New PowerShell Program

So the other day I was at work and was wondering if there was a way to check all the PC's on the network and find out when the last time they were active.

I then began to write something in PowerShell. I also wanted the Computer name and the last user who was logged into the PC. Just to make a list of older PCs on the network, and users we need to clean up in AD.

Using AD, I could get most of the information I needed, and then using SSH to reach out to every PC and update the latest information. How it would work is it would ping the pc to see if it was active, then using SSH to get the information I wanted. I also wanted it to be placed into a spreadsheet to be able to send it to the Sys Admins.

Now, to use this, you will need to run PowerShell as an administrator.

Here is the code

$computers = Get-ADComputer -Filter * -Property Name, LastLogonTimestamp

$results = @()

foreach ($computer in $computers) { $compName = $computer.Name $lastLogon =[DateTime]::FromFileTime($computer.LastLogonTimestamp)

Write-Host "Checking $compName..." -ForegroundColor Cyan

# Set a default value

$lastUser = "Unknown or Offline"

# Try to ping and connect if the machine is online

if (Test-Connection -ComputerName $compName -Count 1 -Quiet) { try {

# Try to grab the last logged-on user

$sysInfo = Get-CimInstance -ClassName Win32_ComputerSystem -ComputerName $compName

$lastUser = $sysInfo.UserName $model = $sysInfo.Model } catch { $lastUser = "Access Denied" } } else { $lastUser = "Offline" }

$results += [PSCustomObject]@{ ComputerName = $compName LastLogonToAD = $lastLogon LastLoggedInUser = $lastUser SystemModel = $model } }

Display

$results | Sort-Object LastLogonToAD -Descending | Format-Table -AutoSize

Optional: export to CSV

$desktop = [Environment]::GetFolderPath("Desktop") $path = Join-Path -Path $desktop -ChildPath "PC_LastLogonAndUser.xlsx"

$results | Export-Excel -Path $path -AutoSize -BoldTopRow -Title "PC Last Logon and User Report" -WorksheetName "Report"

Powershell: Real-Time Check of Domain Server's Uptime

There are lots of methods available to server administrators for checking the last reboot time of Windows machines. One of the quickest and most useful continues to be provided via Microsoft’s super CLI, Povershell. $ErrorActionPreference = “SilentlyContinue” $Servers = Get-ADComputer -Filter ‘Operatingsystem -Like “*server*”‘ -Properties dnshostname|     Select-Object dnshostname…

Windows - Force a Remote Group Policy Refresh with GPUpdate

A few days ago we published an article explaining how to disable file copy through RDP using Group Policy for all the Windows clients within the same Active Directory forest. In this post we'll briefly explain how we can force an update of those Group Policies - as well as any other Group Policy which has been globally set up at the Domain Controller level - on any single Windows client machine using either the Group Policy Management Console (GPMC), the GPUpdate command-line tool or a single Powershell script.

Introduction

In a typical Windows Server environment the Group Policy settings can be refreshed in the following ways: Using the GPUpdate command-line tool from any Windows Client Machine: such tool can be effectively used to refresh the Group Policy of a single computer. Using the Invoke-GPUpdate Windows PowerShell cmdlet to refresh Group Policy for a given set of computers, including computers; such method is great to refresh the Group Policy on multiple clients at the same time, including those that are not within the OU structure (such as the clients located in the default computers container); it's also very versatile, since it can be launched from the client machine (local update) or from the domain controller (remote update). Using the Group Policy Management Console (GPMC) to globally refresh all computers in an organizational unit (OU) from one central location. This is the way to go to refresh the Group Policy on all clients using a remote update strategy, thus mimicking the most powerful behaviour of the aforementioned Invoke-GPUpdate cmdlet. In the next paragraphs we'll see how we can effectively use those three methods to achieve our desired result.

GPUpdate.exe (CMD)

The GPUpdate command-line tool is what we should use whenever we need to refresh the Group Policy on a single Windows client machine. To use it, perform the following steps: Open a command-line prompt (with administrative rights) Type the following command: GPUpdate /force That's it.

For additional info about such method, take a look at the Force a Remote Group Policy Refresh (GPUpdate) post from Microsoft docs.

Invoke-GPUpdate (Powershell)

The Invoke-GPUpdate Powershell cmdlet is the way to go when we need to issue or schedule a remote Group Policy refresh on one or multiple computers from the Domain Controller (instead than doing that from the client machine like the previous method allowed to). Here's how the cmdlet can be used to refresh the Group Policy on a single remote computer: Invoke-GPUpdate -Computer "CONTOSO\COMPUTER-02" -Target "User" The Invoke-GPUpdate Powershell cmdlet can also be used to refresh the Group Policy for all the computers in the container. However, in order to do that, we'll also need to use the Get-ADComputer cmdlet to obtain the list of computers in the Computers container: once we do that, we can supply the name of each computer that is returned to the Invoke-GPUpdate cmdlet. Here's a working example that will force a refresh of all Group Policy settings for all computers in the Computers container for the Contoso.com domain: Get-ADComputer –filter * -Searchbase "ou=Accounting, dc=Contoso,dc=com" | foreach{ Invoke-GPUpdate –computer $_.name -force} Needless to say, the Invoke-GPUpdate cmdlet can also be used to refresh the Group Policy from the Windows client, thus mimicking the same behaviour of the previously metnioned GPUpdate.exe command-line tool. To use it in such way, just execute the cmdlet without parameters in the following way: Invoke-GPUpdate For additional info about the Invoke-GPUpdate cmdlet, refer to the Invoke-GPUpdate guide from Microsoft docs.

