Powershell Get-ADComputer

The following Powershell commmand uses the Get-ADComputer cmdlet to query AD and return a CSV with the headers “OU”,”Name” & “OperatingSystem”.
It was designed to return this information to marry up with GPO controlled policies against the OUs so I could plan servicing schedules.

Note the “-Properties *” to ensure the OperatingSystem value is available and the “-NoTypeInformation” to drop the header row of the CSV file and leave the column headers as the first row.

Get-ADComputer -Filter * -property * -SearchBase "OU=XXX, DC=XXX, DC=XXX, DC=XXX, DC=XXX" | Select @{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}},"Name", "OperatingSystem" | export-csv -Path C:\SomeDir\SomeFile.csv -NoTypeInformation

Cancelling a Scheduled chkdsk (Check Disk)

  1. Boot from the Windows 10 DVD / install media
  2. [SHIFT]+[F10] to reveal a command prompt
  3. REGEDT32 to open registry editor
  4. Highlight HKLM > File > Load Hive
  5. Navigate to the local system disk :\Windows\System32\config and open [SYSTEM]
  6. Navigate to HKEY_LOCAL_MACHINE\<LOADED HIVE NAME>\CurrentControlSet\Control\Session Manager\ and edit the BootExecute MULTI-SZ value to read only: autocheck autochk *
  7. Reboot
  8. tadaa!

WIndows Command For-loop

for /f "delims=*" %f in ('dir "C:\folder\of\files\*.efs" /b') DO C:\folder\of\executable\program.exe -f "C:%~pf%f"
  1. A standard debugging technique is to insert the echo command into scripts and even compound/complex commands.  If you do
    for /f "delims=*" %a in ('dir *.avi /b /s') do @echo md "%~na"
    

    you’ll get the output

    "file 1"
    "file 2"
    "file 3"
    "file 4"
    

    Notes:

    • The @ prevents the echo commands themselves from displaying, so you see only their output.
    • "delims=…" tells for how to parse the lines of output from the dir *.avi /b /s command.  I don’t know why the answer you linked to suggests "delims=*".  But the default behavior is to break lines apart at spaces, so, if your directory and/or file names contain spaces (as you indicated), you should use "delims=" (specifying that there are no delimiters) to get this to work.
  2. If you type for /? or help for, you’ll get documentation on the for command.  Down in the fifth page, you’ll see
    In addition, substitution of FOR variable references has been enhanced.
    You can now use the following optional syntax:
    
        %~I         - expands %I removing any surrounding quotes (")
                         ︙ 
        %~pI        - expands %I to a path only
        %~nI        - expands %I to a file name only
                         ︙ 
    
    The modifiers can be combined to get compound results …
                             ︙ 
    

    which explains why %~na is getting you just the file name of the *.avi files whose full names are in %a.  Now try

    for /f "delims=" %a in ('dir *.avi /b /s') do @echo md "%~pa"
    

    and you’ll get

    "the_current_directory\Folder A\"
    "the_current_directory\Folder A\"
    "the_current_directory\Folder B\"
    "the_current_directory\Folder B\"

    From which we can conclude that you want to do

    for /f "delims=" %a in ('dir *.avi /b /s') do md "%~pa%~na"
    

    to create the file 1 and file 2 directories under Folder A, and the file 3 and file 4 directories under Folder B.   And, as @dave_thompson_085 points out, you can combine %~pa%~na into %~pna.

https://superuser.com/questions/1033360/how-do-i-execute-commands-on-files-in-multiple-folders

Powershell Query – get-ADObject filter for Bitlocker

The following command returns all objects in the specified OU (replace XXX with your own values) which have Bitlocker recovery information and what the recovery key is.

Get-ADObject -Filter "objectClass -eq 'msFVE-RecoveryInformation'" -SearchBase "OU=XXX, OU=XXX, OU=XXX, DC=XXX, DC=XXX, DC=XXX, DC=XXX" -Properties msFVE-RecoveryPassword,whenCreated

I’m only really interested in the machine name for review so the following command both chops the Distinguished name field and returns just the second part and then chops that part removing the “CN=” section whilst also returning just that column name from the above query.

Get-ADObject -Filter "objectClass -eq 'msFVE-RecoveryInformation'" -SearchBase "OU=XXX, OU=XXX, OU=XXX, DC=XXX, DC=XXX, DC=XXX, DC=XXX" | Select @{l='ComputerName';e={$_.DistinguishedName.split(',')[1].split('=')[1]}}

The tricky part was the select statement, here’s a brief breakdown of what it’s doing.

@{} defines an array to be returned, which we’ll expect although it could end up being an array of 1 or 0 with no results.

“l” is shorthand for “label” which is the column header.
“e” is shorthand for “expression”.
“$_.” indicates a single item in the pipeline, the results of Get-ADObject are then piped and this catches them one at a time.
“DistinguishedName.split(‘,’)[1].split(‘=’)[1]” takes the value of the name DistinguishedName being piped and splits it first by “,”, selecting the second item in the array that forms “[1]” is second when counting from 0. It then splits that string again on the “=” sign, returning the second part (the actual computer name alone!).

Phew!

 

Learned a little more, powershell syntax understanding on the up!

Powershell : Query for user’s last logon date

I needed to work out some AD accounts’ last logon dates to make a further assessment, in powershell I found this was fairly simple:

To get a list of all user attributes available for query:

$> get-aduser -identity <USERNAME_HERE> -Properties *

To query for last logon date:

$> get-aduser -identity <USERNAME_HERE> -Properties LastLogonDate

 

Microsoft Office 2016 Licensed via KMS but with Activation Splash Screen on launch

Resolved by following https://support.office.com/en-us/article/Office-repeatedly-prompts-you-to-activate-on-a-new-PC-a9a6b05f-f6ce-4d1f-8d49-eb5007b64ba1

 

 

  • Close the activation window and all Office apps.

  • Right-click the Start button Windows Start button in Windows 8 and Windows 10 on the lower-left corner of your screen, and select Run.
  • Type regedit, and then press Enter. Select Yes when prompted to open the Registry Editor.
  • On the left side of the Registry Editor, under Computer, navigate to the following key in the registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\OEM

  • Right click the OEM value and click File>Export.
  • Save the key.
  • After the key is backed up, select Edit>Delete.
  • Repeat steps 3-6 for the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\OEM

  • Close the Registry Editor and start Office again.

 

Windows 7 Boot Sector Repair

The Scenario

I was working on a dual booted MBR style disk which had Windows 7 and Ubuntu installed. I was asked to remove the Ubuntu partition(s) and extend the Windows partition. The user had a backup of all data from the Ubuntu partition, not the Windows. The GRUB boot loader was in operation.

The Solution

I began by backing up the disk.

I then booted into Windows and inspected the disk partitions via Disk Manager and (thankfully) found that Windows had been installed first, shrunk and then Ubuntu installed. This was apparent by seeing the order of partitions on the disk from left to right. I then deleted the 2 Ubuntu related partitions at the end of the disk (both were present after the Windows OS partition) and extended the Windows partition into the recovered space.

Then I rebooted into a Windows Recovery environment via a USB install I’d been supplied with and let Windows attempt a start-up repair, that failed and no valid Windows partitions were displayed, which might be normal if GRUB is controlling the bootloader but I’d have expected Windows PreInstalled Environment to detect the local partition.

I then opened a command prompt and ran the following commands:

bootrec /fixboot

-This ran successfully

bootrec /fixmbr

-This failed to complete, unable to find device or somesuch

bootrec /rebuildbcd

-This failed, it was unable to write to device

I spent a good hour attempting to manually rebuild the bootloader via bcdedit commands which eventually failed until I came across a thread suggesting the issue is booting from Windows 7 USB media.

I then dug out an old Windows 7 DVD and booted from that and voila, the above commands worked successfully. I did have to trash c:\boot\BCD via the commands:

attrib c:\boot\bcd -s -h
move c:\boot\bcd bcd.old

and then set the OS partition (no 100MB System partition on this disk) to active before running them successfully. I also then launched the Windows Startup Repair from within the DVD repair tools to correct any faults with active partitions etc. Following that the system booted.

Hope this helps someone, what should have take 15 mins ended up taking me 2 hours!

Intel Network ProSet Fails to Uninstall

I recently struggled to upgrade my Intel(R) Network Connections driver installation from v22.4.10 (unsupported in Windows 10 1703) due to a corrupted uninstaller.

Symptoms:

When attempting to install the latest supported driver (v22.6.6.0) the installer attempts to call any currently installed versions’ uninstaller and then fails with error 1703.

Resolution:

After much reading up I came across this post from days gone by referring the the last nuclear approach of MZIZAP https://blogs.msdn.microsoft.com/ronalg/2012/06/07/troubleshooting-msi-uninstall-issuesintel-pro-network-connections-1713/ .
That led me to search for modern alternatives which led me to the Windows 10 Helper utility https://support.microsoft.com/en-gb/help/17588/fix-problems-that-block-programs-from-being-installed-or-removed

Launching that and first running it to repair the uninstaller and then again to forcibly remove it did the trick, I was then able to install the latest version.

 

I hope this helps someone else.

Subinacl.exe Microsoft Service Permissions

A nice little tool to manage service permissions on Windows name subinacl is available at https://www.microsoft.com/en-gb/download/details.aspx?id=23510

Default install directory is “C:\Program Files (x86)\Windows Resource Kits\Tools”
Usage example for the ‘spooler’ service and the user domain\username:

subinacl /service spooler /grant=domain\username=top