We help IT Professionals succeed at work.

IT Administration





IT Administration is the processes and best practices for programming and development, and incorporates methodologies for managing activities and projects. Common methodologies include waterfall, prototyping, iterative and incremental development, spiral development, rapid application development, extreme programming and various types of agile methodology. The life-cycle "model" is a more general term for a category of methodologies, and a software development "process" a more specific term to refer to a specific process chosen by a specific organization.

Powershell- Add AD Group to AD User by Distinguished Name

I have a list of 30+ AD Groups that i want add back to an AD User Object. Whats the best powershell script that will allow me to add these groups back to the user if i have a CSV file that has a list of all the AD Groups ind CN format with no header? I can add a header if need be.
I am trying to add to my existing offboarding script the ability to set a mailbox to shared upon offboarding a user.

I tried using:

Set-Mailbox -EmailAddress Iperez@contoso.com -Type Shared

Open in new window

But it keeps giving me this error.

Cannot display the prompt for "Identity" because type "Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter" cannot be

I have already connected to Exchange Online and can run the Set-Mailbox command. Am i missing some module? Or do you know what i am doing wrong?
Powershell Experts, question. I run this script to remove all AD Groups from users that are being off-boarded. Works great, the only  thing is that when it loops through, it asks me after each one it loops though. Even when i click yes to all it still goes on to the next group and asks permission again to remove. Am i missing a parameter or what am i doing wrong? I want it to loop through, remove all AD groups for the AD user object and not ask me if its OK to remove.

Get-ADUser $disableduser -Properties MemberOf | Select -Expand MemberOf | %{Remove-ADGroupMember $_ -member $disableduser}

Open in new window

I am looking to develop a powershell script that can process off-boarding for my team. We have a Hybrid On-Prem/Office 365 Environment.  I would like it to do the following:

For the On-Prem side:
  • Disable the AD Object
  • Put Date and Time Object was disabled in the Description Field in the AD Object
  • Remove all AD Memberships (Except Domain User) ***If possible create a log of that users memberships somewhere so we can revert back if need be.
  • Move Object to the _Disabled OU

For the Office 365 side:
  1. Block Sign-in
  2. Force out any logged in Session (optional)
  3. Remove All O365 Licenses
  4. Convert Mailbox to Shared Mailbox

Thank you very much on your assistance with this. We need this urgently as we have massive layoffs in our company. Thank you and Stay Safe.

Also please provide the Powershell Modules needed to complete these commands. Or do i need to run them from a domain controller or the exchange server. Thanks.
If you have any responsibilities for managing the ICT budget for your organisations, can you share any examples of lessons learned on areas you may have identified or any honest 'mistakes made' where your company was perhaps wasting money.

We have a risk/audit team who do a lot of good focus on cyber security, data protection etc, but some other issues have come to light in recent years where money was being wasted due to poor asset management/monitoring processes (i.e. smartphones that were not even being used by the person given them), which got me thinking what other common mistakes could be being made which may be worth delving further into as part of their cycle of reviews.

Not overly sure what category to add this to so gone with a broad area as I know a lot of participants in these areas often seem to have senior titles in their profiles so may be involved in this type of area or report directly to others who do.
Hi I have a client that wasn't to have reporting on what users are doing work wise.  Like 2 hours in Outlook, 20 minutes on Face Book and if the computer was idol for two hours.

Not sure if that is possible.  As you can guess, this is for users working from home due to the Corona virus.

Thanks all.

Oh, all the remote computers are Windows 10 Home and they are not VPNing or RDPing.  Just email and local Autocad stuff.
Hi, we want to lock down some Android tablets so they only view a few whitelisted websites, is there a easy solution for this?
Dear Experts,

I would like to find out what would be the best suited network certification to obtain for myself.
I have a mish-mash background, after getting M.S. in computer science with software engineering emphasis, I was working as a software/field engineer, then software project manager.
After taking time off to raise children, I started my own business as an IT consultant, where I did everything from hardware/software installation, infrastructure management, training, and troubleshooting for small businesses.  All of my knowledge came from basically learning as I needed from vendors and other sources.
A few more jobs later, I am now bouncing back and forth between Sr. System/Network Admin roles at my current employer.
My problem is, besides my degree, I do not have any certification, but I can administer Cisco/Fortinet Firewalls, switches, Windows servers, Exchange servers, and am versed in PowerShell scripts as well as Java, VBA.  I feel very non-standardized, and would like to have some type of certification.  Since I really don't need to learn more about Windows servers or Azure AD, I was leaning towards some type of network certification.  Cisco, CompTIA Network+, etc.  I do have basic theoretic knowledge on networking from my graduate courses, however I have a feeling some of those are outdated at this point.
Please advise.

I have been asked to evaluate/review approximately 150 servers on our network, ranging from Server 2008 to Server 2019 list in  a spreadsheet with very limited information.   Just primary roles. (e.g. DC, DNS, RODC, SCCM Distribution Point, File and Print server, etc.)   It also lists Hyper-V, Hyper-V on workstation, etc.  