Group Policy Management Console (GPMC)

Last but not least, let's see how we can take advantage of the Windows Server Group Policy Management Console (GPMC) to issue a Group Policy refresh for all the client registered within the Organizational Unit. Launch the Group Policy Management Console (GPMC). In the GPMC console tree, locate the OU for which you want to refresh Group Policy for all computers. It's worth noting that Group Policy will also be refreshed for all computers that are located in the OUs contained in the selected OU. Right-click the selected OU, and click Group Policy Update. Click Yes in the Force Group Policy update dialog box. Performing the above tasks will have the same effect of running GPUpdate.exe /force from the command line on all the Windows clients individually.

Conclusions

We hope that this tutorial will be useful enough for those System Administrators who are looking for a way to locally or remotely force the update of the Group Policy of their Windows clients.   Read the full article

PowerShell: Check computer last logon date

PowerShell: Check computer last logon date

In a recently closed ticket, I had specified that the solution would be automatically applied upon reboot of a computer. As so often happens one of the twenty or so users affected by the solution emailed to say that it didn’t work. Having dealt with said user before, I had a hunch that they hadn’t actually read the solution text, and wanted to see if I could find out when the computer had last…

View On WordPress

Get-ADComputer with better out-file formatting

Get-ADComputer with better out-file formatting

I’m trying to get a quick list of all ADComputers within some specific OU’s in a text file so I can store it as a variable for later use with Get-Content Powershell Get-ADComputer -Filter * -SearchBase “OU=Offices1,DC=contoso,DC=com” -SearchScope 2 | format-table -Property Name | out-file “C:ALLCLIENTS.txt”; Get-ADComputer -Filter * -SearchBase “OU=Offices2,DC=contoso,DC=com” -SearchScope 2 |…

View On WordPress

Pull computers from AD with powershell

Get-ADComputer -Filter * -properties *|select Name, DNSHostName, OperatingSystem, LastLogonDate

How to Find Inactive Computers in Active Directory Using PowerShell

How to Find Inactive Computers in Active Directory Using PowerShell. To identify inactive computer accounts, you will always target those that have not logged on to Active Directory in the last last 90 days. To accomplish this goal, you need to target the LastLogonTimeStamp property and then specify a condition with the time as shown in the following PowerShell commands: $DaysInactive = 90 $time = (Get-Date).Adddays(-($DaysInactive)) Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties Name, OperatingSystem, SamAccountName, DistinguishedName If you wish to search computer accounts that have been inactive for more than 90 days, all you need to do is modify the $DaysInActive variable value. The current value is set at 90 days; however, you can specify your own value. To export output to a CSV file, add the Export-CSV PowerShell cmdlet as shown in the following command: Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties Name, OperatingSystem, SamAccountName, DistinguishedName | Export-CSV “C:\Temp\StaleComps.CSV” –NoTypeInformation Read the full article

SCORCH : Active Directory Cleanup with Orchestrator

Active Directory Cleanup Runbook Automation

6 runbooks – 5 are functional workbooks and 1st runbook calls the rest in sequence.

Download the Powershell Scripts – ad cleanup runbook ps

  Runbook 1 – AD Cleanup

The Master Runbook – which triggers every 7 days 16 hours – call the 5 runbooks and they a ‘wait for completion’ before starting the next runbook.

    Runbook 2 – Scan and Dump List

Powershell script which scans Active Directory [admin rights not required], check machines which are inactive for 180 days and machine should not be disabled – Operating System = WinXP, Win7 or Win10.

C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe {import-module activedirectory

$DaysInactive = 180

$time = (Get-Date).Adddays(-($DaysInactive))

$result=@()

$result2=@()

#————————————————————————————————————————–

Get-ADComputer -Filter {(Modified -lt $time) -and (useraccountcontrol -ne “4098”)} -Properties * |

select Name,OperatingSystem | foreach {if (($_.OperatingSystem -like “Windows 7*”) -or($_.OperatingSystem -like “Windows 10*”) -or ($_.OperatingSystem -like “Windows 8*”) -or ($_.OperatingSystem -like “Windows xp*”)) {$result+=$_.Name}}

$result | set-content C:\SourceSoftware\runbook-output\adcleaner\output\ad-cleaner.csv}

  Runbook 3 – Scan and Disable Scheduled Task

Powershell script to Disable machines in AD [requires Admin rights] found in earlier Runbook

#Setting search parameters and creating array

import-module activedirectory

$DaysInactive = 180

$time = (Get-Date).Adddays(-($DaysInactive))

