Customer requested to force active directory accounts to expire on midnight or in the night and not during the day. So I’ve created following script to do so:
$UserList = Get-ADUser -Filter * -SearchBase "OU=USERS,DC=domain,DC=local" -Properties "DisplayName", "PasswordLastSet"
$Today = (Get-Date)
$MaxPasswdAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
ForEach ($User in $UserList)
{
$ExpireDate = ($User.PasswordLastSet) + $MaxPasswdAge
$DaysToExpire = (New-TimeSpan -Start $Today -End $ExpireDate).Days
If ($DaysToExpire -eq 1)
{
Set-ADUser -Identity $User -ChangePasswordAtLogon $true
}
}
#EOF
This script runs everyday at 23:55.
I found couple examples how to change pwdLastSet attribute on AD user’s object, but I don’t like that. I think this is cleared way to do so.
Have a nice day,
Once upon the time there was customer asking if we can help them with integration their Active Directory with Office 365 cloud. The main request was to sync Active Directory users into Office 365 cloud and then test Office 365 applications on their computers.
Registration for free Office 365
First you need to check prices and packages you want to use. I wanted to test it so I registered HERE. In free month you can use licences for 10 users. Don’t forget to register for Office 365 Midsize Business, only this version of Ouffice 365 can sync AD. After registration I have received e-mail with my account to log into Office 365 portal. After firt logon there is really not to many things to configure. I have to notice that I received testing domain @AtosSlovakia.onmicrosoft.com. This is what you need to have.
Preparing playground
So I have my playground setup:
Computer which will do synchronizaction needs to accomplished couple conditions:
More HERE.
I also need to generate some users in domain which I will upload into cloud. I just have created 50 bulk users using following powershell script:
I have received testing domain suffix from Office 365 @AtosSlovakia.onmicrosoft.com so I have to set it as aditional UPN for new created users:
Setup Active Directory Synchronizaction
When you log on Office 365 portal you go to “users and groups” and select Active Directory synchronization Set up.
Then you have to complete 6 steps (not really work to do) to make it work:
Activation of AD Sync tool can take about 24 hours:
While we will wait for activation of feature, let’s install Directory Sync Tool on server MT-SERVER02.DOMAIN.LOCAL.
Read more…
More and more are people working with Outlook 2007+, using Lync clients, … all of these applications have ability to show pictures of users in their interface. Let’s look how to implement picture into AD for some users.
Picture in AD is stored in one AD attribute called thumbnailPhoto. We need to put picture into this attribute. Exchange servers and other services use Global Catalog Domain Controllers to resolve attributes for objects in domains. So first of all we need to make sure attribute thumbnailPhoto is propagated into Global Catalog database. We need to modify properties of attribute thumbnailPhoto:
Regsvr32 schmmgmt.dll
-
Open up Active Directory Schema MMC snap-in
-
Under Attributes look for thumbnailPhoto and open its properties
-
Check option “Replicate this attribute to the Global Catalog”
Edit thumbnailPhoto properties
Read more…
Today Microsoft released great utility to check health of Active Directory Replication in your environment.
More information about utility is HERE.
I tested it and it’s nice tool to check vitality. You don’t have to use command line utilities.
Just check it and you’ll love it 🙂
Today I was migrating mailboxes from Exchange 2003 to new server Exchange 2010. Almost all accounts were working fine except couple. I receive following error:
Read more…
Categories: Exchange Tags: access, active directory, AD, error, exchange, exchange 2010, failed, INSUFF_ACCESS_RIGHTS, insufficient, migration, move request, rights
Veľa krát sa stretávam u zákazníkov s tým, že ľudia sa sťažujú na rôzne posuny časov tak na ich klientských počítačoch ako aj na serveroch. Read more…
Recent Comments