Thursday 26 September 2013

Windows 7 Unable to Join Domain through powershell



A strange one today, while trying to join a computer to the domain we have had an error.

The following error occourred attempting to join the domain <domain name>:
The administravtive limit for this request was exceeded.

We found out that we have a problem with one of our domain controllers, but as we cant fix that right now and need to get this machine on the network we must be able to do this through powershell or commandline.

Turns out yes you can through powershell
Add-Computer -DomainName <Insert.domain.com> -Server <ServerName> -Credential <domain\AdminUsername>

Everything looks like it should work, but no it doesnt.
Errors about "the network path cannot be found" appear in "Red Code Of Shame"

Abit of googleing and someone mentioned that trying to use the "-Server" its broken in PowerShell V2 and to upgrade to V3.

Now Powershell V3 is part of the "Windows Management Framework 3.0"
http://www.microsoft.com/en-gb/download/details.aspx?id=34595
I downlaoded this from Microsoft for my OS version but i got an error;
The update is not applicable to your computer













It turns out that you need to have Microsoft.Net Framework v4 installed
http://www.microsoft.com/en-gb/download/details.aspx?id=17718

So downlaod the standalone installer, you might aswell as its only small anyway.

Once you are at .Net V4 and have rebooted, install the "Windows Management Framework 3.0".

Reboot if you have to.
Double check you at at PowerShell V3 by opening it and typing get-host



Now when you use powershell to join the domain you can specify the server you wish to join to and you will not get an error.

Now type it again and it will work
 
Add-Computer -DomainName <Insert.domain.com> -Server <ServerName> -Credential <domain\AdminUsername>

Folder Redirection - Lost / Disappearing / Deleted Home Folders and User Data

Now folder redirection is the best thing since sliced bread but make sure you do your testing.

It simplifies your users experience and helps you admins to keep user data off the end device.

When you have folder redirection setup you probably wont have any issues as once it setup you don't tend to touch it. ***See my guide here on setting up the basics***

But lets just say you redirect your users home paths through to \\server01\UserHome\%Username%\

And you choose the option to "Move the contents of Documents to the new location" for a better end user experience.

and then a few months later you realise that you want to setup a DFS path, \\company.com\DFS\Home, or just change the share name to be \\server01\Home\%Username%

You would think that as this is the same location what could be the problem, it should just work?

WRONG! YOU WILL LOSE ALL YOUR USER DATA!

When you use the "Move the contents of Documents to the new location" option the profile engine performs these 3 tasks.
1. It makes changes in the registry to point towards the new location (HKCU\Software\Microsoft\Windows\CurrentVersion\UserShellFolder)
2. It copies the User Data from all your source redirected folders to the new destination location
3. It then does some house keeping and deletes the original source data.

Now if you were moving the real stored location of the data this would be fine, i.e. \\server01\Home to \\server02\Home

But as we are using DFS to point to the same location as the original files step 3 is the end of your nice quiet day/week.

The engine is just doing what it is supposed to do, and deletes the data from the source folder. 

Now Microsoft have obviously has lots of people calling about this wondering where their data has gone, and they have a very simple little fix for it in the form of a group policy.


Computer Config/Policies/Admin Templates/Windows Components/Windows Explorer/ “Verify old and new Folder Redirection targets point to the same share before redirecting”

What this does is create a .TMP file in the source folder and then has a look in the destination folder, if it sees this .TMP file it knows its the same location and then does not copy the data or delete it.

Great, problem fixed! Apart from NO it isn't. 

Users who are on Windows 7 SP1 now have another problem, if your not on SP1 then you wont have this problem, but then if your not on SP1 why not?

The problem is now windows doesn't want to update the reg keys, HKCU\Software\Microsoft\Windows\CurrentVersion\UserShellFolder, to point to the new location. 
So in effect no data is copied, no data is deleted and no paths get updated.

Well Microsoft have decided to fix this in the form of a HotFix!


Microsoft have fixed this as of March 2013 but for some reason they haven’t included it in Windows Update and its available as a hotfix, http://support.microsoft.com/kb/2799904/en-us

This is a must! get your SCCM guy to package it up and send it down to all your W7 SP1 machines

Once this is installed all your folders will redirect to the correct location, data will be handled correctly!

If you are going to use folder redirection don't be put off just make sure you do your testing.
  

Monday 22 October 2012

ARD Unix code change passwords local account

To change a local user password through the Apple Remote Desktop unix send feature

use this just replace the 
Username x2
NewPassword x2
OldPassword x1


dscl . -passwd /Users/UserName NewPassword
security set-keychain-password -o OldPassword -p NewPassword /Users/UserName/Library/Keychains/login.keychain

this will change the local user password AND the keychain password

Friday 14 October 2011

Apple - Firefox Unix Scripts

A few useful UNIX scripts to push out with Apple Remote Desktop.

Kill Firefox
killall -9 firefox-bin

Remove Firefox
rm -rf /applications/firefox.app

run these as root


Its good to use these before you install a newer version of firefox on the apple mac, and also goes well with my other blog about making Firefox have default settings. http://adamwaycomputing.blogspot.com/2011/10/firefox-default-settings.html

Thursday 13 October 2011

Apple - Firefox Reset

Using Firefox on the apple macs we find that a lot of the time it gets stuck "open" or sits in the dock bouncing.

"Close Firefox

A copy of Firefox is already open. Only one copy of Firefox can be open at a time."

We want to help our users help them selves as it saves us time and them time!

So I wrote this apple-script that will reset Firefox back to default for the user.

So here goes!

On the apple mac open up script editor, copy this in.


tell application "Finder"
    if exists folder "Profiles" of folder "Firefox" of folder "Application Support" of folder "Library" of home then
        -- it exists, do something
        tell application "Nightly" to quit saving no
        tell application "Finder"
            delete the folder "Profiles" of folder "Firefox" of folder "Application Support" of folder "Library" of home
            delete the folder "Firefox" of folder "Caches" of folder "Library" of home
        end tell
        tell application "Finder"
            delete the file "profiles.ini" of folder "Firefox" of folder "Application Support" of folder "Library" of home
        end tell
        display dialog "Your Firefox Profile has been reset.

Please Re-open Firefox!" buttons {"OK"} giving up after 300
    else
        --it doesn't exist, do something else
        display dialog "You dont seem to have run Firefox yet!
               
Please run Firefox again!

If you are still having problems
Please call IT Support!" buttons {"OK"} giving up after 300
    end if
end tell

it will look like this,
 Now go to Files --> Save As

Give it a name and click save.

A Super Big Warning

When you run this it will reset your Firefox settings so please either backup all of your settings or do it on a machine / profile that you don't care about. You have been warned! :-D


Yes there are probably better ways of doing this, and yes it can probably be refined, but this works for me so im not gonna change it :-D

If you combine this with my Firefox Default Settings blog then you can make a very streamlined experience for the user.