A while ago we accidentally deleted a leaving staff member’s account instead of disabling it – and pure bad luck means this particular member of staff came back a week later to cover a staff illness. Not wanting to have to re-create the account I discovered that the Active Directory Recycle Bin had not been enabled in the forest – oh no! Luckily we can still get the account back. Objects deleted in AD are tombstoned for 180 days (by default). Continue reading “Active Directory: Recovering Deleted Items”
I don’t like things that can’t be automated. I started looking at School Data Sync (SDS) last year, however the templates provided by iSAMS, which is our school Management Information System, just gave a set of CSVs and you had to manually click to get them, then click to upload them into SDS. Since iSAMS has an API, I thought this was a bit of a silly way of doing things – who wants to go through a manual process every time a pupil changes class? So instead I wrote my own powershell to pull the data through the iSAMS API, then run through the New-Team cmdlet to create a team per class, and populate it with teachers and students.
As we’re a school we need our new teams to be running the Edu_Class template, but the template parameter on New-Team only exists in the preview (and in Graph, on the beta endpoint) where it has much harsher limitations on how often and fast you can call it – a nightmare trying to call it in a loop. Anyway with the addition of “Start-Sleep 30” in the loop I eventually got them all created. However this time I am having another look at SDS and using Power Automate (previously known as Flow) to make the process completely automatic.
One of my C# projects is an application to create guest accounts for the school wireless network. The wireless network is set up with 802.1X authentication, so we can log in using Active Directory user accounts.
The main parts of this system are:
- Pass Generator application (C#) – creates the user accounts and prints tickets with instructions
- Epson T88 based receipt printers – either USB or networked – to print the tickets
- Powershell script to clean up any old accounts
If you’re trying to make a device collection you’ll find the LastPXEAdvertisement doesn’t appear to be available through the query builder UI. Here I’ll look into getting the data through PowerShell and then also putting it into a Device Collection within MEMCM. Continue reading “Delving into the “Last PXE Advertisement” flag”
In a drive to reduce power usage, I’ve tried a few times over the years at a way to shutdown computers but not if they are in use. I’ve tried using scheduled tasks set to only run when idle – in reality this doesn’t really work as we tend to have quite a lot of mice that move ever so slightly on their own, so the PCs never think they are idle. Even wrote a client/server application where the client reports when someone logs on, logs off, or switches user and when prompted to shutdown by the server, the client asks the logged on user if they want to go a head or cancel. This worked fine for a while but when we updated to Windows 10 it stopped working and needed a lot of time spent on working out what had changed. So I moved away from that method. Continue reading “Automated shutdown of devices”
Over the last 15 years I’ve tried pretty much every method of adding printers at logon there is – KIXTART script, VBS, Group Policy Preferences and Powershell. As part of speeding up logon, and investigating a weird issue with Windows 10 printers, I moved away from GPP and to Powershell shortly after we upgraded from Windows 8.1 to Windows 10.
The issue being – roughly 5% of the time, on random user/computer combinations, printers would take a long time adding and then fail to add, with a non-specific error message. My first go at this was a basic powershell script which had a hard coded list of location/printer mapping, and it would run the “add printer” command repeatedly until the error went away. (It always added fine on the 2nd go). The problem with this is that it’s a complicated script for technicians to update, and being a single threaded script the nice form it displays showing people what’s happening would freeze while it was working in the background.
My new script does the bulk of the work in background jobs – so printers add quicker (as it can do more than one at once), and the UI doesn’t lock up and freeze. More importantly, it uses Group Policy Preferences by reading the XML file generated and applies that – so technicians have the familiar interface for adding/removing printers from the script. Continue reading “Powershell Printer Script”
We took delivery of 5 Surface Go tablets a while ago, as we are trialling a Surface Go paired up with a Microsoft Wireless Display adapter on the projector, to replace the traditional PC + interactive whiteboard. They came with Win 10 Pro pre-installed and I didn’t fancy re-imaging them (given at the time I didn’t have any Surface Docks, so no way to plug into the network). This post covers creating and running Powershell scripts through MEMCM as well as the script required to bump up the Windows edition.
(Updated 4th Sept 2020: Use New-CsBatchPolicyPackageAssignmentOperation instead of Grant-CsUserPolicyPackage now)
I’ve recently needed to apply a PolicyPackage to a group of users (well 2 packages to 2 groups) using PowerShell – as the Teams Admin centre only allows you to apply to users by typing in all the names one at a time and pressing Add and discovered the New-CsGroupPolicyAssignment cmdlet, which looks good – however this applies a policy to a group, but I want to apply a policy package.
Instead we can use New-CsBatchPolicyPackageAssignmentOperation and pass it an array of UPNs (max 5000 in one go) along with the policy package name.
Continue reading “Applying Teams Policies to a group”
I recently discovered one of my deployment scripts does not work on Win 10 1809 any more (it ran dism to install the dot Net Framework 3.5 – just errors out) however that the powershell version (Add-WindowsCapability) works fine. Had to get this rolled out to a handful of PCs ASAP in order for a legacy application to successfully run. As time was of the essence, I ended up running round the 24 PCs like an idiot, logging on and running the command, but I thought “Why don’t I just enable PS Remoting, then I could at least do this from my desk scripted”. Obviously the ideal solution would be to deploy the Netfx3 install via SCCM but PS Remoting will still be handy.
I’ve been looking for a while at a way to automate email signatures for everybody using OWA on Office 365. The new layout we want for our signatures includes images and everywhere I’ve read says it’s impossible to embed images in a signature set using PowerShell. (Note I want them embedded rather than hotlinked).
The solution I came up with takes details from the Active Directory user account – I’m using the description field to insert the person’s name (to allow things like “Mrs Blah” rather than just outputting firstname surname), fields like title (job title), telephone, mobile and also using a few of the extensionAttributes for the Twitter/Facebook links. All of these are standard fields so no need to mess with the AD schema. Continue reading “Office 365 Automated Signature Generator”