When you are promoting a new Domain Controller in to an existing Active Directory Forest/Domain, you let the default setting of "Any domain controller" to sync from and you are stuck at promotion process with this error message: Error determining whether the target environment require adprep: Validation error Validation error: Unable to make an LDAP … Continue reading Promoting a DC: Error determining whether the target environment require adprep →

Are you getting this error message when demoting a domain controller? "The operation failed because: The Active Directory Domain Services Installation Wizard (DCpromo.exe) would not configure the computer account <2012 DC> on the remote Active Directory Domain Controller <2019 DC>. Verify that the user running dcpromo.exe is granted the "Enable computer and user accounts to … Continue reading When you demoting a domain controller, you receive the “Failed to modify the necessary properties for the machine account. Access is denied” error message →

While testing Active Directory on a closed private network, I needed LDAPs connections to the domain controllers. But I didn't have any PKI/Certificate servers on the network and I didn't want to build one. So I decided to use a self-signed SSL certificate for LDAPs connections. If you reading this, you need one too. Here … Continue reading Active Directory: Self-Signed certificate for LDAPs →

Do you use Microsoft Teams? Here is the direct Teams chat link to start a chat with you. I add this link to my Email signature. You can too. https://teams.microsoft.com/l/chat/0/0?users= <Your-Email-Address> e.g., https://teams.microsoft.com/l/chat/0/0?users=AwesomeAnand@USA.com If you need the link for your Teams Channel, you can get it by right-clicking on the Teams Channel, like this:

To find a computer is waiting for reboot to complete the Microsoft Update installation, I have found this information in Windows Update WMI object. This displays True (if Pending Reboot),or False (Not waiting for reboot). (New-Object -ComObject Microsoft.Update.SystemInfo).RebootRequired But this only runs on the local computer. I needed to collect Pending Reboot state of all … Continue reading PowerShell: Find if a computer is waiting for Reboot (pending reboot) →

I have blogged to create a log file name in PowerShell, so we can create unique readable file names to store data or logs: https://anandthearchitect.com/2019/06/13/powershell-create-a-unique-log-file-name-out-of-date-time/ Now I have an better idea of generating file name with slightly different idea (since I found out GetDateTimeFormats() function in returned object from Get-Date cmdlet). Here is the function … Continue reading (Ver 2) PowerShell: Create Unique Log File Name out of Date & Time →

When I wrote a script to migrate distribution groups to Office 365 from On-Prem Exchange server, I had a requirement to list the parent (memberOf) groups. So I can migrate them in order or do not lose the group memberships during migration. So how do we list the parent groups of a DL? There are … Continue reading Exchange: How to list memberOf groups of a distribution group? →

Say you end up with a wrong UserPrincipalName for an MSOL account which is sync'ed from On-Prem Active Directory like this: username@company.onmicrosoft.com, Which is obviously wrong UPN. The correct UPN supposed to be like username@company.com and it should match the user's PrimarySMTPAddress. I am sure you tried to correct it in Office 365 Admin Center, … Continue reading Office 365: How to correct UserPrincipalName for On-premises AD sync’ed account? →

Here is very useful script written by me. Feel free to use on your network. This script queries the local Active Directory for users whose password is expiring in given number of days, then send email notice to the user. Download the PowerShell Script The source code: <# ************************************************************************************************** ** Script: Email-PasswordExpiry-Notice.ps1 ** ** Purpose: … Continue reading Active Directory: Send password expiry Email notice to users →

If you tried to filter results with any AD cmdlets in PowerShell, you quickly finds out it is not possible with "-Filter" option. For example, I tried to list any user with no Mail attribute value is null: PS E:> Get-ADUser -Filter { mail -ne $null } Get-ADUser : Variable: 'null' found in expression: $null … Continue reading Active Directory – PowerShell – Cannot search by null value attributes →