$result=@()

#————————————————————————————————————————–

#Searching for computers that fit the parameters

Get-ADComputer -Filter {(LastLogonDate -lt $time) -and (Enabled -eq “True”)} -Properties * -ErrorAction SilentlyContinue |

select Name,OperatingSystem,comment,CN,LastLogonDate,DistinguishedName | foreach {if (($_.OperatingSystem -like “Windows 7*”) -or($_.OperatingSystem -like “Windows 10*”) -or ($_.OperatingSystem -like “Windows 8*”) -or ($_.OperatingSystem -like “Windows xp*”)) {$result+=$_}}

#Disabling computers

#$result|Foreach-Object {Disable-ADAccount -Identity $_.DistinguishedName -recursive -ErrorAction SilentlyContinue}

foreach ($_ in $result)

{If ($_ -ne $Null)

{Disable-AdAccount -Identity $_.DistinguishedName}}

#————————————————————————————————-

      Runbook 4 – Scan Disabled and Delete Scheduled Task + Log

Powershell Script to scan for machines inactive for 360 days and disabled, then delete them [required AD Admin rights]

  #Setting search parameters and creating array

import-module activedirectory

$DaysInactive = 360

$time = (Get-Date).Adddays(-($DaysInactive))

$result=@()

#Searching for computers that fit the parameters

#————————————————————————————————————————–

Get-ADComputer -Filter {(LastLogonDate -lt $time) -and (Enabled -eq “False”)} -Properties * -ErrorAction SilentlyContinue |

select Name,OperatingSystem,comment,DistinguishedName | foreach {if (($_.OperatingSystem -like “Windows 7*”) -or($_.OperatingSystem -like “Windows 10*”) -or ($_.OperatingSystem -like “Windows 8*”) -or ($_.OperatingSystem -like “Windows xp*”)) {$result+=$_}}

#Write Output to Log

#————————————————————————————————————————–

$result | set-content \\SERVER01\runbook-output\adcleaner\output\ad-disable.csv

#————————————————————————————————————————–

#Delete Function

#————————————————————————————————————————–

foreach ($_ in $result)

{If ($_ -ne $Null)

{Remove-ADObject -Identity $_.DistinguishedName -recursive -Confirm:$false}}

#————————————————————————————————————————–

    Runbook 5 – Mail Routine

Send mail with output files to recipients, with subject of today’s date

The Subject of the mail would be appended with current date and time

  Runbook 6 – Logging Routine

Moving current logs to history folders and appending with date of file transfer in name.

  sample automated email

from WordPress http://bit.ly/2Hpa6tj via IFTTT

RT @TinkerSec: I wonder how many Windows XP machines there are in this environment... PS > Import-Module ActiveDirectory PS > Get-ADComputer -Filter “OperatingSystem -like ‘*Windows XP*’ https://t.co/SURmvLtLmO

I wonder how many Windows XP machines there are in this environment... PS > Import-Module ActiveDirectory PS > Get-ADComputer -Filter “OperatingSystem -like ‘*Windows XP*’ pic.twitter.com/SURmvLtLmO

— Tinker (@TinkerSec) April 9, 2019

from Twitter https://twitter.com/sinsonido April 10, 2019 at 02:15PM via IFTTT

[July 2018] 70-742 Identity with Windows Server 2016 Exam Q&As | Killtest

Have you ever taken the assistance of 70-742 preparatory material available online? Do you realize how beneficial these preparatory materials could be for your Microsoft 70-742 exam? There may be a many companies claiming to help you through your 70-742 MCSA exam, but we only understands what you actually seek. Killtest not only promises but also delivers the results. The proof of which is reflected in the high grades and 100% pass rate of the students who avail 70-742 Identity with Windows Server 2016 Exam Q&As. With Killtest 70-742 Identity with Windows Server 2016 Exam Q&As, you can save more on Microsoft 70-742 exam. More, we will ensure your success in 70-742 Identity with Windows Server 2016 certification exam.

In IT field, a professional IT expert need to know the importance of Microsoft 70-742 which increase his knowledge and job opportunities. Killtest 70-742 Identity with Windows Server 2016 Exam Q&As are the best tools for passing the 70-742 Identity with Windows Server 2016. Killtest can help you in your final MCSA 70-742 exam. The 70-742 practice exam is essential and core part of Killtest and once you clear the Microsoft 70-742 Identity with Windows Server 2016 you will be able to solve the real time problems yourself. Before to enroll yourself in 70-742 MCSA exam, you need to get 70-742 course materials from well reputed platform because Killtest will ensure that you can pass your 70-742 exam in the first try.

