i got tasked with decommissioning an old file server.
so now i would like to move user files from it to another server.
however i need to change the user's home drive without logging them off (desktops in locked state).
a few assumptions can be made for the of this question.
1)i know the user's computer name
2)the user does not have any files in a locked/open state
3)i have powershell v4
4)i have access over AD
5)i do not have the user's password
an idea i had was to try and make a credential object based on a user's AD entry and then use New-PSDrive to make a persistent remap of the drive. i don't need to see a user's clear-text password if i can make a credential object from an encrypted password.
might i be on the right track or did i derail somewhere?
It's usually much easier to make the new server answer to multiple netbios names so the old drive mappings still work with the new server.
http://windowsitpro.com/networking/how-can-i-define-multiple-netbios-names-machine
Related
I am looking for a script that will help me "lock" a computer with a specific username.
To give an example, John works in a company where every employee can use any computer to login, but John is tired to clean up the mess and leftovers from his colleagues at the office, so, he decided to run a powershell script in Gpedit.msc --> User Configuration --> Windows Settings --> Scripts (Logon/Logoff), or a generic script on the computer to, whenever the computer is rebooted, turned off or, logged off, only his username will ask for credentials. Basically, what I need is to "lock" that computer with a specific user ID, even if it's turned off, rebooted or logged off, only that user ID will show and prompt for password. The computer is always within the network, the user ID does not have administrator rights as the only thing is used on the computer is Internet Explorer to login to a webpage, but my point is the script that I need. A script that enables the "lock" with the specific user ID and a script that disables the "lock", as, I leave on long periods and the place at the computer is free for carnage. And no, I cannot just simply hit Win+Del keys because with a simple reboot, the computer will not remain with the user ID.
Also, I just need the computer to show up with the specific user and always ask for password. I do not need to automatically login.
I tried to search on the internet the specific script or some commands that I can play with, but I did not find something. Can someone help me shed some light on this please?
Thank you!
I'm not sure how an actual script would look, but I know you can lock certain users to only be able to log into certain computers (assuming its an AD domain). Does that help at all?
We're about to de-federate our Office365 domain from using adfs2.0 to using passwords sync'd with Azure AD Sync.
We understand the process to need us to run Convert-MsolDomainToStandard, and then force a re-sync of our password with Azure AD Sync. All good so far.
First question. What powershell can we run to confirm that all our passwords are re-syncing OK on the Azure/365 side? For example, can we get the last password sync time for each user? (not last password change time - that's different!) We really need confidence to pull the trigger on this with 18,000 users.
Second question. After we run this, what powershell can we run to ensure all users have been de-federated properly? A belts and braces check that they've all been correctly updated. I've seen that a lot of people de-federating have had to use Convert-MsolFederatedUser for some users after Convert-MsolDomainToStandard crashed out. What attributes would mark an Azure user as using federated logon rather than managed?
You can review the Application Event log to check if the password sync for every federated user is successful, as well as the sync time.
The Event ID 650 indicates that the password sync process started, and the Event ID 657 will show you users whose password sync is successful or not.
For the second question, I haven't found such powershell comlet to query if the users have been de-federated or not. However, when using the following cmdlet, you will get the users listed in the password.txt, which contains each federated users' temporary password. If you run the following cmdlet again, the users who have already been converted to de-federated will not be issued a new password, the temporary password column will be changed to N/A after the full password sync is completed. So, you can confirm if a user is de-federated or not based on this by examining the password files.
Convert-MsolDomainToStandard -DomainName federated Domain name -SkipUserConversion $false -PasswordFile c:\password.txt
Finally, more references around this can be found here:[1] and [2].
We are moving from one domain to another and it seems to take a lot of time to add permissions to special folders on shared folders to new users.
(We use AD-migrate to transfer the users.)
Is there any way to transfer all folder permissions from the user in the old domain to the new user in the new domain using powershell or anything else?
I work at a moderately sized company and we currently have Citrix Xendesktop 7 tied in with our AD and domain. We have 25 clients we're having employees test right now via the Web Storefront.
Everyone can log in with their domain credentials fine enough, but the image treats every session as if it is a brand new Windows session whenever they first log in for the day (First-time user prompts for Adobe Acrobat, Word Processor, no initial file associations, etc).
Besides having everyone log directly into the main desktop image to save their profile, how would I go about configuring the applications so they don't treat everyone as a brand new user during each session? (I remember someone saying this could be accomplished through the registry settings but I couldn't pull the thread back up for reference).
I'd suggest Citrix UPM and use group policy for folder redirection. You may just need to configure the settings for your environment. You can then have mandatory or unique profiles set.
XD 7 User Profiles
Folder Redirection
User Administrator takes his password from "JIRA Internal Directory" (which means from database, as I understand). I know this password, but in some reasons I want to reset it. But in Administrator's profile there is no link "Set password".
All I found on the Internet - how to send password by e-mail (not to change it!) and view/change it's hash right in database by SQL query.
Is there any method that I overlooked?
Yes, go to Admin, System, General Config and change External User Management to off. Then put the internal directory at the top in the list of User Directories. Go to the admin's profile and click on Change Password. Then undo the previous steps