I don't have the owner information so I can't reach out to each and ask "what is this and what's it for?  The objective is to go through this giant list and label each with a "priority #" to either decommission it, upgrade the existing OS, determining the utilization of each server, apps installed, roles installed, etc.   I then need to be able to share my findings with the rest of my team so we can then determine the effort necessary to migrate, upgrade or decommission the server(s) as we look forward to our newest 2016 functional level infrastructure.  Fro example, there are 14 RODCs at branch sites, but Sites and Services is not configured properly, so that could be a priority #1 (through 5) for us.   How do you experts approach these types of tasks and projects?   What do you break things down to and label it as to what should happen to each server and where it should reside, e..g Azure.

Thanks for any information you can provide.
Dear Experts

while implementing CRM/ERP what exactly meant by  software requirement specification( SRS), what is next step is it functional requirement design and then technical specification, can you please help to understand each of these and which comes first, thanks in advance.
I have a powershell script designed to create a local admin account. I have been trying to edit the PS script so that i dont have the password in plain text. I have created a password.txt file and a password.key file on a shared network drive open to everyone. Here is my script, i am doing something wrong. Can someone help me fix it.

Start-Transcript -Path "C:\temp\addlocaladmin.log" -NoClobber
Set-Executionpolicy -Scope CurrentUser -ExecutionPolicy UnRestricted

<#This works great but password is clear text
$Password = ""
$secureStringPassword = ($Password | ConvertTo-SecureString -AsPlainText -Force)#>

$password = Get-Content \\FILE1\$3ncrypted\password.txt | ConvertTo-SecureString -Key (Get-Content \\FILE1\$3ncrypted\password.key)
$credential = New-Object System.Management.Automation.PsCredential("TP-Admin",$password)
New-LocalUser "TP-Admin" -Password $password -FullName "TP-Admin" -Description "Local Admin Account for Intune Managed Devices"
Add-LocalGroupMember -Group "Administrators" -Member "TP-Admin"

Open in new window

Can someone tell me what i am doing wrong and how to fix the code?

I am getting this error message. I verified i have access to the UNC path.

Does someone have a policy statement or can direct me to one for Wifi.  My company has internal wi fit, staff that travels so airports, starbucks, bars (!).  What should be telling them.  So far, we have said avoid any wifi with no password protection is a no. I rush off the plane and check my email and before you know it, I have been on the airport wi fi (no password) for an hour.  Executives pay for access on the plane, is that safe?

I have a column that has listed all OUs of my company. I want to delete everything to the left of OU=Disabled. What excel function/code can i insert to make this happen? Ultimately i want it to look like the bottom 3.

Steve test2,OU=Disabled,OU=Users,OU=Contoso_Users_and_Groups,DC=Contoso,DC=net
Barreca - Consultant\,Sal,OU=Disabled,OU=Users,OU=Contoso_Users_and_Groups,DC=Contoso,DC=net

Open in new window

I am looking to create a script that will take all users from the disabled OU  and remove all AD group memberships minus domain users so that it doesnt throw an error.
Would this work?

$OUpath = "OU=Disabled,OU=Users,OU=Park_Users_and_Groups,DC=park,DC=net"
$disbaledUsers = Get-ADUser -Filter * -SearchBase $OUpath

foreach ($disableduser in $disabledusers)

Remove-ADGroupMember -Identity *


Open in new window

Trying to put together a script that i can run as a daily scheduled task to automate moving Disabled Objects in our OU to the disabled OU.  I put this together but its not working. Can you please help rewrite the script so that it makes sense.

$DisabledUsers = Get-ADUser -Filter * -Property Enabled | Where-Object {$_.Enabled -like “false”}

$DisabledUsers |
Select-Object SamAccountName |
Get-ADUser |
Move-ADObject -TargetPath $TargetOU

Open in new window

I have created a Powershell Script that will search for all Account Managers in our company and then adds then to particular Security Group.

Get-ADUser -Filter {description -eq 'ACCTMGR - Account Manager' -and Enabled -eq $True} | export-csv c:\active_account_managers.csv
Import-CSV c:\active_account_managers.csv -Header SamAccountName | ForEach-Object {Add-AdGroupMember -Identity "Powerbi_All_AM" -members $_.SamAccountName}

Open in new window

How can i then add a line of code to this script that will go out and search ALL account managers who are no longer Active and remove them from the group "Powerbi_All_AM"?

Maybe doing something like this...

#This will both add users who are newly onboarded account managers and remove any that have been offboarded i think
Get-ADUser -Filter {description -eq 'ACCTMGR - Account Manager' -and Enabled -eq $True} | export-csv c:\active_AMs.csv
Import-CSV c:\active_AMs.csv -Header SamAccountName | ForEach-Object {Add-AdGroupMember -Identity "Powerbi_All_DM" -members $_.SamAccountName}

Get-ADUser -Filter {description -eq 'ACCTMGR - Account Manager' -and Enabled -eq $False} | export-csv c:\offboarded_account_managers.csv
Import-CSV C:\offboarded_account_managers.csv -Header SamAccountName | ForEach-Object {Remove-AdGroupMember -Identity "Powerbi_All_AM" -members $_.SamAccountName}

Open in new window

Would that work? And is spaces between both lines of code ok or do they all need to be under each other?
I am trying to put together a PS script that will search my entire user database and find all users who's description match this exactly "ACCTMGR - Account Manager" but filter out all Users who's Enabled Property is True. In other words only search users who are active and not disabled.