Get Microsoft 70-742 certification, you will become the IT industry's professional high-end person. If you choose Killtest 70-742 Identity with Windows Server 2016 Exam Q&As, you can save a lot of time and energy to consolidate knowledge, but can easily pass Microsoft certification 70-742 exam. Killtest speak with the facts, the moment when the miracle occurs can prove every word we said. Your 70-742 Identity with Windows Server 2016 Exam Q&As will probably accommodate people together with study material questions along with total answers. The particular 70-742 Identity with Windows Server 2016 Exam Q&As tend to be amalgamated into your issue along with reply material of own 70-742 Identity with Windows Server 2016 exam. If you are still waiting, still hesitating, or very depressed that pass Microsoft 70-742 exam, do not worry, the Killtest 70-742 Identity with Windows Server 2016 Exam Q&As will help you solve these problems.

Share Microsoft 70-742 MCSA:Windows Server 2016 Questions Demo | Killtest

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2. Contoso.com has the following configuration. PS C:\> (Get-ADForest).ForestMode Windows2008R2Forest PS C:\> (Get-ADDomain).DomainMode Windows2008R2Domain PS C:\> You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration. You need to configure Active Directory to support the planned deployment. Solution: You run adprep.exe from the Windows Server 2016 installation media. Does this meet the goal? A. Yes B. No Answer: A

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2. Contoso.com has the following configuration. PS C:\> (Get-ADForest).ForestMode Windows2008R2Forest PS C:\> (Get-ADDomain).DomainMode Windows2008R2Domain PS C:\> You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration. You need to configure Active Directory to support the planned deployment. Solution: You upgrade a domain controller to Windows Server 2016. Does this meet the goal? A. Yes B. No Answer: B

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2. Contoso.com has the following configuration. PS C:\> (Get-ADForest).ForestMode Windows2008R2Forest PS C:\> (Get-ADDomain).DomainMode Windows2008R2Domain PS C:\> You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration. You need to configure Active Directory to support the planned deployment. Solution: You raise the domain functional level to Windows Server 2012 R2. Does this meet the goal? A. Yes B. No Answer: B

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1. You need to add a domain user named User1 to the local Administrators group on Server1. Solution: From a domain controller, you run the Set-AdComputer cmdlet. Does this meet the goal? A. Yes B. No Answer: B

Microsoft 70-742 exam is an equal opportunity provider, which help you in skill up-gradation and development. It is equally important for professionals, as well as for fresh candidates. No matter if you have hands on experience and a fresh candidate; you would have to study 70-742 Identity with Windows Server 2016 Exam Q&As. Killtest 70-742 Identity with Windows Server 2016 Exam Q&As cover all the exam objectives and have been checked for accuracy, and to ensure your success in your Microsoft 70-742 exam. 70-742 Identity with Windows Server 2016 Exam Q&As can be taken online. This is easy to understand 70-742 questions and answers are in PDF so you can easily download and use. The successful candidates for 70-742 Microsoft practice exam, has shown a lot of confidence.

