Earlier when I used to open outlook 2016 I used to get out login prompt which under default username users email address used to populate

But when I disabled Skype auto launch

Now when users log in to outlook prompt it gives user UPN instead of email address

Does it mean outlook is not pulling the address book  from Skype?

How to pull OU data from list of emails in AD. I have a .csv file with just the email address and need to add a column for location. What would be the easiest way to do this in PowerShell?

Hi experts,

I'm using SQL Server 2019.

I need to create a SQL Server Stored Procedure that queries Active Directory.


Query 1

Windows Powershell query - Get Active Directory users whose password will expire in 15 days.

At this link I saw this query to for a Powershell Script that queries Active Directory and gets Active Directory users whose password will expire in 15 days.

List of users with paswords expiring within a certain date range
https://social.technet.microsoft.com/Forums/en-US/c9fb29c4-1b5b-459c-80cc-d6a83aeaf168/list-of-users-with-paswords-expiring-within-a-certain-date-range?forum=winserverDS



I replaced the domain with my domain info and then I run this power shell script.

Get-ADUser -filter * -SearchBase "OU=Users,DC=Contoso,DC=com"  -properties PasswordNeverExpires,msDS-UserPasswordExpiryTimeComputed | where {$_.enabled -eq $true -and $_.PasswordNeverExpires -eq  $False} | select Name,@{Name="ExpiryDate";Expression={([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")).DateTime}} | where {($_.ExpiryDate | get-date)  -gt (get-date) -and ($_.ExpiryDate | get-date) -lt (get-date).adddays(15) }

Select all Open in new window

I get this, which is the a list of users whose password will expired in 15 days or less.
So this powershell query returns the result I need. But I need to query Active Directory from a SQL Stored Procedure.



Query 2

So to learn how to query active directory from a sql server query. I looked at this reference which has the information on how to do it.

Querying Active Directory Data from SQL Server
https://www.mssqltips.com/sqlservertip/2580/querying-active-directory-data-from-sql-server/

Step 1:      Create Linked Server
Step 2:      In the SQL query use LDAp information

After i created a linked server with the script in the link aboei, i then ran this query. But in my query that I ran, i replaced contoso with my domain ino.

SQL Server Query…

when users log into his windows workstation, how does workstaion talk to domain controller ,

is it through LDAP protocol

also when users open outlook , how does it communicate with DC

We're trying to implement a GPO that will block USB storage devices.
It appears that there are at least two approaches at the broad design level:
1) Apply the GPO to users.
2) Apply the GPO to computers.
We tried applying a new GPO to users like this:

• Set up a User's Security Group
• Set up a GPO with Scope including the User's Security Group
• and with Authorized Users having READ and NOT Apply GPO
• Then, the GP settings for removable storage are added as well
• Then the GPO is linked to the User's OU
• Then blocked Users are added to the User's Security Group

It didn't work for us.  

The other approach would seem to be:

• Set up an OU of Computers
• Create a simple GPO with the same settings for removable storage
• Link the GPO to an appropriate Computer OU or set of them
• Move pertinent computers into the appropriate Computer OUs

I haven't done the latter yet but I have more confidence in it.

Any suggestions?

We have the following scenario

• A plain vanilla 2012R2 based RDS deployment in which we want to use a RD Gateway (wasn't the case so far)
• The local domain named domain.local - public domain domain.com
• A vaéid wildcard cert for *.domain.com
• Gateway machine is named rdshost.domain.local and session host rdshost.domain.local

We have performed the various setup and everything works fine, except that we have a certificate mismatch because the user connecting is redirected by the gateway to rdshost.domain.local (the name of the machine in the local domain) whereas the cert is for domain.local. And obviously we will never have a CA cert for domain.local

What is the best practice in such circumstances (I guess it is a pretty classic use case) ?

Trying to put together a script that i can run as a daily scheduled task to automate moving Disabled Objects in our OU to the disabled OU.  I put this together but its not working. Can you please help rewrite the script so that it makes sense.

$DisabledUsers = Get-ADUser -Filter * -Property Enabled | Where-Object {$_.Enabled -like “false”}
$TargetOU="OU=Disabled,OU=Users,OU=Contoso_Users_and_Groups,DC=Contoso,DC=net"

$DisabledUsers |
Select-Object SamAccountName |
Get-ADUser |
Move-ADObject -TargetPath $TargetOU

Select all Open in new window

Hi Experts,

we have problems with AD SYNC to O365.
In the past all items were synced.

The AD SYNC was reinstalled and the anchor was changed to the recommended Microsoft value.
But old items in the Cloud cannot be deleted.

Do you know a way to clean up the synced objects ?

We have a user that the "Send As" for self permission keeps being cleared. I am unable to add the permission in Exchange 2010 Management Console. I can only do it on the actual user properties in ADUC.

How do I find who/what/why the "send as" permission keeps being cleared?

Running repadmin I can see exactly WHEN it occurs (nTSecurityDescriptor shows a new USN with the date and time), but I have no idea of why.

I am working on a Powershell script that will go through the memberships of AD groups that begin with a certain name and then output the group name along with only unique Titles and Departments of members.

So for example if there are two people in a group with the same title and department, I'm aiming to get it to output like this, where it has group name, and then the Title column and Department column with unique ones.

Now I could do this to Excel if that works and just remove duplicates to make it easier.
But the issue I'm having is that the Title and Department values always output as an array.

Results style I'd like to yield:

Group name: "Emergency - All"

Title               |    Department
IT Admin       |   IT
Technician    | Facilities

Group name: "Emergency - Facilities"

Title               |    Department
Technician    | Facilities

And so on and so forth for each group....

How results are currently yielding:

Title                                                Department
-----                                                  ----------
{IT Admin , Technician...} {Facilities...

Obviously that creates a problem for both readability and exporting.
It's an array with commas and I don't know how to overcome it.


The script I currently have is:  
 

$report = @()
$Distros = Get-ADGroup -filter * | ? {$_.Name -like "Emergency - *"}
    foreach ($Distro in $Distros){
       

Select all Open in new window

…

Moving DC from 2008 to 2016. So I currently have 3 DC's two are running 2008 server and one is on 2016, I have built another 2016 server that I added the Active Directory role to which installed but when I go into the active directory configuration wizard the pre-reqs failed stating domain controllers have not replicated. I did some research and found the Active directory replication status tool on MS's website. I ran that tool and found that one server out of the 3 current DC's isn't replicating either way. The server in question is being replaced so my question is can I just demote the server that is having replication issues and not worry about fixing the issue because its being replaced anyways.

I want to limit access to  an O365 room resource, so it is bookable only by members of a specific group. Is that possible?

Hello Experts!

     I need an LDAP query that pulls the following from Active Directory:

From the General Tab:
1.) displayName
2.) physicalDeliveryOfficeName  
a.  Within the Office field, I'd like to search for multiple keywords.  e.g. "CONTRACTOR" OR "Keyword2" OR "Keyword3".  I'm not sure if case-sensitivity matters or not.

From the Address Tab
1.) Street
2.) City
3.) State/province
4.) Zip/Postal Code          
     
From the Object Tab
1.)  Created

From the Organization Tab
1.) Job Title
2.) Department
3.) Company
4.) Manager Name

Here is part of the query:

(&(objectclass=user)(!(objectClass=computer))(samAccountName=$samAccountName$))" attrs="sAMAccountName, personalTitle, displayName, givenName, sn, mail, telephoneNumber, mobile, manager, department, whenCreated, userAccountControl, description, physicalDeliveryOfficeName

Select all Open in new window