Windows 2008 R2 – Josh's IT-Blog

how to get the correct Virtual Disk for a VMware vm

8. March 20188. March 2017 by Burkard Josh

Some times I have the problem, I need to resize or delete a VMware virtual disk, but I only know the guest’s drive letter. In vm’s where there are only one virtual disk, or where each virtual disk has a different size, this isn’t a problem. but if you have a vm with multiple virtual disk with exactly the same size, you can’t compare it between the guest Disk Manager and the virtual disk sizes. if your vm has more than one SCSI controller, the problem will increase.

Windows Disk Manager	VMware VM settings

I searched long time to solve this problem, but I couldn’t find an easy solution for this. so I wrote this PowerShell script:

<#
.SYNOPSIS
    This script will return informations about virtual disks and windows disk allocation

.DESCRIPTION
    This script will return informations about virtual disks and windows disk allocation

.PARAMETER vCenterName
    defines the fqdn of the vCenter

.PARAMETER vmName
    defines the name of the vm (like naming in vCenter, not the fqdn / dns name)

.PARAMETER vmCred
    enter credentials to connect to the guest vm

.EXAMPLE
    $vmCred = New-Object System.Management.Automation.PSCredential ('domain\username', ( ConvertTo-SecureString 'YourSecretPassword' -AsPlainText -Force ) )
    .\ALL-OPR-get-VMDiskInfos.ps1 -vCenterName 'vcenter.domain.local' -vmName 'VMName' -vmcred $vmCred 

.NOTES
    -Author:		Josh Burkard
    -Email :		josh@burkard.it
    -CreationDate:	07.03.2018
    -LastModifiedDate: 
    -Version:		1.0.0.0
    -History:
        07.03.2018	1.0.0.0	Josh Burkard	InitalVersion

.LINK

#>
Param 
(
    # Parameter help description
    [Parameter(Mandatory=$true)][string]$vCenterName,
    [Parameter(Mandatory=$true)][string]$vmName,
    [System.Management.Automation.PSCredential][Parameter(Mandatory=$true)]$vmCred
)

#region Decalarations
#endregion Decalarations

#region Functions
#endregion Functions

#region Execution
    #region verify Params
        if ( [string]::IsNullOrEmpty( $vCenterName ) )
        {
            Write-Host  "parameter vCenterName was  not definied" -ForegroundColor Red
        } elseif ( [string]::IsNullOrEmpty( $vmName ) )
        {
            Write-Host  "parameter vmName was  not definied" -ForegroundColor Red
        } elseif ( [string]::IsNullOrEmpty( $vmCred ) )
        {
            $vmCred = Get-Credential
        } else {
            Write-Verbose "all needed parameters set"
        }
    #endregion verify Params


    #region load VMware Snapins
        Write-Verbose "load VMware Snappins"
        foreach ($comp in "VMware.VimAutomation.Core", "VMware.ImageBuilder") {
            if (Get-Module -ListAvailable -Name $comp -ErrorAction:SilentlyContinue) {
                if (!(Get-Module -Name $comp -ErrorAction:SilentlyContinue)) {
                    if (!(Import-Module -PassThru -Name $comp -ErrorAction:SilentlyContinue)) {
                        Write-Host "FATAL ERROR: Failed to import the $comp module!" -ForegroundColor Red
                        # Exit
                    }
                }
            } else {
                if (Get-PSSnapin -Registered -Name $comp -ErrorAction:SilentlyContinue) {
                    if (!(Get-PSSnapin -Name $comp -ErrorAction:SilentlyContinue)) {
                        if (!(Add-PSSnapin -PassThru -Name $comp -ErrorAction:SilentlyContinue)) {
                            Write-Host "FATAL ERROR: Failed to add the $comp snapin!" -ForegroundColor Red
                            # Exit
                        }
                    }
                } else {
                    Write-Host "FATAL ERROR: $comp is not available as a module or snapin! It looks like there is no compatible version of PowerCLI installed!" -ForegroundColor Red
                    # Exit
                }
            }
        }
    #endregion load VMware Snapins

    #region connect to vCenter
        Write-Verbose "connecting to vCenter $vCenterName"
        try 
        {
            Connect-VIServer -Server $vCenterName -WarningAction SilentlyContinue | Out-Null
            Write-Verbose "connected to vCenter $vCenterName"
        } catch {
            $ErrorMessage = $_.Exception.Message
            # $FailedItem = $_.Exception.ItemName
            Write-Host "couldn't connect to vCenter '$vCenter'" -ForegroundColor Red
            Write-Host $ErrorMessage -ForegroundColor Red
            # Exit
        }
    #endregion connect to vCenter
    