CertTree Windows Server 2016 70-742 study guide

In order to provide you with the best CertTree Windows Server 2016 70-742 study guide, CertTree constantly improve the quality of CertTree Windows Server 2016 70-742 study guide and update the dumps on the basis of the latest test syllabus at any time. CertTree is your best choice on the market today and is recognized by all candidates for a long time. If you don't believe what I say, you can know the information by asking around. Somebody must have been using CertTree CertTree Windows Server 2016 70-742 study guide. We assure CertTree provide you with the latest and the best CertTree Windows Server 2016 70-742 study guide which will let you pass the exam at the first attempt. We are committed to using CertTree CertTree Windows Server 2016 70-742 study guide, we can ensure that you pass the exam on your first attempt. If you are ready to take the exam, and then use our CertTree CertTree Windows Server 2016 70-742 study guide, we guarantee that you can pass it. If you do not pass the exam, we can give you a refund of the full cost of the materials purchased, or free to send you another product of same value. Share some MCSA 70-742 exam questions and answers below. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment. Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment. You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com. Solution: From AD RMS in fabrikam.com, you configure contoso.com as a trusted publisher domain. Does this meet the goal? A. Yes B. No Answer: B Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2. Contoso.com has the following configuration. PS C:\> (Get-ADForest).ForestMode Windows2008R2Forest PS C:\> (Get-ADDomain).DomainMode Windows2008R2Domain PS C:\> You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration. You need to configure Active Directory to support the planned deployment. Solution: You run adprep.exe from the Windows Server 2016 installation media. Does this meet the goal? A. Yes B. No Answer: A Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1. You need to add a domain user named User1 to the local Administrators group on Server1. Solution: From a domain controller, you run the Set-AdComputer cmdlet. Does this meet the goal? A. Yes B. No Answer: B Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.Information and details provided in a question apply only to that question.Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).You need to force users to change their account password at least every 30 days.What should you do? A. From the Computer Configuration node of DCPolicy, modify Security Settings. B. From the Computer Configuration node of DomainPolicy, modify Security Settings. C. From the Computer Configuration node of DomainPolicy, modify Administrative Templates. D. From the User Configuration node of DCPolicy, modify Security Settings. E. From the User Configuration node of DomainPolicy, modify Folder Redirection. F. From user Configuration node of DomainPolicy, modify Administrative Templates. G. From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings. H. From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings. Answer: B Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.Information and details provided in a question apply only to that question.Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).You need to use the application control policy settings to prevent several applications from running on the network.What should you do? A. From the Computer Configuration node of DCPolicy, modify Security Settings. B. From the Computer Configuration node of DomainPolicy, modify Security Settings. C. From the Computer Configuration node of DomainPolicy, modify Administrative Templates. D. From the User Configuration node of DCPolicy, modify Security Settings. E. From the User Configuration node of DomainPolicy, modify Folder Redirection. F. From user Configuration node of DomainPolicy, modify Administrative Templates. G. From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings. H. From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings. Answer: B You have a server named Server1 that runs Windows Server 2016. You need to configure Server1 as a Web Application Proxy.Which server role or role service should you install on Server1? A. Remote Access B. Active Directory Federation Services C. Web Server (IIS) D. DirectAccess and VPN (RAS) E. Network Policy and Access Services Answer: A Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment. Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment. You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com. Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted user domain. Does this meet the goal? A. Yes B. No Answer: B Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1. You recently restored a backup of the Active Directory database from Server1 to an alternate Location. The restore operation does not interrupt the Active Directory services on Server1. You need to make the Active Directory data in the backup accessible by using Lightweight Directory Access Protocol (LDAP). Which tool should you use? A. Dsadd quota B. Dsmod C. Active Directory Administrative Center D. Dsacls E. Dsamain F. Active Directory Users and Computers G. Ntdsutil H. Group Policy Management Console Answer: E Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1. You need to add a domain user named User1 to the local Administrators group on Server1. Solution: From the Computer Configuration node of GPO1, you configure the Account Policies settings. Does this meet the goal? A. Yes B. No Answer: B Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. Server1 is located in the perimeter network.You install the Active Directory Federation Services server role on Server1. You create an Active Directory Federation Services (AD FS) farm by using a certificate that has a subject name of sts.contoso.com.You need to enable certificate authentication from the Internet on Server1. Which two inbound TCP ports should you open on the firewall? Each correct answer presents part of the solution. A. 389 B. 443 C. 3389 D. 8531 E. 49443 Answer: B,E After you used CertTree CertTree Windows Server 2016 70-742 study guide, you still fail in 70-742 test and then you will get FULL REFUND. This is CertTree's commitment to all candidates. What's more, the excellent CertTree Windows Server 2016 70-742 study guide can stand the test rather than just talk about it. CertTree CertTree Windows Server 2016 70-742 study guide can completely stand the test of time. CertTree present accomplishment results from practice of all candidates. Because it is right and reliable, after a long time, CertTree CertTree Windows Server 2016 70-742 study guide are becoming increasingly popular.

PowerShell: Find Remote Desktop Servers on A Domain

Remote Desktop Servers have a way of multiplying themselves like some kind of organic creature. Most administrators know how to deploy RDS and it is a good to solution for a variety of issues. The simple script below scans domain servers for the installed features. $ErrorActionPreference = "SilentlyContinue"$Servers = Get-ADComputer -Filter 'Operatingsystem -Like "*server*"' -Properties…

View On WordPress

Windows - Come aggiornare i Criteri di Gruppo con GPUpdate, Invoke-GPUpdate o GPMC

Qualche giorno fa abbiamo pubblicato un articolo in cui spiegavamo come disabilitare la copia e il download di file via RDP con le Policy di Gruppo (Group Policy) per tutti i client Windows appartenenti alla medesima Active Directory forest. In questo post illustreremo come forzare un aggiornamento immediato di queste Group Policy sui singoli Client (o su tutti i client) utilizzando tre possibili strumenti che Windows mette a nostra disposizione: GPUpdate.exe (da command-line), Invoke-GPUpdate (da PowerShell) e la Console di Gestione Criteri di Gruppo, nota anche come Group Policy Management Console (GPMC).

Introduzione

All'interno di un ambiente Windows Server basato su Active Directory, le impostazioni dei Criteri di Gruppo (Group Policy settings) possono essere aggiornate nei seguenti modi: Utilizzando lo strumento GPUpdate da command-line sui singoli client: questo è il metodo più semplice ed efficace quando vogliamo aggiornare le Group Policy di una singola macchina alla quale abbiamo accesso. Utilizzando il cmdlet Invoke-GPUpdate (Powershell), utilizzabile sia sui singoli client (per aggiornare le Group Policy in locale) che sul controller di dominio (per aggiornare le Group Policy dei client "da remoto"). Si tratta ovviamente di un ottimo metodo per aggiornare i Criteri di Gruppo in quanto consente una grande libertà di azione sia effettuando l'accesso ai singoli client che accedendo direttamente al controller di dominio. Utilizzando la Console di Gestione Criteri di Gruppo, più nota come Group Policy Management Console (GPMC), per aggiornare globalmente tutti i computer all'interno della medesima Organizational Unit. Si tratta sostanzialmente di un metodo alternativo (e del  tutto similare) alla modalità più potente consentita dal cmdlet Invoke-GPUpdate che abbiamo citato poco fa. Nei paragrafi successivi vedremo come è possibile utilizzare queste tre tecniche per effettuare l'aggiornamento dei Criteri di Gruppo sulle macchine client.

