how to get the correct Virtual Disk for a VMware vm

Some times I have the problem, I need to resize or delete a VMware virtual disk, but I only know the guest’s drive letter. In vm’s where there are only one virtual disk, or where each virtual disk has a different size, this isn’t a problem. but if you have a vm with multiple virtual disk with exactly the same size, you can’t compare it between the guest Disk Manager and the virtual disk sizes. if your vm has more than one SCSI controller, the problem will increase.

Windows Disk Manager VMware VM settings

I searched long time to solve this problem, but I couldn’t find an easy solution for this. so I wrote this PowerShell script:

when you run the script, it will ask you for credentials and then shows you the informations about booth of your virtual disk and Windows drive : read more

demoted Domain Controller still present in SCOM

If you demote a Domain Controller, SCOM will generate a lot of alerts. By design, there is no automatically undiscovery for the Rules and Monitores for the Active Directory Roles.

Solution 1

This solution will remove all disabled Class instances from an existing object. it will not change any other properties of the object.

  • Open the Operations Management Shell
  • type in this command:

  • Stop the System Center Management service
  • Delete the folder C:\Program Files\System Center Operations Manager\Agent\Health Service State
  • Start the System Center Management service

Solution 2

This solution will clear only the agent cache. Sometime this will be sufficient, if the server discovery / undiscovery was already done well:

  • Stop the System Center Management service
  • Delete the folder C:\Program Files\System Center Operations Manager\Agent\Health Service State
  • Start the System Center Management service

Solution 3

This solution will remove the entire object and then recreate the object with it’s discovery. The new object wouldn’t be discovered as Domain Controller. The new object will have an new guid and any overwrites to the old object will be lost. read more

recover deleted Bitlocker Recovery Informations

Today I had a request from a first-level-admin which need the Bitlocker Recovery Password for a already deleted computer object. Here is what I came up with:

Please note that you need to be a Domain Admin (or equivalent) to be able to read the Deleted Objects Container. The tombstones will have a lifetime, after their expiration, you can’t access anymore to the recovery passwords.

Clone your Active Directory in 18 minutes using VMware

Anyone out there who runs a successful Microsoft Windows Active Directory, knows that it is pre-eminently useful to have a test environment that very nearly represents your production environment…to do…you know…testing!

I thought I would give that a try, and here’s what I came up with:

  1. Shutdown and clone a Virtual Domain Controller with a 50GB disk drive, 10 minutes.
  2. Attach the virtual DC to a totally private network, visible only to other virtual machines on the same box, 15 seconds.
  3. Restart the cloned DC, 1 minute.
  4. Seizing FSMO roles from Domain Controllers that aren’t in this private network, 3 minutes.
  5. Sit back in wonder, 45 seconds.

These simple steps aren’t completely error free. Because the DC I chose was a replication partner with a bunch of other DCs and Active Directory Sites, it was necessary to do some tweaking to remove the “defunct” Domain Controller properties from the Active Directory. That process is documented well, here: Remove old Domain Controller Settings from FRS and the Domain. If you have a lot of Remote Domain Controllers and you only need your clon e for a little test, it may be to expensive to remove all remote DC’s. In this case you can create this registry value, so your clone isn’t waiting anymore for replication partner: read more

unwilling Server

I’m working now for over 15 years in information technology, but i got never before a server response which is so straight and funny too:

The server is unwilling to process the requestThe server is unwilling to process the request.

Maybee the server could do it, but he doesn’t like it. The error above was caused by this simple vb-script, when user Test-User has the group Domain Users defined as primary group:

disable Outlook AutoDiscovery feature for a mail domain

Maybe you want to disable the autodiscovery feature in Outlook 2007 / 2010 for your full mail domain – maybe you don’t like the feature, or your mail server doesn’t support it.

For this, there is an easy solution:

Define in your DNS-server an A-entry for pointing to

Notify AD user with mail when password expires

In my environment, i have a lot of users, which never comes to the office, but need remote access to the company network. for this they have an AD user account, which password will expires for company policy after 90 days. Cause they never logon to a domain computer, they didn’t get the “Change Password Request” when the password expires. So they will have at one day an blocked account, but needing it for syncing mobile phone or remote access over VPN. So i wrote a litle script which will notify every user per Mail about the expiring password: read more

Remove all disabled users from distribution lists

Cause of company policy we don’t delete users which are leaving, but we disabled them. The exchange mailbox will be removed after some months. For this incomming mails have to be forwarded to an exchange contact with an unresolvable address, so the sender receives an error message.

Cause of this, we need to remove the disabled users from all distribution list. If not, senders receive error messages each time a message was send to a distribution list with disabled users.

To automate this, i wrote a script. You can filter it by OU and run it first in a display-only mode before you remove the disabled users definitely from all distribution lists. read more

Free iSCSI Target for Windows available

For years, when you need to define a Windows Storage as iSCSI target, you need a paid software, cause Microsoft iSCSI target software did only run on the Windows Storage Server edition.

As of April 2011, the target software is now available for free and supported in any Windows 2008 R2 edition!

You can use this for:

  • highly available VMs
  • clustering of file and print services
  • testing environments
  • read more

    Find AD-User from Email-Address


    Did you ever searched an special email-address in your active directory? If yes, you will know, that there isn’t a special field for the email-addresses.


    Go to active directory users and computers (ADUC).

    Right click on the domain and choose Find.

    Select Custom Search in the Find-Field and Entire Directory in the In-Field.

    Select the Advanced-Register and type this LDAP query: