Skip to main content


Showing posts from 2014

PowerShell: Retrieve site location of computer object

This is a nice find that I am cataloging from Shay Levy. You can get the site location of a computer if you run this PS script on the computer itself. [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name   It’s effectively the same as using NLTEST. nltest /dsgetsite   I had intended to use it with Compliance Settings but the compliance rules limitations made it a impractical. Still going to be useful for other stuff. If you want remote options, read more about it at the original post: #PSTip Get the AD site name of a computer .

Preparing for the End of Windows Server 2003

It’s a little embarrassing, or maybe I should say lucky, that somehow I hadn’t the need to review the changes to the dynamic port range assignments. I say it that way because the range wasn’t something that recently changed. By recent, let’s call it 2012. No, in fact, it goes back to 2008. Microsoft changed the dynamic port range to comply with IANA recommendations effectively moving the range:   From To Old 1025 5000 New 49152 65535   SYMPTOMS The troubles you’ll find with this kind of change usually won’t present itself until you try to restrict it somehow. This issue was noticed when domain controllers were upgraded to 2012. The version previous was 2003. :-| The kinds of issues witnessed appeared all over the place, compounded with confusion since the issues weren’t well captured or documented during troubleshooting. Here’s what was seen along with the corresponding error messages: Failure to connect to a share Windows cannot access <share> The

boosting the powershell ise with ise steroids

Ever since the PowerShell ISE was released, I slowly moved away from using some of the other things I was pretty fond of like PowerShellPlus and PrimalScript. It’s mostly because it’s super convenient. Along came ISE Steroids. I can’t really speak to 1.0 since I just started on 2.0 and just started very recently, actually. So far, I’m pretty impressed. The best part of using it, is it doesn’t force the convenience factor to change at all. Installing it is as simple as unzipping the files to your module path ($env:PSModulePath -split ';'). After that, you launch it with Start-Steroids. That gives me the convenience of using the plain ol’ ISE or switching into a hyper-capable ISE. I’ve only begun scratching the surface of its capabilities though here are some things I’ve been using so far: VERTICAL ADD-ON TOOLS PANE Help. I love this feature. Anything I click on in a script, the help add-on will attempt to look up and present relevant information. Variables. This is anothe

Using NETSH to Capture Packets

Outages . Aside from the massive pressure of having to restore service, they can be pretty useful to learn new things. One recent discovery that was news to me is that you can use netsh to capture network traces. It appears on modern-ish operating systems (Windows 7/Windows 2008 R2 and above) you no longer need to install your favorite packet tracing application to capture packets. Who doesn’t like to cuddle up with a nice packet trace, eh? Obviously if you’re on a desktop OS, you should just load packet capturing utility of choice (and it had better be Network Monitor if you intend to open the .ETL trace ) -- unless you like to read it in some other way. That would mean your skillz are simply amazing and are wasting your time here! RUNNING A TRACE The most basic way to start and stop a trace is by performing the following commands: As you can see, netsh displays the trace configuration as well. It’s not the full configuration of defaults though. netsh trace start capture=ye

Microsoft Most Valuable Professional (MVP) 2015

Hello everyone. I received the news today that my MVP award has been renewed. I feel privileged to receive such a distinguished honor in company with some of the brightest minds in technology. Congratulations to all of my fellow MVPs who were also renewed today. It is with great pride we announce that Marcus Oh has been awarded as a Microsoft® Most Valuable Professional (MVP) for 10/1/2014 - 10/1/2015. The Microsoft MVP Award is an annual award that recognizes exceptional technology community leaders worldwide who actively share their high quality, real world expertise with users and Microsoft. All of us at Microsoft recognize and appreciate Marcus’s extraordinary contributions and want to take this opportunity to share our appreciation with you. With fewer than 4,000 awardees worldwide, Microsoft MVPs represent a highly select group of experts. MVPs share a deep commitment to community and a willingness to help others. They represent the diversity of today’s technical communities.

atlanta systems management user group 10.03.14

I cannot honestly believe it’s already time for our user group meeting. It’s one week from now. It’s kind of crazy how fast time goes by. It’s also a lot more effort to put these together than you would expect. So for that, I am grateful to all of the folks that help keep this going, all of the sponsors that help keep us eating, our perpetual sponsors that give us lots of great giveaways and benefits, all of the speakers that bring great content, and all of the people, like you, that come share your knowledge. At our last user group meeting, we took an opportunity to use the space in the MTC side of the Microsoft office. What we discovered was the interaction was entirely different than the classroom spaces. It provided a better environment for interaction which is ultimately what we’ve always strived for -- networking, meeting your peers in the industry, and sharing knowledge. That’s the benefit of tying into a user community. You grow your access to knowledge exponentially. Shavli

powershell: limitation on retrieving members of a group

If you have large group memberships, you might have already run into a limitation with Get-ADGroupMember where the cmdlet will fail with this message: get-adgroupmember : The size limit for this request was exceeded At line:1 char:1 (Don’t believe me? Go ahead; try it. I’ll wait.) It seems the limitation comes up when you query a group with more than 5000 members. The easiest way to get around this would be for Microsoft to come up with a switch that let’s you set the size limit. That’s probably also the longest wait. :) Not to worry, there are ways to get around it.   Get-QADGroupMember . Remember this cmdlet? It’s a part of the Quest AD cmdlets. Of course, Quest no longer exists after being gobbled up by Dell so your mileage may vary. It does include a –SizeLimit switch so you can merrily bypass the limitations with it. Get-ADGroup . If you query the group for its member property and expand it, you can get around the size limit. Here’s how it’s done: Get-ADGroup myLargeGrou

powershell: reset user password

UPDATE: screwed up the last one. corrected. :o)   things to remember when resetting account passwords. prompted (displays old, new password dialog) Set-ADAccountPassword userid unprompted (yeah, i don’t know why i’d choose this one, honestly.) Set-ADAccountPassword userid -OldPassword (ConvertTo-SecureString -AsPlainText “myoldpassword” -force) -NewPassword (ConvertTo-SecureString -AsPlainText “mynewpassword” -force) administrative reset (don’t know the old one, setting it for someone else) Set-ADAccountPassword userid -Reset -NewPassword (ConvertTo-SecureString -AsPlainText “mynewpassword” -force)

powershell: converting int64 datetime to something legible

i find that i’m constantly converting AD datetime fields from something that looks like 130552642641560221 to something that looks like 9/15/2014 10:17:44 AM . i don’t know which you prefer, but to me, the second output is the one that most people won’t complain about when i give it to them. over on i found this post that wraps it up pretty nicely. so, let’s say you want to look at the lastlogontimestamp attribute of a user named marcus . here’s a typical command that would show you the output: get-aduser marcus -properties lastlogontimestamp | select lastlogontimestamp bam. you get the int64 value. personally, i get lost counting nanoseconds* after i exhaust what i can count on both hands. if you’re like me, you can convert this handily to a readable datetime format like this: get-aduser marcus -properties lastlogontimestamp | select @{ n= 'llts' ; e={[datetime]::fromfiletime($_.lastlogontimestamp)} } we’re just creating an expression in the hash t

enabling deduplication on unnamed volumes (and other stuff)

it dawned on me the other day that while i had enabled deduplication on my office computers, i never did enable it at home. back when ssd was very expensive, i had managed to get a very small drive (64gb.) well, it proved to be too small to be useful. i ended up replacing the optical drive with a secondary hdd. it runs out of the optical chassis so it spins slower. it did it’s job though – which was to provide more space for not often accessed things. cool. i ran into a couple of things while toying around. in case you didn’t know you could, windows 8.1 will support deduplication. you just have to get the binaries on to the os . once you install it and enable the features, you need to get into powershell to turn stuff on. so, here’s a primer on getting all the deduplication commands: gcm *dedup* | gcm –module deduplication (both work) CommandType     Name                            ModuleName   -----------     ----                            ----------   Function        Disable-Ded

dns resolver behavior

i had an occasion to have to look up windows client behavior when it came to dns. specifically, i wanted to know how the client behaves when the primary name server is offline. before i had to fire up packet trace and check for myself, i stumbled on a couple of useful articles that spell it out. UPDATE: had a conversation with a talented linux dns guy and discovered a few more useful things to note. dns client resolver behavior dns client resolution timeouts dns forwarders and conditional forwarders resolution timeouts in summary, it works as follows: dns query sent to preferred if no response within 1 second, dns query sent to alternate if no response within 1 second, dns query sent to preferred again if no response within 2 seconds, dns query sent to preferred and alternate if no response within 4 seconds, dns query sent to preferred and alternate again if no response within 7 seconds, process times out   something to note for linux systems, these appear to be default val

troubleshooting wmi…

this exhaustive series on troubleshooting wmi from the ask the performance team blog is too good to pass up. use of wmi is pervasive, guaranteeing that just about all of us have run into wmi issues at some point or another. if you haven’t yet, it’s only a matter of time. might as well do your homework. here are the topics the series will be covering: WMI: Common Symptoms and Errors WMI: Repository Corruption, or Not? WMI: Missing or Failing WMI Providers or Invalid WMI Class WMI: High Memory Usage by WMI Service or Wmiprvse.exe WMI: How to troubleshoot High CPU Usage by WMI Components WMI: How to Troubleshoot WMI High Handle Count   i’ve blogged a few times about wmi myself:

misc: flying with cortana

if you’re a windows phone 8.1 user, you’re probably in love with cortana already. she is a fantastic organizer! despite all that, sometimes, she fails to understand your flight itinerary, especially on multi-leg flights. she might capture just one leg of the flight. so how do you fix? i looked for a way to do this but wasn’t able to find any well-documented procedures, so here’s my shot at it. have cortana search for the flight information. in my test, i’m using aa1947 as an example. click the Show AA 1947 updates link. this will add it to your itinerary. if the date isn’t right, don’t worry. you can change it. switch over to the interests section. under travel, you should be able to find your flight information. click on it. under the Flight date section, simply choose which date you’re interested in. now cortana will track that flight for you.

misc: cool things about onenote

onenote has been my constant companion for many years now. between onenote and outlook, i can’t think of very many things that can’t be effectively managed, tasked, or tracked -- at least from a day-to-day perspective. i found some pretty cool things about onenote recently that i thought i’d share: subpages and onetastic.   SUBPAGES for those of that don’t know, i’m an avid pool player. naturally, since i use onenote, i’m a pool player that likes to keep a lot of notes about billiards as you can see in the screenshot. the first thing i want to point out is onenote allows the use of subpages. i went for far too long without knowing that. if you look at #1, you can see how onenote looks when you collapse subpages. #2 is the expanded view. once you collect your pages as subpages, it makes managing them easier since you can work with them in bulk (move, copy, delete, cut, etc.) to create a subpage, right-click the page tab and choose make subpage. the shortcut trick to make or promote

System Center Configuration Manager 2012 Cumulative Update 2

i thought i’d type it all out just to see how long that title would be. crazy. well, if you haven’t heard, CU2 is out for ConfigMgr 2012. here’s three related posts of interest if you’re going to start looking down this path: KB: Description of Windows PowerShell changes in Cumulative Update 2 for System Center 2012 R2 Configuration Manager HOTFIX: Cumulative Update 2 for System Center 2012 R2 Configuration Manager is now available HOTFIX: Cumulative Update 2 for the ConfigMgr 2012 R2 Clients for Linux and Unix is now available

excel: my first use of power query (and i love it)

let’s face it. if you’re a techie and you don’t use excel, you are not peeking out your geeking out. :o) i use excel for a number of different things. it’s a really powerful program which can handle doing much more than figuring out how much i’ve spent on lunch over the last three months. at teched, i got my first taste of power query during some of the hands-on-labs (available online for free now.) something came up recently that gave me a chance to explore it a bit more to see its value. let’s explore a scenario where your organization is absorbed or is absorbing another organization. after a domain migration, human resources decides they want to start over with new employee IDs.   SCENARIO HR provides you with a file claiming it has all the information you need. (and clearly, you’ve no reason to doubt their claim.) upon examining you file, you notice that the only thing in the file is a column with the old employee ID and a column with the new employee ID. drawing from your hi

misc: power savings problem with snagit 12

I have been a fan of snagit for very long time now. when I saw snagit 12 was released, I had to get my hands on it! as a mvp , one of the many benefits you get is nfr (not for resale) licenses for a lot of different software by a lot of vendors. I won’t pretend there was some immediate correlation I drew to the problem I started having after installing snagit. it wasn’t something immediate or evident. my monitors will go into low power mode after 10 minutes of inactivity. I noticed after coming back to my desk several times that it wasn’t happening anymore. I checked all my power settings to make sure nothing changed. everything looked fine. I recalled at some point that powercfg was a utility I had seen and played with some while back that could be useful in narrowing down where the issue might be.   LOOKING FOR THE CULPRIT the first thing I did (other than figuring out how to use the tool) was run an energy report. powercfg /energy /output "energy.html"   with

