Find AD User Account Lockout Events with PowerShell

Posted on October 6, 2011 by

A few weeks ago a user contacted me and stated they were constantly being locked out throughout the day. This could have been caused by a number of things from someone else trying to log in as them to being logged in somewhere else, changing their password and the session with the old password still being active. I ran a search of the security event log on the domain controllers and found the name of the machine that the user was being locked out from. The event ID for lockout events is 4740 for Vista / 2008 and higher and 644 for 2000 / XP / 2003. Here’s the PowerShell script I used to find the lockout events:

$logName = "security"
$pcName = "dc01", "dc02", "dc03"
$eventID = "4740"
Get-EventLog -LogName $logName -ComputerName $pcName | where {$_.eventID -eq $eventID} `
| fl -Property timegenerated, replacementstrings, message

Based on these results, the user is being locked out from a machine named “PC01″:

The problem was that the user recently changed their password and had some out of date credentials saved in the Windows 7 Credential Manager:

This cmdlet will search Active Directory and list all of the accounts that are locked out:

Search-ADAccount -LockedOut

Here’s the results of that command:

You can use the following PowerShell command to unlock the Active Directory account:

$name = mike
Unlock-ADAccount $name

µ

Posted in Active Directory, PowerShell | 1 Comment

Create AD Group and Copy a Group’s Members with PowerShell

Posted on September 29, 2011 by

This week, I was asked if I could export a list of users who were members of a specific group in Active Directory. My Question: What’s this list for? Answer: We’re working on a project that requires us to create a new security group in Active Directory and we’re going to add all the users on the list to the new group. I determined that this new group really was necessary. My response: I can do even better than providing you guys with a list. I can create the new AD group, output a list of users, and import them into the new group.

I had previously created a couple of PowerShell scripts that would help me get started. One of them created an AD group and the other added a single user to an AD group. I combined my existing scripts and nested the add user to group portion in a for each loop:

'Define variables'
$NewGrpName = "NewADGroup"
$GrpScope = "Global"
$Description = "New AD Group"
$GrpCat = "Security"
$Path = "OU=security,OU=groups,OU=test,DC=mikefrobbins,DC=com"
$ExistingGrpName = "ExistingADGroup"
$Domain = "mikefrobbins.com"

'Create a new AD group using the variables as parameters'
New-ADGroup -Name $NewGrpName  -GroupScope $GrpScope -Description $Description `
-GroupCategory $GrpCat -Path $Path

'Obtain a list of users from an existing AD Group and store them in a variable'
$UserNames = Get-ADGroupMember $ExistingGrpName | Get-ADUser | Select-Object `
-ExpandProperty SamAccountName

'Add each user to the newly created AD group'
ForEach ($UserName in $UserNames) {
$User = [ADSI]("WinNT://$Domain/$UserName")
$Grp = [ADSI]("WinNT://$Domain/$NewGrpName")
$Grp.PSBase.Invoke("Add",$User.PSBase.Path)
}

'Output a list of users that are now members of the new group'
Get-ADGroupMember $NewGrpName | Get-ADUser | Select-Object Name

PowerShell to the Rescue!

Here’s an updated script based on Jeffery Hicks comments. You’ve gotta love the PowerShell community.

$newGrpName = "NewADGroup"
$grpScope = "Global"
$description = "New AD Group"
$grpCat = "Security"
$path = "OU=security,OU=groups,OU=test,DC=mikefrobbins,DC=com"
$existingGrpName = "ExistingADGroup"

New-ADGroup -name $newGrpName -GroupScope $grpScope -Description $description -GroupCategory `
$grpCat -Path $path -PassThru  | Add-ADGroupMember -Members (Get-ADGroupMember $existingGrpName) `
-PassThru | Get-ADGroupMember | Select Name

µ

Posted in Active Directory, PowerShell | 4 Comments

Restore a Replaced Document in SharePoint Server 2007

Posted on September 22, 2011 by

A few weeks ago I had someone ask me about restoring a single Excel spreadsheet in Microsoft Office SharePoint Server 2007 (MOSS).  The spreadsheet had been overwritten by uploading another one in its place with the same file name. Versioning was not turned on in this document library. The spreadsheet that needed to be restored was not in the user’s or admin’s recycle bin. I guess that’s because it wasn’t actually deleted. I decided that if the data is saved in the SharePoint content database as a blob, that there must be some way to extract that blob from a restored copy of the database without it needing to be connected to a web front end server.