    #region get VM
        $vm = Get-VM -Name $vmName
        if ( [string]::IsNullOrEmpty( $vm ) )
        {
            Write-Host  "VM not found" -ForegroundColor Red
            # exit
        } else {
            Write-Verbose "vm $vmName found" 
        }
    #endregion get VM
    
    #region get VM View for SCSI Controller
        $vmview = Get-View -ViewType VirtualMachine -Filter @{"Name" = $vmName}
        if ( !( [string]::IsNullOrEmpty( $vmview ) ) )
        {
            Write-Verbose "vmView $vmName found" 
            $vmDisks = @()
            $VirtualSCSIControllers = $vmview.Config.Hardware.Device | Where-Object {$_.DeviceInfo.Label -match "SCSI"}
            $VirtualSCSIController = $VirtualSCSIControllers[0]
            foreach ($VirtualSCSIController in $VirtualSCSIControllers ) 
            {
                $VirtualDiskDevices = $vmview.Config.Hardware.Device | Where-Object { $_.ControllerKey -eq $VirtualSCSIController.Key }
                foreach ($VirtualDiskDevice in $VirtualDiskDevices ) 
                {
                    $vmDisks += New-Object -TypeName PSObject -Property @{
                        VirtualDeviceNode    = "SCSI ($( $VirtualSCSIController.BusNumber ):$( $VirtualDiskDevice.UnitNumber )) $( $VirtualDiskDevice.DeviceInfo.Label )"
                        PciSlotNumber        = $VirtualSCSIController.SlotInfo.PciSlotNumber
                        DataStore            = $VirtualDiskDevice.Backing.DataStore
                        FileName             = $VirtualDiskDevice.Backing.FileName
                        ControllerKey        = $VirtualSCSIController.Key
                        DiskKey              = $VirtualDiskDevice.Key
                        ControllerBus        = $VirtualSCSIController.BusNumber
                        ControllerUnitNumber = $VirtualSCSIController.UnitNumber
                        DiskUnitNumber       = $VirtualDiskDevice.UnitNumber
                    }
                }
            }
        } else {
            Write-Host  "VMView not found" -ForegroundColor Red
            # exit
        }
    #endregion get VM View for SCSI Controller
    
    #region get Disk and volumes from guest system
        $scripttext = @"
[Int64]$('$')HKLM = "2147483650"
[String]$('$')value = "UINumber"
$('$')Reg_Query = Get-WmiObject -List "StdRegProv" -Namespace root\cimv2 
$('$')PhysicalDisks = Get-WmiObject -Class "Win32_DiskDrive" -Namespace "root\CIMV2"    
# $('$')PhysicalDisks
$('$')DiskDrives = Get-WmiObject Win32_DiskDrive
$('$')DiskInfos = Get-WmiObject Win32_DiskDrive | ForEach-Object {
    $('$')DiskDrive = $('$')_
    $('$')PNPDeviceID = $('$')DiskDrive.PNPDeviceID.split('\')
    $('$')key = "SYSTEM\CurrentControlSet\Enum\$('$')($('$')PNPDeviceID[0])\$('$')($('$')PNPDeviceID[1])\$('$')($('$')PNPDeviceID[2])"
    $('$')PciSlotNumber = ($('$')Reg_Query.GetDWORDValue($('$')HKLM,$('$')key,$('$')value)).uvalue

    $('$')UniqueId = ( ( $('$')PhysicalDisks | Where-Object { $('$')DiskDrive.DeviceID -eq "\\.\PHYSICALDRIVE$('$')( $('$')_.DeviceId )" } ).UniqueId )
    If ( [string]::IsNullOrEmpty( $('$')UniqueId ) )
    {
        $('$')UniqueId = ( $('$')PhysicalDisks | Where-Object { $('$')DiskDrive.DeviceID -eq $('$')_.Name } ).SerialNumber
    }
    $('$')DiskDriveToDiskPartitions = Get-WmiObject -Query "ASSOCIATORS OF {Win32_DiskDrive.DeviceID='$('$')($('$')DiskDrive.DeviceID)'} WHERE AssocClass = Win32_DiskDriveToDiskPartition"
    $('$')DiskDriveToDiskPartitions | ForEach-Object {
        $('$')partition = $('$')_
        
        $('$')LogicalDiskToPartitions = Get-WmiObject -Query "ASSOCIATORS OF {Win32_DiskPartition.DeviceID='$('$')($('$')partition.DeviceID)'} WHERE AssocClass = Win32_LogicalDiskToPartition" 
        $('$')LogicalDiskToPartitions | ForEach-Object {
            New-Object -Type PSCustomObject -Property @{
                DiskSize        = $('$')DiskDrive.Size
                DiskModel       = $('$')DiskDrive.Model
                SCSIBus         = $('$')DiskDrive.SCSIBus
                SCSILogicalUnit = $('$')DiskDrive.SCSILogicalUnit
                SCSIPort        = $('$')DiskDrive.SCSIPort
                SCSITargetId    = $('$')DiskDrive.SCSITargetId
                PNPDeviceID     = $('$')DiskDrive.PNPDeviceID
                PciSlotNumber   = $('$')PciSlotNumber
                UniqueId        = $('$')UniqueId
                Partition       = $('$')partition.Name
                RawSize         = $('$')partition.Size
                DiskID          = $('$')partition.DiskIndex
                StartingOffset  = $('$')partition.StartingOffset
                DriveLetter     = $('$')_.DeviceID
                VolumeName      = $('$')_.VolumeName
                Size            = $('$')_.Size
                FreeSpace       = $('$')_.FreeSpace
            }
        }
    }
}
$('$')DiskInfos = $('$')DiskInfos | Where-Object { ( ! ( [string]::IsNullOrEmpty( $('$')_.UniqueId ) ) ) }
# $('$')DiskInfos | Sort-Object DriveLetter, DiskID | Select-Object -Unique UniqueId, DiskID, DriveLetter, SCSIBus, SCSILogicalUnit, SCSIPort, SCSITargetId, PNPDeviceID, PciSlotNumber | Format-Table
$('$')DiskInfos | convertTo-CSV
"@
        try {
            $WinDisks = Invoke-VMScript -VM $vm -ScriptText $scripttext -GuestCredential $vmCred -ErrorAction stop | convertfrom-csv    
        }
        catch {
            $ErrorMessage = $_.Exception.Message
            # $FailedItem = $_.Exception.ItemName
            Write-Host "couldn't connect to VM guest" -ForegroundColor Red
            Write-Host $ErrorMessage -ForegroundColor Red
            exit
        }
        
    #endregion get Disk and volumes from guest system
    
    #region merge WinDisk and VMware Disk Infos
        $DiskInfos = @()
        # $WinDisk = $WinDisks[1] 
        foreach ( $WinDisk in $WinDisks )
        {
            $vmDisk = $vmDisks | Where-Object { $_.PciSlotNumber -eq $WinDisk.PciSlotNumber -and $_.DiskUnitNumber -eq $WinDisk.SCSITargetId }
            $DiskInfos += New-Object -TypeName PSOBject -Property @{
                WinDiskID              = $WinDisk.DiskID
                PCISlotNumber          = $WinDisk.PciSlotNumber
                WinVolumeName          = $WinDisk.VolumeName
                WinDiskSCSITargetId    = $WinDisk.SCSITargetId
                DriveLetter            = $WinDisk.DriveLetter
                VMControllerBusNumber  = $vmDisk.ControllerBus
                VirtualDeviceNode      = $vmDisk.VirtualDeviceNode
                FileName               = $vmDisk.FileName
                DataStore              = $vmDisk.DataStore
            }
        }
        $DiskInfos 
    #endregion merge WinDisk and VMware Disk Infos
#endregion Execution

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

.SYNOPSIS

This script will return informations about virtual disks and windows disk allocation

.DESCRIPTION

This script will return informations about virtual disks and windows disk allocation

.PARAMETER vCenterName

defines the fqdn of the vCenter

.PARAMETER vmName

defines the name of the vm (like naming in vCenter, not the fqdn / dns name)

.PARAMETER vmCred

enter credentials to connect to the guest vm

.EXAMPLE

$vmCred = New-Object System.Management.Automation.PSCredential ('domain\username', ( ConvertTo-SecureString 'YourSecretPassword' -AsPlainText -Force ) )

