Wednesday, March 25, 2015

Change AD Group membership for multiple Users using Powershell

You can download my script from technet.

- Requirements:
You have to create c:\ADUser.csv looking like this:


Also edit the marked groups in the script matching to your environment. You can extend this as needed.
# Add the specified users to the groups "Petun" and "Petun2" in AD
Add-ADGroupMember -Identity Petun -Member $User.username
Add-ADGroupMember -Identity Petun2 -Member $User.username

Windows Server 2012: The remote session was disconnected because there are no Terminal Server client access licenses available for this computer

If you try a RDP connection you get the following Error message.
 

It could be the case, that no license is available:
So you have to add the needed license to you RD Licensing Server!

If this server isn´t a terminal server you have to run the RDP console with the following parameter:
mstsc /admin

OR->

You can also disable "User Account Control: Run all administrators in Admin Approval Mode" by doing the following steps:

- Open "Search" and type in "secpol" and click on "Local Security Policy"
 

- In the "Local Security Policy" browse to "Local Policies/Security" options and set "User Account Control: Run all administrators in Admin Approval Mode" to "Disabled".



After this change restart the server.

Monday, March 23, 2015

Backup All GPOs using Powershell

I uploaded a new script to backup all GPOs and the Scripts folder located in th sysvol share.
It will be saved to a server in a folder named as the current date.


- Run this script using a schedule task

Open the Task Scheduler on your server.

Right-Click on "Task Scheduler Library" and select "Create a Basic Task".

Define a Name/Description, Trigger...

On the "Action" section you have to select Start a Program and enter the following options.
Program/script: powershell
Add arguments (optional): -file "C:\admin\Scripts\GPOBackup\GPOBackupV2.ps1"

On the "Finish" section checking "Open the Properties dialog for this task when I click Finish" and click "Finish".

To run whether user is logged on or not, select the option in the General tab, click ok and enter credentials.

- Import GPO Backups
To import the backed up GPOs you can use the GPMC:
Right-click "Group Policy Objects" and click on "Manage Backups..."
or using the Powershell command import-gpo:

Monday, March 9, 2015

Windows Server Service Monitroing via E-Mail notification

Save the following powershell script to your server. Edit the underlined values matching to your environment.


 function sendMail{

     Write-Host "Sending Email"

     #SMTP server name
     $smtpServer = "smtp01.domain.com"

     #Creating a Mail object
     $msg = new-object Net.Mail.MailMessage

     #Creating SMTP server object
     $smtp = new-object Net.Mail.SmtpClient($smtpServer)

     #Email structure
     $msg.From = "server01.edomain.com@domain.com"
     $msg.To.Add("serveradmin@domain.com")
     $msg.subject = "server01 - ServiceX stopped"
     $msg.body = "ServiceX stopped on server01. Please check the server state."

     #Sending email
     $smtp.Send($msg)

}

#Calling function
sendMail


After that open the services.msc and browse to the service you want to monitor. Right-click the service, select "Properties" and click on the "Recovery" tab. On the third drop-down menu select "Run a Program" and select the saved powershell script.

WSUS Console Database Error after you start the Cleanup Wizard

This is caused because the partition doesn´t have enough diskspace.

I will show you how to solve this error doing the following steps.



- Stop UpdateService

- Cleanup some update files located in WSUSContent ( It must be enough , so a log file for the cleanup could be created on the WSUS partition. In my case the log file was about 2 GB)

- Start UpdateService

- Run the Cleanup Wizard

- After this run the following command:
C:\Program Files\Update Services\Tools>wsusutil.exe reset

The command "wsusutil.exe reset" tells WSUS to check each update in the database, and verify that the content is present in the WSUSContent folder. As it finds that the content is not present in the folder, it executes a BITS job to download the content from Microsoft. This process takes quite a bit of time and runs in the background.


How do you know when the process is complete?

The size of the WSUSContent folder is no longer growing, but to be sure check the SoftwareDistribution.log.

C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log

If you start the "
wsusutil.exe reset" command, you should see a line towards the bottom of the log which looks like this:

WsusService.14  ExecutionContext.runTryCode     State Machine Reset Agent Starting
... after a while you should see this-> ...

WsusService.14  ExecutionContext.runTryCode     State Machine Reset Agent Finished