COMException (0x8007200A): The specified directory service attribute or value does not exist.

Last few days I spent on investigation, why an “application” we use does not work properly trying to access Active Directory. Long story short, we’re using application which … . The application can use internal users (similar to SQL “sa” account) or Active Directory users and we wanted to use AD users. Our AD is hardened and some default rights are removed. So … application didn’t work and it’s returning error window with message

The specified directory service attribute or value does not exist. Continue reading

HOWTO : Create gMSA user account

In last post I wrote few words about MSA and gMSA and in this post I’d like to show you how to make use of gMSA using Powershell of course :).

My test environment is

DS-DC-01 – Windows Server 2012 domain controller
SC-DB-01 – Windows Server 2012 machine for SCCM SQL database
SC-DB-02 – Windows Server 2012 for extending SQL to a cluster.

Continue reading

HOWTO : Creating new Active Directory forest with Powershell

I’ve seen many howtos, manuals how to install Active Directory domain, but they were always GUI based, as example I’ll put just 2 links, one is Technet and second is Petri website. So in this post I’d like to present how to install and configure basic AD forest using Powershell, it requires just a few input data and 2 powershell commands.

Continue reading

Get-ADUser : A referral was returned from the server

Recently a friend of mine had to query for the users and user properties who are members of “Enterprise Admins” Active Directory group. Of course you need to import ActiveDirectory powershell module to run it. The command is pretty simple

So command should prepare a csv file with all the users and their properties, even if users are members of nested groups. However a strange error we’ve received.
Continue reading

HOWTO : Find all users in Active Directory who haven’t logged in longer than 90 days

powershell-icon-152-191890Here comes another howto. I was asked few times to find users that haven’t logged to the domain for a defined amount of time, that I decided write few words how to handle it. The easiest way to achieve that is use of “Saved Queries” in Active Directory Users and Computers console. To do that you simply right-click on the “Saved Queries”, choose New->Query


Then you simply type the name of the query, you can also define specific OU for that and click define query. In the common queries, in the bottom you can choose to find users who has not logged on for some amount of time, counted in days.


It’s the easiest way to find the users … However I would like to have a list in let say CSV file. Here comes the powershell … again. Continue reading

HOWTO : Bulk group name change in the Active Directory by adding a prefix using powershell

During my work I faced many scripting challenges, the one I describe now is very simple and this post will be really short, but dear Reader it can help you to solve some similar cases. So in my case issue was  to change all Active Directory group names in one organizational unit by adding the prefix. Continue reading