I have tried the following script but something is wrong with it. Can anyone help me fix it please.
Get-ADUser -Filter {description -like 'ACCTMGR - Account Manager'} | Where-Object {$_.Enabled -eq True}

Open in new window

Then ultimately i want to take all of these users "Account Managers" and add them a Distribution List
I have a SQL 2014 server that I am trying to configure to send mail via O365.  We just recently moved from an on-prem Exchange 2010 server to O365, and was able to easily send email from SQL2014.  However, now I am unable to send any mail via O365 even though I have all the correct O365 user profile settings.  O365 support indicated the issue pertains to a SQL permissions issue of which I have not been able to locate.

I setup the SQL Mail Profile as follows:

SQL 2014 DB Mail Profile Config  

When I try and send a test email I see the following failure message in DB mail log file:

 SQL 2014 DB Log Failure Message
Hi Experts,

My PC (Win7. Pro) is running very slow at start, it could take up to 15 minutes to have it up and running after I shutdown.
I have checked memory and CPU usage while its restarting and don't see that high numbers, not sure what is causing such,,,
See attached.

For IT audit purposes, what are some of the questions that an auditor should ask
during the audit interview especially for Cyber, IT Infra, End-user computing  audit?

What are some of the open-ended question like "Can you describe your
network architecture", "what's your patch procedure/policy like", "what are
your perimeter & endpoint defenses" ...  <pls add on>.

Presume auditors should start with such open questions first before going
into more targetted questions?

What are some of the more targetted questions?  
Eg: "how long is your backup retention for DB,  logs, ...", "share some of
      the recent patch logs", ...<pls add on> ...
Referring to attached response from MS which says we need to buy Azure licences for
each user that uses inTune.  However, as we're on O365 E3 subscription, isn't inTune
a free bundle (which an MS reseller earlier advised is bundled free) as shown below:


We have presented to the board that we're remediating an audit finding
for remote wiping of mobile phones using iTunes but at this late stage, the
reseller quoted the attached from MS.

On the other hand, link below indicates inTune is being deprecated or I
read it wrongly?
I have a CSV File or Text File for 100s of Users in my environment. I would like to develop a script that would take each UPN on that column and give me back the data in the Attribute "Description" of that object which is where we put the users Title. Can anyone help?

$Users = Get-Content C:\users_upn.txt >>>>Give me back the data in the attribute field " Description" for each user. Write that data to a text or csv file.

I have a list of users but want to add their Titles to that spreadsheet and that data is stored in the "Description" attribute field.

Powershell Script Request. - Bulk Enable Archival (Office 365)

Im trying to setup a script that will do a fore each loop that will take CSV file that has a heading of UserPrincipalName of a list of 100s of F1 Licensed Users. i am trying to enable archival for all those users listed. I tried to get this started. I know that the command to enable archival is the following:

 Enable-Mailbox -Identity $usernames -Archive

So i started by trying to put the scrip together myself but i am kindve stuck. Not sure how to pass the object.

$usernames = Import- csv .... $_.UserPrincipalName

 foreach ($username in $usernames) {
   Enable-Mailbox -Identity $usernames -Archive

Now I'm not 100% sure here that  -identity even takes the UPN, will have to research that. can anyone help?

Let me start by saying we are a hybrid environment and i have been tasked with opening new sites for my company in SharePoint. I am fairly new to sharepoint. I have had no issues following the company SOP for creating new sites on our sharepoint environment for 8 months now without having any issues. All the sudden in the last few sites ive created i have had errors popping up that i have no idea how to fix. I believe we are on Sharepoint Online 2016 but not certain. Please see attached errors. I have tried to recreate several times. I believe this site/page was created before but then closed. I think i have to completely delete the old site but i dont even know how to do that. I went to the provisioning page and thought i deleted the old site then tried to recreate it but still errors out. Can i have help please. I tried using powershell but i think i need the right module loaded to access sharepoint online but was unsuccessful to loading the modules to run (Remove-SPSite -Identity) but get The term 'Remove-SPSite' is not recognized as the name of a cmdlet. Any help would be greatly appreciated.

Is there a way to change this local admin script so that the password is not in clear text but rather a hash or more secure? So for Example if my default local admin password is Welcome1$ and i want to keep it that way but yet not show this in clear text how can i alter this script to change that? I am planning on pushing this script via Intune to all my newly enrolled machines.

$Username = "Admin"
$Password = 'Welcome1'

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add

else {
    Write-Host "Setting password for existing local user $Username."

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE

Open in new window


IT Administration





IT Administration is the processes and best practices for programming and development, and incorporates methodologies for managing activities and projects. Common methodologies include waterfall, prototyping, iterative and incremental development, spiral development, rapid application development, extreme programming and various types of agile methodology. The life-cycle "model" is a more general term for a category of methodologies, and a software development "process" a more specific term to refer to a specific process chosen by a specific organization.