GPUpdate.exe (CMD)

Utilizzare lo strumento GPUpdate è senz'altro il modo più semplice per aggiornare le Group Policy su una singola macchina client alla quale abbiamo accesso. Per ottenere questo risultato è sufficiente eseguire le seguenti operazioni: Aprire un prompt dei comandi (con privilegi di amministrazione) Digitare ed eseguire il comando seguente: GPUpdate /force

Per informazioni aggiuntive sullo strumento GPUpdate.exe consigliamo di dare un'occhiata alla guida Force a Remote Group Policy Refresh (GPUpdate) su Microsoft docs.

Invoke-GPUpdate (Powershell)

Il cmdlet Invoke-GPUpdate è lo trumento giusto per forzare l'aggiornamento delle Policy di Gruppo su molti computer in modalità "remota", ovvero azionando l'update in modo globale dal Domain Controller anziché eseguendo il comando su ciascun singolo client. Ecco come possiamo utilizzare il cmdlet per effettuare l'aggiornamento di un singolo client: Invoke-GPUpdate -Computer "CONTOSO\COMPUTER-02" -Target "User" Ovviamente, il cmdlet può essere utilizzato anche in modalità batch, ovvero per effettuare un aggiornamento automatico di tutti i client appartenenti alla nostra Organizational Unit. Per utilizzarlo in questo modo dovremo però far uso anche del cmdlet Get-ADComputer, che ci consentirà di ottenere l'elenco dei computer disponibili: in questo modo avremo la possibilità di eseguire Invoke-GPUpdate molteplici volte, una per ogni computer individuato. Ecco un semplice script PowerShell che mostra come ottenere questo risultato: Get-ADComputer –filter * -Searchbase "ou=Accounting, dc=Contoso,dc=com" | foreach{ Invoke-GPUpdate –computer $_.name -force} Ovviamente il cmdlet  Invoke-GPUpdate può essere utilizzato anche per aggiornare le Group Policy direttamente da un client, proprio come lo strumento GPUpdate.exe introdotto nel paragrafo precedente; per utilizzarlo in questo modo, è sufficiente eseguirlo senza parametri: Invoke-GPUpdate Per informazioni aggiuntive sul cmdlet Invoke-GPUpdate consigliamo di consultare la pagina Invoke-GPUpdate guide presente sul portale informativo Microsoft docs.

Group Policy Management Console (GPMC)

In quest'ultimo paragrafo vedremo come è possibile utilizzare la Console Gestione Criteri di gruppo (GPMC) di Windows Server per inviare una richiesta di aggiornamento dei Criteri di gruppo per tutti i client registrati nell'unità organizzativa: Avviare la Console Gestione Criteri di Gruppo (GPMC). Nell'albero della console GPMC, individuare l'unità organizzativa per cui si desidera aggiornare i Criteri di gruppo per tutti i computer. E' importante tenere presente che i criteri di gruppo verranno aggiornati anche per tutti i computer che si trovano nelle sotto-unità organizzative contenute nell'Organizational Unit selezionata. Fare clic con il tasto destro del mouse sull'Organizational Unit che si desidera aggiornare, quindi fare clic su Aggiornamento criteri di gruppo. Fare clic su Sì nella finestra di dialogo Forza aggiornamento Criteri di gruppo. Queste operazioni avranno un effetto analogo all'esecuzione di GPUpdate.exe / force dalla riga di comando su tutti i client Windows singolarmente, o all'utilizzo del cmdlet Invoke-GPUpdate descritto nel paragrafo precedente.

Conclusioni

Per il momento è tutto: ci auguriamo che questa guida possa essere d'aiuto ai tanti Amministratori di Sistema che cercano un modo facile ed efficace per aggiornare le Group Policy su uno o più client Windows. Alla prossima!   Read the full article

Excel: Text to Columns

Excel: Text to Columns

I work a lot with text files containing data which is, to some degree or another, structured. Whether a breach file from a published breach, or the result of a powershell query such as Get-ADUser, Get-ADComputer, or Get-ADDirectReports, I need to separate the data into columns so that I can work with it. This is where the Text to Columns feature in Excel comes in handy.

Assuming the file I am…

View On WordPress

For some reason, I don’t like netstat. Never did. Fortunately PowerShell provides a similar command to netstat: Get-NetTCPConnection. Let’s discover the options of this command in form of this blog post.

Get-NetTCPConnection

Running without any parameter it gives you an overview of all TCP Connections. It will show you TCP Connections of all states (closed, waiting, listening, established …)

Get-NetTCPConnection

IPv4 only

To show only IPv4 Connections simply provide your Local IPv4 Address. It might be useful to sort on the Local Port:

Get-NetTCPConnection -LocalAddress 192.168.0.100 | Sort-Object LocalPort

IPv6 only

If you are lucky and your ISP provides you with IPv6 Adresses, then enter your IPv6 Global Unicast Address.

