When you install Exchange in environment you want to allow users to log into mails using their e-mail address. If your domain name is different from your e-mail domain, you have to add UPN suffix first. More abour it HERE. Then you need to change User Principal Name into Primary SMTP Address. I wrote little script to do so:
Get-Mailbox |
ForEach-Object{
Write-Host “For: ” + $_.SamAccountName
Write-Host ” – change UPN from: ” + $_.UserPrincipalName + ” to: ” + $_.PrimarySmtpAddress
Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName $_.PrimarySmtpAddress
}
Have a nice day,
When administrators implement Roaming Profiles they define folder where roaming profile should be stored on fileserver. By default file permissions for the newly generated profile are full control for the user, full control to SYSTEM and no file access for the administrators group. You can not access this profiles with administrator account and clean it up. First you had to take ownership and then you can change ACL, but this is not what you want, because owner should be user.
You can fix this in two steps:
New roaming profile folders
You can change default behaviour on new profile folder creation. It can be changed by applying GPO to domain controllers with following setting Enabled:
Change ACLs for existing profile folders
This will be in couple steps:
-
- Download PsExec
- Log into fileserver where profiles are stored
- Run cmd.exe under SYSTEM account by running command
psexec -sid cmd.exe
- In new cmd.exe window go into directory where roaming profiles are stored. For example: cd G:\Profiles\
- Add BUILTIN\Administrators into ACLs of roaming profiles by running following command:
subinacl /subdirectories=directoriesonly G:\Profiles\*.* /GRANT=Administrators=F
Enjoy accessible roaming profile folders 🙂
Recent Comments