atlanta techstravaganza 06.06.2014

did you save the date? well, it’s not too late! what is atlanta techstravaganza you ask? it’s a yearly group meeting where atlanta systems management user group , the atlanta powershell user group, and the atlanta windows infrastructure and virtualization user group come together for a gigantic event. we have three tracks running concurrently providing information from topics on system center, powershell, and windows server. along with that, we have a BYOD hands-on lab. along with great content, networking opportunities, and free food, we always end the event with some great giveaways. we’ve moved locations this year from the microsoft alpharetta campus to the georgia tech research institute. while we love and appreciate what microsoft does for us, their campus size was unfortunately limited to 100 people. at GTRI, we have doubled the capacity! having twice the space doesn’t mean you should wait. seats will go fast, and as in previous years, we are likely to completely sell out. co

managing local admin passwords

one of the missing features that gives some windows administrators (and ALL security administrators) heartburn on the windows desktop platform is the lack of built-in controls to manage local passwords. group policy preferences was one of the ways you could get around this problem, but as you probably already know, it was quite insecure and recently addressed by a security update. okay, so where does that leave us? recently, tom ausburne wrote this bang up article which goes into quite a few things, like the insecurity of group policy preferences, the jiri method, and pass the hash. it’s definitely worth the read and provides all the steps necessary to set up the jiri method in your environment. so what’s this jiri method? it basically changes the local admin password to something random and stores the value in AD. the disclaimer is that the password is stored unencrypted in clear text. tom’s article goes a bit into protecting the attribute (a concept called confidential bit.)   h

03.28.2014 atlanta systems management user group

it’s been awhile. you guys ready to meet up again? bluestripe, if you recall from system center universe 2014, offers a really compelling way to use opsmgr 2012. it’s magic! they also happen to be sponsoring our event! pretty exciting. topics will include security compliance manager, configuration manager, operations manager, and azure. got all the details over on , including our schedule, speakers, and registration link. the link is a little bare right now but will be filled out soon. please do register so we know how much food to get. looking forward to seeing you there, fellow geeks. click HERE for the event post.

compact headers in outlook 2013 sp1

i nearly missed this new feature, confusing it with how the usual ribbon bar folds and unfolds. have you made the switch yet? if not, allow me to illustrate. here’s the old, massive, gigantic header in outlook 2013.   and now, after sp1…   to each their own, i guess… but i really do prefer this new compact view. flip it on or off using the button indicated above. more information about it is available on the office blog .

configuration manager support center

this tool kind of came out of the blue. it’s pretty cool though! the next time you’re on the phone w/ premier, don’t be surprised if you’re asked to use it for log gathering. in order to get the tool, you will have to join the configmgr open beta community. here’s the link for the file: after the installation, you’ll have two programs you can use, the support center utility and the support center viewer. since the viewer is really just designed to open up archive bundles, we’ll skip that. support center has some very cool things you can do (much of it you can find in client center, though) and works locally and remotely. looking across the ribbon, you will find the following areas: data collection: where you go to do exactly that. you can pick which data elements you want to collect. it grabs a lot of good stuff – logs, policies, certs, configuration data, registry, wmi info, du

system center universe 2014

if you are in the system center space, you know about SCU from the past successful events… and most likely know about the 2014 date. it all happens 1/30/2014. for those of you in the atlanta area, ATLSMUG is hosting a viewing party if you’d like to come watch it with us. get all the details at . while you’re there, check out the oppressive theme music for sc-uminator . Atlanta, GA Microsoft Office 1125 Sanctuary Pkwy Alpharetta, GA 30009 Register don’t worry. if you can’t make it in person, you’ll be able to watch it online. if you come out though, we’ll feed you breakfast, lunch, and snacks. here’s the agenda (CENTRAL TIME) of what you can expect to see: 7:00am - 8:00am Registration 8:00am - 8:10am Welcome - Your Emcee, Cameron Fuller, MVP 8:10am - 8:55am Become the Hero of the Day - Master ConfigMgr 2012 R2 with a Limited Budget and Free Community Tools Presented by Kent Agerlund No doubt that Configuration Manager 2012 R2 is a very powerful pro

sccm: ccmmigratepolicysettingsinit returns code 1603 during pull dp installation

as i sat down to write this, I realized a fellow mvp, alex zhuravlev, wrote about a very similar thing which is corrected by the same fix. it’s posted here if you’d like to read it: recently, we started deploying pull DPs out to our regional locations. one of my engineers indicated that we were having issues where the DPs appeared to be in a waiting for content state. we narrowed the issue down to an error that popped up in the pulldp_install.log file. the end of the installation exits in 1603, which i’m sure you know is a very vague error. going backward in the log file, we spotted an where the originating 1603 was logged. here are the log lines: 1: Getting settings from WMI and storing in <Program Files>\SMS_CCM\polmig.mof 2: CustomAction Ccm