Get-NetTCPConnection -LocalAddress 2a02:8388:b01:3700:215:5dff:fe6f:a00 | Sort-Object LocalPort

Show established connections only

I guess the most important parameter is state. To show only established connections in a user-friendly view (Format-Table) run

Get-NetTCPConnection -State Established | Format-Table -AutoSize

Well, ok, we’ve seen in these first steps what Get-NetTCPConnection could do for us. Before we continue to the more advanced part of this post let’s compare the output to netstat.

As I’ve mentioned: The PowerShell cmdlet is my favourite.

Get-NetTCPConnection for Power Users

Resolving IP-Addresses

Do you know the IP of sid-500.com. Why not? 😉 If you don’t know the IP of my site how would you check if you are connected to it? Ok, sure there must be a connection because you’re reading my article. Well, if you know the hostname then run Resolve-DnsName to get the IP-Address!

Get-NetTCPConnection -RemoteAddress (Resolve-DnsName sid-500.com).IPAddress -ErrorAction SilentlyContinue | Format-List

For this it’s useful to use the Erroraction Parameter for avoiding ugly red error messages. Resolve-DNSName will give you 2 IPv4 Addresses of my site. But you are only connected to one of them. So you are not connected to the other one which causes the red lines.

Look at the following example. Microsoft has more than one Public IPv4 Address. I’m connected to only one of them. If you run this command with Erroraction silentlycontinue, you’ll see no red lines anymore.

Get TCP Connections on Remote Hosts

If you want to figure out the established TCP Connections on a remote host, simply use Invoke-Command. Note, that I’m logged on dc01. Server02 is the remote host. Both computers share the same domain.

Invoke-Command -ComputerName server02 {Get-NetTCPConnection -State Established}

Get TCP Connections from all Servers

To retrieve all established connections from all servers of your domain (all OUs!) and to save them all to  a file, run

(Get-ADComputer -Filter 'operatingsystem -like "*server*"').Name | Foreach-Object {Invoke-Command -ComputerName $_ {Get-NetTCPConnection -State Established -ErrorAction SilentlyContinue} | Sort-Object PSComputerName | Select-Object PSComputername, LocalPort, RemotePort, RemoteAddress} | Out-File C:\Temp\TCPConn.txt

That’s it for today. Hope you enjoyed it!

See also

For more about networking with PowerShell see also my articles

PowerShell: Testing the connectivity to the Default Gateway on localhost and Remote Hosts by reading the Routing Table

PowerShell: Use SSH to connect to remote hosts (Posh-SSH)

PowerShell: Check open/closed ports with Test-NetConnection

The new netstat: Playing with Get-NetTCPConnection For some reason, I don't like netstat. Never did. Fortunately PowerShell provides a similar command to netstat: Get-NetTCPConnection.

[PDF and VCE] Free CertBus Microsoft 70-410 VCE and PDF, Exam Materials Instant Download

Do not worry about your MCSA 70-410 exam preparation? Hand over your problems to CertBus in change of the MCSA 70-410 Installing and Configuring Windows Server 2012 certifications! CertBus provides the latest Microsoft MCSA 70-410 exam preparation materials with PDF and VCEs. We CertBus guarantees you passing MCSA 70-410 exam for sure.

We CertBus has our own expert team. They selected and published the latest 70-410 preparation materials from Microsoft Official Exam-Center: http://ift.tt/2qVZwwH

QUESTION NO:29

You work as an administrator at ABC.com. The ABC.com network consists of a single domain

named ABC.com. All servers on the ABC.com network have Windows Server 2012 installed.

ABC.com has its headquarters in London, and several widespread satellite offices. When

ABC.com releases a new written policy stating that the graphical user interface (GUI) should not

be installed on any servers deployed to ABC.com

QUESTION NO:37

You work as an administrator at ABC.com. The ABC.com network consists of a single domain

named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows

Server 2012 installed.

When you recently added new workstations to the ABC.com manually, you found that that the

computer accounts were created in the default container. You want to make sure that the default

container for newly created computers is redirected to a specified, target organizational unit (OU).

Which of the following actions should you take?

A. You should consider making use of the replace.exe command-line tool.

B. You should consider making use of the redircmp.exe command-line tool.

C. You should consider making use of the redirusr.exe command-line tool.

D. You should consider making use of the rexec.exe command-line tool.

Answer: B

Explanation:

QUESTION NO:30

You work as an administrator at ABC.com. The ABC.com network consists of a single domain

named ABC.com. All servers on the ABC.com network have Windows Server 2008 R2 installed.

Most of the ABC.com servers have 64

QUESTION NO:36

You work as an administrator at ABC.com. The ABC.com network consists of a single domain

named ABC.com.

ABC.com has a Windows Server 2012domain controller, named ABC-DC01, which has the

Domain Naming master and the Schema master roles installed. ABC.com also has a Windows

Server 2008 R2 domain controller, named ABC-DC02, which has the PDC Emulator, RID master,

and Infrastructure master roles installed.

