3. November 2010 13:32
Today I had a strange problem.
I was at a customer who had both 2003 R2 and 2008 R2 DC's in their domain.
If I created a new GPO on a 2003 DC everything was ok, but if I created the GPO on a 2008 DC the "Administrative Templates" was empty.
It turned out to be because there was created an empty folder called "PolicyDefinitions" on the domain.local\sysvol\domaon.local\policies share.
When the GPMC opens a policy it will look for the ADMX files in "C:\Windows\PolicyDefinitions" execpt for if the "domain.local\sysvol\domaon.local\policies\PolicyDefinitions" folder exists. This is a central store for Policies.
If the "domain.local\sysvol\domaon.local\policies\PolicyDefinitions" folder exists it will load the ADMX files from there but if the folder is empty it will not show anything "Administrative Templates".
To solve the problem I just copied all the files from the "C:\Windows\PolicyDefinitions" folder to the "domain.local\sysvol\domaon.local\policies\PolicyDefinitions" folder.
28. June 2010 14:57
Yesterday I had to enable a bunch of user accounts and set a default password for the users that I had migrated to a new AD.
The users had to have a new password, to be enabled and have removed the "The user have to change password at next logon".
Normally I would create a VB script to do those things, but I decided to see if this could be done using PowerShell.
First I had to tell PowerShell to use the Active Directory module:
Then I could cd "into" the AD by writing
The Get-ADUser cmdlet is used for finding alle the users in the OU and any sub OU and the Set-ADAccountPassword cmdlet to set the password:
Get-ADUser -filter * -SearchBase 'OU=UserAccounts,DC=domain,DC=local' | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassword" -Force)
Again the Get-ADUser is used together with the Set-ADUser cmdlet to enable the accounts and remove the "The user have to change password at next logon" option.
Get-ADUser -filter * -SearchBase 'OU=UserAccounts,DC=domain,DC=local' | Set-ADUser -Enable $True -ChangePasswordAtLogon $false
More AD PowerShell Cmdlets can be found here http://technet.microsoft.com/en-us/library/ee617195.aspx