.\ALL-OPR-get-VMDiskInfos.ps1 -vCenterName 'vcenter.domain.local' -vmName 'VMName' -vmcred $vmCred

.NOTES

-Author: Josh Burkard

-Email : josh@burkard.it

-CreationDate: 07.03.2018

-LastModifiedDate:

-Version: 1.0.0.0

-History:

07.03.2018 1.0.0.0 Josh Burkard InitalVersion

.LINK

Param

(

# Parameter help description

[Parameter(Mandatory=$true)][string]$vCenterName,

[Parameter(Mandatory=$true)][string]$vmName,

[System.Management.Automation.PSCredential][Parameter(Mandatory=$true)]$vmCred

)

#region Decalarations

#endregion Decalarations

#region Functions

#endregion Functions

#region Execution

#region verify Params

if ( [string]::IsNullOrEmpty( $vCenterName ) )

{

Write-Host "parameter vCenterName was not definied" -ForegroundColor Red

} elseif ( [string]::IsNullOrEmpty( $vmName ) )

{

Write-Host "parameter vmName was not definied" -ForegroundColor Red

} elseif ( [string]::IsNullOrEmpty( $vmCred ) )

{

$vmCred = Get-Credential

} else {

Write-Verbose "all needed parameters set"

}

#endregion verify Params

#region load VMware Snapins

Write-Verbose "load VMware Snappins"

foreach ($comp in "VMware.VimAutomation.Core", "VMware.ImageBuilder") {

if (Get-Module -ListAvailable -Name $comp -ErrorAction:SilentlyContinue) {

if (!(Get-Module -Name $comp -ErrorAction:SilentlyContinue)) {

if (!(Import-Module -PassThru -Name $comp -ErrorAction:SilentlyContinue)) {

Write-Host "FATAL ERROR: Failed to import the $comp module!" -ForegroundColor Red

# Exit

}

} else {

if (Get-PSSnapin -Registered -Name $comp -ErrorAction:SilentlyContinue) {

if (!(Get-PSSnapin -Name $comp -ErrorAction:SilentlyContinue)) {

if (!(Add-PSSnapin -PassThru -Name $comp -ErrorAction:SilentlyContinue)) {

Write-Host "FATAL ERROR: Failed to add the $comp snapin!" -ForegroundColor Red

# Exit

}

} else {

Write-Host "FATAL ERROR: $comp is not available as a module or snapin! It looks like there is no compatible version of PowerCLI installed!" -ForegroundColor Red

# Exit

}

#endregion load VMware Snapins

#region connect to vCenter

Write-Verbose "connecting to vCenter $vCenterName"

try

{

Connect-VIServer -Server $vCenterName -WarningAction SilentlyContinue | Out-Null

Write-Verbose "connected to vCenter $vCenterName"

} catch {

$ErrorMessage = $_.Exception.Message

# $FailedItem = $_.Exception.ItemName

Write-Host "couldn't connect to vCenter '$vCenter'" -ForegroundColor Red

Write-Host $ErrorMessage -ForegroundColor Red

# Exit

}

#endregion connect to vCenter

#region get VM

$vm = Get-VM -Name $vmName

if ( [string]::IsNullOrEmpty( $vm ) )

{

Write-Host "VM not found" -ForegroundColor Red

# exit

} else {

Write-Verbose "vm $vmName found"

}

#endregion get VM

#region get VM View for SCSI Controller

$vmview = Get-View -ViewType VirtualMachine -Filter @{"Name" = $vmName}

if ( !( [string]::IsNullOrEmpty( $vmview ) ) )

{

Write-Verbose "vmView $vmName found"

$vmDisks = @()

$VirtualSCSIControllers = $vmview.Config.Hardware.Device | Where-Object {$_.DeviceInfo.Label -match "SCSI"}

$VirtualSCSIController = $VirtualSCSIControllers[0]

foreach ($VirtualSCSIController in $VirtualSCSIControllers )

{

$VirtualDiskDevices = $vmview.Config.Hardware.Device | Where-Object { $_.ControllerKey -eq $VirtualSCSIController.Key }

foreach ($VirtualDiskDevice in $VirtualDiskDevices )

{

$vmDisks += New-Object -TypeName PSObject -Property @{

VirtualDeviceNode = "SCSI ($( $VirtualSCSIController.BusNumber ):$( $VirtualDiskDevice.UnitNumber )) $( $VirtualDiskDevice.DeviceInfo.Label )"

