the Netlogon.log is filling up and almost always with the NO_CLIENT_SITE warnings. It’s a simple fix, just add in all the relevant subnets into AD Sites and Services. One of those things that just should be done when new networks are brought online, but nearly always get’s left out. Well, below is a bit of PowerShell to parse the domain controller’s Netlogon.log and spit back a list of unique /24 subnets that are generating the warnings. Next step would be to identify which AD site they should belong to and add them in.

Adds in a bunch of new subnets, details read from a CSV, into AD Sites and Services, into pre-existing sites. Requires Quest AD tools. (more…)

Generate a CSV of product keys for all machines in your AD. (more…)

I used the following to identify open and closed set groups in our AD infrastructure. This was to aid in migration to a new child domain. I’ve used “Sites” as variables, as in the current environment, each “site” had its own OU. Not be confused with AD Sites. The script uses the Quest AD tools.