Solution:
Restore a backup of the content database from the night before the item was replaced to a test database server. The AllDocs table contains two columns that are of interest when looking for a document. The DirName column is the Document Library location and the LeafName is the actual name of the items in the document library. Once you locate the item you want to restore, you’ll need to join the AllDocs table to the AllDocStreams table on the id column to retrieve the item’s content. The actual data of an item is stored in the AllDocStreams table in a column named content. You should be able to extract the data using whatever method you’re familiar with (Visual Studio, BCP, or VBScript). I used VBScript since it seemed to be the easiest:

Set cn = CreateObject("ADODB.Connection")
Set rs = CreateObject("ADODB.Recordset")
cn.Open "Provider=SQLOLEDB;data Source=DBServerName;Initial Catalog=SP_Content_RestoredDB;Trusted_Connection=yes"
Set rs = cn.Execute("select Content from AllDocStreams join AllDocs on AllDocStreams.Id = AllDocs.Id where AllDocs.LeafName = 'Spreadsheet.xlsx'")
Set mstream = CreateObject("ADODB.Stream")
mstream.Type = 1
mstream.Open
mstream.Write rs.Fields("Content").Value
mstream.SaveToFile "D:\Spreadsheet.xlsx", 2
rs.Close
cn.Close

µ

Posted in Microsoft Office SharePoint Server 2007 (MOSS 2007), VBScript | Leave a comment

Installation of the Windows 8 Developer Preview

Posted on September 15, 2011 by

The Windows 8 Developer Preview was publicly released this past Tuesday evening via the new Windows Dev Center. I actually thought I was going to miss out on the opportunity to try out this preview version since I’m not currently a MSDN subscriber. I was happy to learn that it was made available for anyone to download.

Since this is a preview version, I decided to load it as a virtual machine on a Hyper-V server. This kept me from tying up any of my machines that I need to work properly on a consistent basis and that’s something that everyone needs to keep in mind, this is not a finished product that is ready or meant for a production environment.

I also attempted to install this preview as a VM under Windows Virtual PC on a computer running Windows 7. You can’t run a 64bit OS as a VM under Windows Virtual PC and if you try to install the 32bit version of the preview, you’ll end up the error: “Your PC ran into a problem that it couldn’t handle, and now it needs to restart. You can search for the error online: HAL INITIALIZATION FAILED”.

I was able to install this preview OS as a VM running under VirtualBox on a computer running Windows 7 without issue by using the settings I found on sysprobs.com.

Here’s what the initial boot screen looks like when installing this operating system:

From this point forward, the installation process looks similar to Windows 7 and 2008 R2. I’m not going to post the screen shots of the installation process unless they are new to Windows 8. During the installation, this particular screen was flashing in such a way that I thought something was wrong. I left it alone and the installation continued without issue. This issue only occurred during the installation of the VM on Hyper-V.

At the end of the installation, you’ll end up on this screen:

You’ll be asked to give the computer a name:

I chose to “Use Express Settings” on this page:

The log on portion is great since you can use a Windows Live ID. That’s one less password that I don’t have to worry about remembering:

You’ll be prompted to enter your Windows Live ID and password:

I chose to “Use an alternate email instead” on the password recovery screen:

Enter the alternate email address if you chose that option:

Your account is being created at this point:

This is where you are actually being logged in:

You’ll end up on this snazzy new start screen:

I’ll be posting more blog articles about the Windows 8 preview during the next few weeks.

µ

Posted in Windows 8 | Leave a comment

Resolving SharePoint 2010 PDF Issues with PowerShell

Posted on September 1, 2011 by

PDF’s that have been uploaded to your SharePoint 2010 document libraries do not show the correct icon and only give you the option of saving instead of opening them:

The following PowerShell script downloads a 17×17 GIF image from Adobe.com named pdficon_small.gif, places it in the images folder under the 14 hive, associates it in the DOCICON.XML file, sets Browser File Handling to Permissive, and then runs IISReset:

$14 = "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14"
$src = "http://www.adobe.com/images/pdficon_small.gif"
$dst = $14 + "\TEMPLATE\IMAGES\pdficon_small.gif"
$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile($src, $dst)

$xml = New-Object XML
$xml.Load($14 + "\TEMPLATE\XML\DOCICON.XML")
$icoAsn = $xml.CreateElement('Mapping')
$icoAsn.SetAttribute('Key','pdf')
$icoAsn.SetAttribute("Value","pdficon_small.gif")
$xml.DocIcons.ByExtension.AppendChild($icoAsn)
$xml.save($14 + "\TEMPLATE\XML\DOCICON.XML")