PciSlotNumber = $VirtualSCSIController.SlotInfo.PciSlotNumber

DataStore = $VirtualDiskDevice.Backing.DataStore

FileName = $VirtualDiskDevice.Backing.FileName

ControllerKey = $VirtualSCSIController.Key

DiskKey = $VirtualDiskDevice.Key

ControllerBus = $VirtualSCSIController.BusNumber

ControllerUnitNumber = $VirtualSCSIController.UnitNumber

DiskUnitNumber = $VirtualDiskDevice.UnitNumber

}

} else {

Write-Host "VMView not found" -ForegroundColor Red

# exit

}

#endregion get VM View for SCSI Controller

#region get Disk and volumes from guest system

$scripttext = @"

[Int64]$('$')HKLM = "2147483650"

[String]$('$')value = "UINumber"

$('$')Reg_Query = Get-WmiObject -List "StdRegProv" -Namespace root\cimv2

$('$')PhysicalDisks = Get-WmiObject -Class "Win32_DiskDrive" -Namespace "root\CIMV2"

# $('$')PhysicalDisks

$('$')DiskDrives = Get-WmiObject Win32_DiskDrive

$('$')DiskInfos = Get-WmiObject Win32_DiskDrive | ForEach-Object {

$('$')DiskDrive = $('$')_

$('$')PNPDeviceID = $('$')DiskDrive.PNPDeviceID.split('\')

$('$')key = "SYSTEM\CurrentControlSet\Enum\$('$')($('$')PNPDeviceID[0])\$('$')($('$')PNPDeviceID[1])\$('$')($('$')PNPDeviceID[2])"

$('$')PciSlotNumber = ($('$')Reg_Query.GetDWORDValue($('$')HKLM,$('$')key,$('$')value)).uvalue

$('$')UniqueId = ( ( $('$')PhysicalDisks | Where-Object { $('$')DiskDrive.DeviceID -eq "\\.\PHYSICALDRIVE$('$')( $('$')_.DeviceId )" } ).UniqueId )

If ( [string]::IsNullOrEmpty( $('$')UniqueId ) )

{

$('$')UniqueId = ( $('$')PhysicalDisks | Where-Object { $('$')DiskDrive.DeviceID -eq $('$')_.Name } ).SerialNumber

}

$('$')DiskDriveToDiskPartitions = Get-WmiObject -Query "ASSOCIATORS OF {Win32_DiskDrive.DeviceID='$('$')($('$')DiskDrive.DeviceID)'} WHERE AssocClass = Win32_DiskDriveToDiskPartition"

$('$')DiskDriveToDiskPartitions | ForEach-Object {

$('$')partition = $('$')_

$('$')LogicalDiskToPartitions = Get-WmiObject -Query "ASSOCIATORS OF {Win32_DiskPartition.DeviceID='$('$')($('$')partition.DeviceID)'} WHERE AssocClass = Win32_LogicalDiskToPartition"

$('$')LogicalDiskToPartitions | ForEach-Object {

New-Object -Type PSCustomObject -Property @{

DiskSize = $('$')DiskDrive.Size

DiskModel = $('$')DiskDrive.Model

SCSIBus = $('$')DiskDrive.SCSIBus

SCSILogicalUnit = $('$')DiskDrive.SCSILogicalUnit

SCSIPort = $('$')DiskDrive.SCSIPort

SCSITargetId = $('$')DiskDrive.SCSITargetId

PNPDeviceID = $('$')DiskDrive.PNPDeviceID

PciSlotNumber = $('$')PciSlotNumber

UniqueId = $('$')UniqueId

Partition = $('$')partition.Name

RawSize = $('$')partition.Size

DiskID = $('$')partition.DiskIndex

StartingOffset = $('$')partition.StartingOffset

DriveLetter = $('$')_.DeviceID

VolumeName = $('$')_.VolumeName

Size = $('$')_.Size

FreeSpace = $('$')_.FreeSpace

}

$('$')DiskInfos = $('$')DiskInfos | Where-Object { ( ! ( [string]::IsNullOrEmpty( $('$')_.UniqueId ) ) ) }

# $('$')DiskInfos | Sort-Object DriveLetter, DiskID | Select-Object -Unique UniqueId, DiskID, DriveLetter, SCSIBus, SCSILogicalUnit, SCSIPort, SCSITargetId, PNPDeviceID, PciSlotNumber | Format-Table

