Wednesday, 17 August 2016

Porxy PAC file GPO- Registry Item-GPP Method


Deploying Proxy PAC file configuration through GPO-GPP – Registry update method: 


I had received request from our team to setup the proxy PAC file configuration for VDI clients, hence I started preparing the GPO with User configuration settings.

They had mentioned that PAC file configuration which we set in the IE -Connections - Lan Settings should be editable by users, hence I decided not to use the GPP- Internet Settings to deploy the IE configuration based on the IE version target. 


Solution:

Created the New GPO for testing the new Registry Item for Proxy PAC configuration.

Updated the “AutoconfigURL” settings with PAC file Path on below registry path in User configuration.

HKCU\Software\Microsoft\windows\CurrentVersion\Internet Settings



I decided to check and it was working fine for my login and for the requestor as well...

After two or three days, few customers complaint that the proxy configuration is not displayed for them.



So, I logged into to those servers / clients where customer reported the issue … this is the first time I logged on to those servers. Surprisingly, GPO which I had setup does not apply in IE proxy configuration script option but GPRESULT report shows that registry item is processed.


I started to blame the IE Enhanced Security Settings but I checked it was in disabled Mode for both Administrators and Users.


In the problematic system, I manually tick the “Use Automatic Configuration Script” and Un-ticked it. Forced the Gpupdate using force switch. 


Magic, this time it was applied successfully. I found in Internet that we others also had similar problem, they had solution by Setting the following registry Key.  





















So, I have included this registry item also in the same GPO in Order 1.















Seems, to be working fine till now. Hope, this will be helpful for you as well...
Posted by at No comments:

Thursday, 11 August 2016

Extract OU Information of Users - Computers - Groups

Generating AD report with OU information not the Distinguished name of the object: 

Request:

 I have been requested to provide the list of users in domain with their current OU location information. It's just simple for every admin to generate the complete list of users using native tools like dsquery or using easy to use Powershell cmdlets like ( Get-aduser )

The tricky part is that we are expecting the OU information but you know we generally tend to select the distinguished name but you know it's like tricky to extract to remove the CN information from the report generated and have to work in Excel sheet to get the desired output. 

Few days ago, I got similar request and extract the objects from AD and did played with excel to extract only the OU information and samaccount name.

 We are in Powershell world where these type of requests can be easily handled without additional work in excel workbook.

Solution:

Use Powershell.....

get-content ".\users.txt" |get-aduser -pr distinguishedname,samaccountname -errorAction silentlycontinue |select samaccountname, @{name="OU";expression={($_.DistinguishedName -split ",",2)[1]}}| sort samaccountname |Export-Csv Users_OU_Information.csv -notypeinformation


The main command which we need focus is about : @{name="OU";expression={($_.DistinguishedName -split ",",2)[1]}} 

This command actually gets the distinguished name attribute and split the CN information which is separated by comma ","  

Similarly we can  use this similar command in groups OU information or Computers OU information. 

May be this will be handy when you need it... 

Have a Great Day !!!
Posted by at 1 comment:

Monday, 8 August 2016

Move Multiple AD computer objects to different OUs

Move multiple Computer objects to different Organization Units

Request in-detail

Today, I had received request from team to Move around 100s of computer objects to different OUs in my domain. 

 The information which I received was in Excel sheet but you know they are not in order. 

Solution:

So, I spent few minutes to sort them in order first also the OU path was received in Canonical Name not the exact LDAP path. 

First extracted OU names from the Canonical names provided and queried in AD to get the exact LDAP path. Then I prepared the sheet like below input file information.


Sample CSV Input file ( Save the file as comps.csv )






Simple Powershell script was prepared to do this move JOB. Script does not have any error checking but powershell console throw error message when object not found. 

 Input file should be shared in the same directory where the powershell script will be saved. 


# Script Content:  # Don't copy this line.

Import-Module activedirectory

$Inputs=Import-csv ".\comps.csv"

foreach ( $line in $Inputs )

{

Get-adcomputer $($line.ID) | Move-ADObject -TargetPath $($line.dn)

}
Posted by at 1 comment:
Subscribe to: Posts (Atom)