Add-PSSnapin Microsoft.SharePoint.PowerShell
Get-SPWebApplication | ForEach-Object {$_.BrowserFileHandling = “Permissive”; $_.update()}
iisreset

 

The first part of the script downloads a pdf icon from Adobe.com to the Images folder:

The second part associates PDF’s in SharePoint with this PDF GIF image icon file:

The third portion of the script sets the Browser File Handling to Permissive so that the PDF’s are able to be opened instead of only saved. This was implemented on an Intranet SharePoint server so I consider this decrease in security to be an acceptable risk:

The last thing it does is run IISReset:

PDF’s now have the correct icon and are allowed to be opened:

The PDF icon issue and information about associating it in SharePoint is documented in this Microsoft KB Article.

µ

Posted in PowerShell, SharePoint 2010 | 1 Comment

Dell EqualLogic PS4000 – Creating a Volume with PowerShell

Posted on August 25, 2011 by

Download the EqualLogic Host Integration Toolkit (HIT Kit) for Microsoft from the EqualLogic support site. Install the PowerShell Tools portion of the HIT Kit on the computer you want to manage the SAN from. For a PS4000, this computer doesn’t need access to the iSCSI network as long as it has connectivity to the management network.

The following PowerShell script creates a 36GB thin provisioned volume named mikefrobbins with a snapshot reserve of 100%, sets a description for the volume, allows two specific IP addresses to access the volume and its snapshots, sets up a 1am snapshot schedule that takes place once per day and attempts to keep 7 snapshots as long as the total size of the snapshots doesn’t exceed the snapshot reserved space.

$GrpAddr = "192.168.1.1"
$VolName = "mikefrobbins"
$VolSize = "36864"
$SnapshotReserve = "100"
$Description = "C Drive for mikefrobbins WebServer"
$ThinProvision = "Yes"
$iSCSI1 = "10.0.0.1"
$iSCSI2 = "10.0.0.2"
$ACL = "volume_and_snapshot"
$SchName = "wwwDailySnapshot"
$SchType = "Daily"
$Start = "01:00AM"
$Repeat = "0"
$Count = "7"

Import-Module -name "c:\program files\EqualLogic\bin\EqlPSTools.dll"
Connect-EqlGroup -GroupAddress $GrpAddr -Credential (Get-Credential)
New-EqlVolume -VolumeName $VolName -VolumeSizeMB $VolSize -SnapshotReservePercent `
$SnapshotReserve -VolumeDescription $Description -ThinProvision $ThinProvision
New-EqlVolumeACL -VolumeName $VolName -InitiatorIpAddress $iSCSI1 -ACLTargetType $ACL
New-EqlVolumeACL -VolumeName $VolName -InitiatorIpAddress $iSCSI2 -ACLTargetType $ACL
New-EqlSchedule -VolumeName $VolName -ScheduleName $SchName -ScheduleType $SchType `
-StartTime $Start -TimeFrequency $Repeat -KeepCount $Count
Disconnect-EqlGroup -GroupAddress $GrpAddr

When you execute the script, enter the grpadmin credentials or the credentials of an equivalent account when prompted:

The volume has been created with the settings specified in the PowerShell script:

Access to the volume and its snapshots has been setup for the two specified IP addresses:

The snapshot job has been created and enabled:

You could use the GUI to accomplish the same task, but GUI’s generally leave too much room for error. Using a PowerShell script allows you to create a volume exactly the same way each time with no chance of forgetting to do something like creating a snapshot job. Nothing worse than having something missed by your backup job and committing yourself to recovering it from a snapshot only to find out: “Oh yeah, I forgot to set that up”.

µ

Posted in PowerShell, Storage Area Network | Leave a comment

The Easy Way to Create a Bootable Windows 7 USB Flash Drive

Posted on August 18, 2011 by

I recently loaded Windows 7 on my netbook computer and ran across a tool named “Windows 7 USB/DVD Download Tool” which makes creating a Windows 7 bootable USB flash drive much easier. Download and install this tool.

Open the program and select the ISO you want to copy to your USB flash drive.

Select “USB device”:

Select the USB flash drive you want to copy the Windows 7 installation media to. Warning: This process erases all data that currently exists on the USB flash drive you select. You will need a 4GB or larger USB flash drive for Windows 7. Select “Begin copying”:

Once the process is complete, you’ll have a bootable USB flash drive that contains the installation media for Windows 7:

Now that was much easier than using DiskPart.

µ

Posted in Windows 7 | Leave a comment