$('$')DiskInfos | convertTo-CSV

try {

$WinDisks = Invoke-VMScript -VM $vm -ScriptText $scripttext -GuestCredential $vmCred -ErrorAction stop | convertfrom-csv

}

catch {

$ErrorMessage = $_.Exception.Message

# $FailedItem = $_.Exception.ItemName

Write-Host "couldn't connect to VM guest" -ForegroundColor Red

Write-Host $ErrorMessage -ForegroundColor Red

exit

}

#endregion get Disk and volumes from guest system

#region merge WinDisk and VMware Disk Infos

$DiskInfos = @()

# $WinDisk = $WinDisks[1]

foreach ( $WinDisk in $WinDisks )

{

$vmDisk = $vmDisks | Where-Object { $_.PciSlotNumber -eq $WinDisk.PciSlotNumber -and $_.DiskUnitNumber -eq $WinDisk.SCSITargetId }

$DiskInfos += New-Object -TypeName PSOBject -Property @{

WinDiskID = $WinDisk.DiskID

PCISlotNumber = $WinDisk.PciSlotNumber

WinVolumeName = $WinDisk.VolumeName

WinDiskSCSITargetId = $WinDisk.SCSITargetId

DriveLetter = $WinDisk.DriveLetter

VMControllerBusNumber = $vmDisk.ControllerBus

VirtualDeviceNode = $vmDisk.VirtualDeviceNode

FileName = $vmDisk.FileName

DataStore = $vmDisk.DataStore

}

$DiskInfos

#endregion merge WinDisk and VMware Disk Infos

#endregion Execution

when you run the script, it will ask you for credentials and then shows you the informations about booth of your virtual disk and Windows drive : read more

demoted Domain Controller still present in SCOM

24. February 201424. February 2014 by Burkard Josh

If you demote a Domain Controller, SCOM will generate a lot of alerts. By design, there is no automatically undiscovery for the Rules and Monitores for the Active Directory Roles.

Solution 1

This solution will remove all disabled Class instances from an existing object. it will not change any other properties of the object.

Open the Operations Management Shell
type in this command:

Remove-SCOMDisabledClassInstance -ComputerName <Demoted Server>

1	Remove-SCOMDisabledClassInstance -ComputerName <Demoted Server>

Stop the System Center Management service
Delete the folder C:\Program Files\System Center Operations Manager\Agent\Health Service State
Start the System Center Management service

Solution 2

This solution will clear only the agent cache. Sometime this will be sufficient, if the server discovery / undiscovery was already done well:

Stop the System Center Management service
Delete the folder C:\Program Files\System Center Operations Manager\Agent\Health Service State
Start the System Center Management service

Solution 3

This solution will remove the entire object and then recreate the object with it’s discovery. The new object wouldn’t be discovered as Domain Controller. The new object will have an new guid and any overwrites to the old object will be lost. read more

recover deleted Bitlocker Recovery Informations

17. July 201317. July 2013 by Burkard Josh

Today I had a request from a first-level-admin which need the Bitlocker Recovery Password for a already deleted computer object. Here is what I came up with:

$compname = "ComputerName"
$SearchRoot = "CN=Deleted Objects,DC=domain,DC=local"

$recoverykeys = Get-QADObject -Tombstone -Recycled -Type "msFVE-RecoveryInformation" -SizeLimit 0 -Includedproperties msFVE-RecoveryPassword -SearchRoot $SearchRoot | ? {$_.lastknownparent -like "*$compname*"} | select msFVE-RecoveryPassword

$recoverykeys

$compname = "ComputerName"

$SearchRoot = "CN=Deleted Objects,DC=domain,DC=local"

$recoverykeys = Get-QADObject -Tombstone -Recycled -Type "msFVE-RecoveryInformation" -SizeLimit 0 -Includedproperties msFVE-RecoveryPassword -SearchRoot $SearchRoot | ? {$_.lastknownparent -like "*$compname*"} | select msFVE-RecoveryPassword

$recoverykeys

Please note that you need to be a Domain Admin (or equivalent) to be able to read the Deleted Objects Container. The tombstones will have a lifetime, after their expiration, you can’t access anymore to the recovery passwords.