You have deployed a new Windows Server 2012 server, which belongs to a workgroup, in

ABC.com

QUESTION NO:23

You work as an administrator at ABC.com. The ABC.com network consists of a single domain

named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows

Server 2012 installed.

You have just executed the Uninstall-WindowsFeature Server-Gui-Shell

QUESTION NO:18

You work as an administrator at ABC.com. The ABC.com network consists of two Active Directory

forests, named ABC.com and test.com. There is no trust relationship configured between the

forests.

A backup of Group Policy object (GPO) from the test.com domain is stored on a domain controller

in the ABC.com domain. You are informed that a GPO must be created in the ABC.com domain,

and must be based on the settings of the GPO in the test.com domain.

You start by creating the new GPO using the New-GPO Windows PowerShell cmdlet. You want to

complete the task via a Windows PowerShell cmdlet.

Which of the following actions should you take?

A. You should consider making use of the Invoke-GPUpdate Windows PowerShell cmdlet.

B. You should consider making use of the Copy-GPO Windows PowerShell cmdlet.

C. You should consider making use of the New-GPLink Windows PowerShell cmdlet.

D. You should consider making use of the Import-GPO Windows PowerShell cmdlet.

Answer: D

Explanation:

QUESTION NO:39

You work as a senior administrator at ABC.com. The ABC.com network consists of a single

domain named ABC.com. All servers on the ABC.com network have Windows Server 2012

installed.

You are running a training exercise for junior administrators. You are currently discussing what

happens when you run the Remove-NetLbfoTeam Windows PowerShell cmdlet.

Which of the following describes the results of running this cmdlet?

A. It removes one or more network adapters from a specified NIC team.

B. It removes a team interface from a NIC team.

C. It removes a specified NIC team from the host.

D. It removes a network adapter member from a switch team.

Answer: C

Explanation:

QUESTION NO:20

You work as an administrator at ABC.com. The ABC.com network consists of an Active Directory

forest that contains a root domain, named ABC.com, and two child domains, named us.ABC.com

and uk.ABC.com. All servers on the ABC.com network have Windows Server 2012 installed.

The root domain hosts a domain local distribution group, named ABCGroup. You are preparing to

issue ABCGroup read-only access to a shared folder hosted by the us.ABC.com domain.

You want to make sure that ABCGroup is able to access the shared folder in the us.ABC.com

domain.

Which of the following actions should you take?

A. You should consider re-configuring ABCGroup as a universal Admins group.

B. You should consider re-configuring ABCGroup as a universal security group.

C. You should consider re-configuring ABCGroup as a global administrators group.

D. You should consider re-configuring ABCGroup as a local administrators group.

Answer: B

Explanation:

QUESTION NO:21

You work as an administrator at ABC.com. The ABC.com network consists of a single domain

named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows

Server 2012 installed.

You have been instructed to modify an Active Directory computer object.

Which of the following actions should you take?

A. You should consider making use of the Get-ADComputer Windows PowerShell cmdlet.

B. You should consider making use of the Set-ADComputer Windows PowerShell cmdlet

C. You should consider making use of the New-ADComputer Windows PowerShell cmdlet

D. You should consider making use of the Get-ADComputerServiceAccount Windows PowerShell

cmdlet

Answer: B

Explanation:

QUESTION NO:35

You work as an administrator at ABC.com. The ABC.com network consists of a single domain

named ABC.com. All servers in the ABC.com domain have Windows Server 2012 installed, while

domain controllers have Windows Server 2008 R2 installed.

You are then tasked with deploying a new Windows Server 2012 domain controller. You are

preparing to install the DNS Server role, and enable the global catalog server option.

Which of the following actions should you take?

A. You should consider making use of Server Manager.

B. You should consider making use of the Active Directory Installation Wizard.

C. You should consider making use of the DHCP Installation Wizard

D. You should consider making use of TS Manager

Answer: B

Explanation:

CertBus exam braindumps are pass guaranteed. We guarantee your pass for the 70-410 exam successfully with our Microsoft materials. CertBus Installing and Configuring Windows Server 2012 exam PDF and VCE are the latest and most accurate. We have the best Microsoft in our team to make sure CertBus Installing and Configuring Windows Server 2012 exam questions and answers are the most valid. CertBus exam Installing and Configuring Windows Server 2012 exam dumps will help you to be the Microsoft specialist, clear your 70-410 exam and get the final success.

70-410 Latest questions and answers on Google Drive(100% Free Download): http://ift.tt/2qWnasR

70-410 Microsoft exam dumps (100% Pass Guaranteed) from CertBus: http://ift.tt/2qVZwwH [100% Exam Pass Guaranteed]

Why select/choose CertBus?

Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.

Brand Certbus Testking Pass4sure Actualtests Others Price $45.99 $124.99 $125.99 $189 $69.99-99.99 Up-to-Date Dumps Free 365 Days Update Real Questions Printable PDF Test Engine One Time Purchase Instant Download Unlimited Install 100% Pass Guarantee 100% Money Back Secure Payment Privacy Protection

Published by CertBus http://ift.tt/2sl4KFN