Clone your Active Directory in 18 minutes using VMware

10. October 201110. October 2011 by Burkard Josh

Anyone out there who runs a successful Microsoft Windows Active Directory, knows that it is pre-eminently useful to have a test environment that very nearly represents your production environment…to do…you know…testing!

I thought I would give that a try, and here’s what I came up with:

Shutdown and clone a Virtual Domain Controller with a 50GB disk drive, 10 minutes.
Attach the virtual DC to a totally private network, visible only to other virtual machines on the same box, 15 seconds.
Restart the cloned DC, 1 minute.
Seizing FSMO roles from Domain Controllers that aren’t in this private network, 3 minutes.
Sit back in wonder, 45 seconds.

These simple steps aren’t completely error free. Because the DC I chose was a replication partner with a bunch of other DCs and Active Directory Sites, it was necessary to do some tweaking to remove the “defunct” Domain Controller properties from the Active Directory. That process is documented well, here: Remove old Domain Controller Settings from FRS and the Domain. If you have a lot of Remote Domain Controllers and you only need your clon e for a little test, it may be to expensive to remove all remote DC’s. In this case you can create this registry value, so your clone isn’t waiting anymore for replication partner: read more

unwilling Server

3. August 20113. August 2011 by Burkard Josh

I’m working now for over 15 years in information technology, but i got never before a server response which is so straight and funny too:

The server is unwilling to process the request.

Maybee the server could do it, but he doesn’t like it. The error above was caused by this simple vb-script, when user Test-User has the group Domain Users defined as primary group:

Set objDomainUsers = GetObject("LDAP://cn=Domain Users,cn=Users,dc=domain,dc=local")
objDomainUsers.Remove("LDAP://CN=Test-User,cn=Users,DC=domain,DC=local")

1 2	Set objDomainUsers = GetObject("LDAP://cn=Domain Users,cn=Users,dc=domain,dc=local") objDomainUsers.Remove("LDAP://CN=Test-User,cn=Users,DC=domain,DC=local")

disable Outlook AutoDiscovery feature for a mail domain

25. July 201125. July 2011 by Burkard Josh

Maybe you want to disable the autodiscovery feature in Outlook 2007 / 2010 for your full mail domain – maybe you don’t like the feature, or your mail server doesn’t support it.

For this, there is an easy solution:

Define in your DNS-server an A-entry for autodiscover.domain.com pointing to 127.0.0.1.

Notify AD user with mail when password expires

4. July 20113. July 2011 by Burkard Josh

In my environment, i have a lot of users, which never comes to the office, but need remote access to the company network. for this they have an AD user account, which password will expires for company policy after 90 days. Cause they never logon to a domain computer, they didn’t get the “Change Password Request” when the password expires. So they will have at one day an blocked account, but needing it for syncing mobile phone or remote access over VPN. So i wrote a litle script which will notify every user per Mail about the expiring password: read more

Remove all disabled users from distribution lists

14. July 201123. June 2011 by Burkard Josh

Cause of company policy we don’t delete users which are leaving, but we disabled them. The exchange mailbox will be removed after some months. For this incomming mails have to be forwarded to an exchange contact with an unresolvable address, so the sender receives an error message.

Cause of this, we need to remove the disabled users from all distribution list. If not, senders receive error messages each time a message was send to a distribution list with disabled users.

To automate this, i wrote a script. You can filter it by OU and run it first in a display-only mode before you remove the disabled users definitely from all distribution lists. read more

Free iSCSI Target for Windows available

26. May 201121. May 2011 by Burkard Josh

For years, when you need to define a Windows Storage as iSCSI target, you need a paid software, cause Microsoft iSCSI target software did only run on the Windows Storage Server edition.

As of April 2011, the target software is now available for free and supported in any Windows 2008 R2 edition!

You can use this for:

highly available VMs

clustering of file and print services

testing environments

Find AD-User from Email-Address

16. May 201116. May 2011 by Burkard Josh

Problem:

Did you ever searched an special email-address in your active directory? If yes, you will know, that there isn’t a special field for the email-addresses.

Solution:

Go to active directory users and computers (ADUC).

Right click on the domain and choose Find.

Select Custom Search in the Find-Field and Entire Directory in the In-Field.

Select the Advanced-Register and type this LDAP query:

proxyaddresses=SMTP:user@domain.com

Share this:

Solution 1

Solution 2

Solution 3

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Problem:

Solution:

Share this: