Wednesday, July 29, 2015

Creating Keytab for UNIX machines access in Active Directory

For UNIX servers can gain access to AD and that they can take an active object in AD as well as the possibility of SPNs we record for them, work with Kerberos authentication in a transparent, etc. What makes it all possible is the Keytab that is generated by Ktpass tool (native Windows tool).
Below example command to generate the Keytab (remembering that the computer object in AD must be previously created):
ktpass / princess host / COMPUTER.domain.test@DOMAIN.TEST / out NomeDoArquivo_host.keytab / crypto All / ptype KRB5_NT_PRINCIPAL -desonly / mapuser DOMAIN \ COMPUTER $ + rndPass
Replace:
COMPUTER = Computer Name
DOMAIN.TEST = Domain Name
DOMAIN = Netbios Domain
note: -Necessary align with the UNIX team to computer names and domain involved in the command will be charged with lowercase or uppercase letters.
Posted by às No comments:
TAGS: , ,

Tuesday, July 28, 2015

10 PowerShell hot pedaling in your Exchange environment

As one Arrentino saying "How are you"?
Staff, the footprint here is as follows; put 10 hot commands for you streamline your daily tasks.
come on:
# 01 - Test-MAPIConnectivity -Identity EMAILDOUSUARIO@DOMINIO.COM | fl
This command being positive ensures that system services, such as Managed Folder Assistant and OWA able to successfully access the mailbox in question, it also brings that server information is located Database and the user's Mailbox. Bears the name of the Mailbox and the coolest, brings Latency. Not to mention that the camando also shows you the status.
# 02 - Get-MailboxDatabaseCopyStatus * | where {$ _ eq ContentIndexState "Failed".}
This is maniero Pakas Mermão. The more show this command is that it shows you which Databases are with the millennium bug's in the Index. Likes? It has more Mermão.
# 03 - Get-MailboxDatabaseCopyStatus * | where {$ _. ContentIndexState -eq "Failed"} | Update-MailboxDatabaseCopy -CatalogOnly
Recalls that the tip # 02 I said I had more? Command that you identified which Databases are with Millennium Bug in the Index, right? It is Mermão, now you correct. Is not it beautiful?
# 04 - Get-MailboxServer | fl name
Get-ClientAccessServer | fl name
Get-TransportServer | fl name
The above commands list the servers of their respective functions. Convenient and fast as well.
# 05 - Get-MailboxDatabase -Status | ft name, last -auto *
Get that is supimpa. The crazy list the status of the last backup (Full / incremental / copy) of databases.
# 06 - Move-ActiveMailboxDatabase NOMEDODATABASE -ActivateOnServer SERVERNAME -Confirm: $ false
Command to move mailbox.
# 07 - Get-Mailbox -Identity CONTADOUSUARIO | Get-MailboxPermission | fl
It happens sometimes, users report that they are receiving pop up asking for password. This command checks the access permissions.
# 08 - New-MoveRequest -identify CONTADOUSUARIO -TargetDatabase DATABASENAME -BadItemLimit 50 -AcceptLargeDataLoss
Comandinho supimpa to move users. And an environment that there are several rules that comanado Database is very useful.
# 09 - Get-MailboxServer -identity NOMEDOSERVERMAILBOX | Get-MailboxDatabase | where {$ _ name -match "NOMEDATABASE."} | Get-Mailbox
Cool command that shows users on the database.
# 10 - Get-Mailbox -identity EMAILDOUSUARIO@DOMINIO.COM | Select-Object Alias ​​| foreach-object {Get-MailboxFolderStatistics -Identity $ _ alias | select-object Identity, ItemsInFolder, FolderSize.}
This command is to close with a flourish. Get this shows all your folders created in your mailbox, items in your folder and the size of each.

I hope these tips to accelerate everyday tasks. Soon we will bring the TOP 10 PowerShell for Active Directory.
Posted by às No comments:
TAGS: , , ,

Kill TS sessions remotely

Classic problem: You try to connect remotely to a server via TS and no connections available ...
One of the possible ways to disconnect these sessions, is through an executable called RESET.EXE included in Windows 2003 and later (at least until Windows Server 2012R2 it still exists ... rss ... remembering that this EXE is also found in versions customers Windows).
Below is an example of the command syntax:
To list the sessions of the remote machine, run the following command:
query session / server: NomeDoServidor_ou_IP
The listing of the sessions is necessary, in order to have access to the session ID.
To "overthrow" the session, run the following command:
reset session IDdasessão / server: NomeDoServidor_ou_IP
I hope you find it useful!
Posted by às No comments:
TAGS: , ,

Microsoft Cluster - Disco reserved

Personal, recently something happened at least interesting with a Mailbox server (MS-Exchange 2010).
This machine was running on ESXi 5.0. How interesting:
In a VMware environment provisioning happens machines from a template, ie a customized Windows with C and D units, right? You install a Windows update patches, install BKP client and other tools according to your environment. Nice!And how the bidding of templates? When you request to be provisioned a machine from a template vCenter makes a clone of that template, that looks cool. Folks, this is perfect if you are not using this as vmware couple of other, that is, if you are not using as Microsoft Cluster or a DAG (MS-Exchange).
The cluster creation process in one of the steps is necessary make a validation. In this validation step these machines created from the clone with D discs received a warning! Ai houses the personal danger ... It's just a warning. The validation is successful.
what can hapen? It may happen that this disk D please reserved. Now imagine that this machine, as in my example, is running an Exchange that was made in the installation disk D. Oh, my friends, when the phone your table play and the GI or the Help Desk say that dozens of boxes mail are out, or rather, the business executive is no mail. At this time you pick up all your mess and go to the nearest cinema, or you start to cry.
How can we validate it? Staff, the goal of this post is not to bring the fastest and practical troubleshooting to get the reserved disk. The idea here is to show that it exists and should not happen.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C: \ Users \ Admin> diskpart
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: VMTESTECLUSTER01
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
--- ----- --- --- - -
Disk 0 Online 100 GB 1024 KB
Disk 1 Online 80 GB 1024 KB
Disk 2 Online 600 GB 0 B
Disk 3 Online 600 GB 0 B
Disk 4 Online 600 GB 0 B
DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> detail disk
VMware Virtual Disk SCSI Disk Device
Disk ID: E87C0E42
Type: SAS
Status: Online
Path: 0
Target: 1
LUN ID: 0
Location Path: PCIROOT (0) #PCI (1500) #PCI (0000) #SAS (P00T01L00)
Current read-only state: No
Read-only: No
Boot Disk: No
Pagefile Disk On
Hibernation File Disk On
Crashdump Disk On
Clustered Disk On
Volume ### Ltr Label Fs Type Size Status Info
---- - ---- - ---- --- --- ---
Volume 3 D New Volume NTFS Partition 79 GB Healthy
DISKPART>
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C: \ Users \ Admin> diskpart
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: VMTESTECLUSTER02
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
--- ----- --- --- - -
Disk 0 Online 100 GB 1024 KB
Disk 1 Online 80 GB 1024 KB
Disk 2 Online 600 GB 0 B
Disk 3 Online 600 GB 0 B
Disk 4 Online 600 GB 0 B
DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> detail disk
VMware Virtual Disk SCSI Disk Device
Disk ID: E87C0E42
Type: SAS
Status: Online
Path: 0
Target: 1
LUN ID: 0
Location Path: PCIROOT (0) #PCI (1500) #PCI (0000) #SAS (P00T01L00)
Current read-only state: No
Read-only: No
Boot Disk: No
Pagefile Disk On
Hibernation File Disk On
Crashdump Disk On
Clustered Disk On
Volume ### Ltr Label Fs Type Size Status Info
---- - ---- - ---- --- --- ---
Volume 3 D NTFS Partition 79 GB Healthy
DISKPART>
The Disk ID same in both machines. What's wrong with having the same ID's? The cluster resource not to promote competition in access to this disk puts in reserve.
clip_image001
Best practices in this case is to remove the D drive, what's in your template, and adds it again, the ID will be different for each machine.
and now?I get it best practice to not happen to get in a disk reserved. Okay, tell me there? How do I remove the disc reserves in a situation like this? Well, you can remove the so reserved but can not request a cluster validation on that machine. Remove the reservation and migrate resources, in my example, uninstall disk MS-Exchange D. Remove the disc D. After that add the D disk and install MS-Exchange again. Then do the validation.
Let's put the resolution to remove the reserved mode. Recalling that the idea of ​​this post is to guide so that does not happen.
Open Powershell and type the following command line:
Clear-ClusterDiskReservation -Disk 1 -node node1 -Force
I hope that by sharing this experience I can add something.
Posted by às No comments:
TAGS: , ,

Number of active users in AD

Hi All,
Buenos dias. Today we post a powershell line to Activie Directory that can bring a great excuse for a coffee.
This line will bring the number of enabled users in your domain, enjoyed the idea?
Well, I have several cafes, or several conversations about the response of this command.
(Get-ADUser -filter * | where {$ _. Enabled -eq "True"}). Count
Posted by às No comments:
TAGS: ,

Diskpart / s

Hello friends from the world of scripts, powershell, .vbs, .bat, and all those who invest hours working out a good old scripiteco.
This week we prepared something nice with Diskpart. For those who follow the Blog must have read something about disk reserved, right? To stay free of an incident like that, or something like that, we insert the disk D after the VM has been initialized. In this scenario we remove the template D disc and insert again after rising SO ensuring that each VM will have your disc with its unique ID and unique serial.
What needs raised? When we went up a virtual machine only with Disk C and the DVD player (Volume 0) DVD-ROM drive has signed with the letter D. This staff there began to stay cool.
Let's customize this process by removing the D volume and signing with the letter Z. And from that process we will create a partition on the disk.
The automated process requires the following command:
C: \ diskpart.exe / s C: \ temp \ scripts \ dispart.txt - This parameter will call the .txt file, drew guys? We will create a .txt file with the name diskpart.txt insertion commands listed below and saves them in the C: \ Temp \ scripts, cool? The next step is to open the CMD and insert the above command line, repeating the sequence,C: \ diskpart.exe / s C: \ temp \ scripts \ dispart.txt
Once this is done the disk is ready for use.
select volume 0
remove letter = D
assign letter Z =
select disk 1
Attributes disk clear readonly
online disk
convert MBR
create partition primary
assign letter = d
format fs = ntfs quick label = "DATA"
Active
Exit
I hope to have cooperated.
Posted by às No comments:
TAGS: , , ,

List Domain Group Members

My dear colleagues, below script to list the members of all Active Directory domain security groups:
$ Groupinfo = "| Select 'Group Name', 'Group Description', 'Member Name', 'Member Description'
AllGroups = $ @ ()
$ MyGroups = Get-ADGROUP -filter {GroupCategory -eq "Security"} -SearchBase "dc = DOMAIN, DC = LOCAL" -Properties Name, Member | select Name, Member
foreach ($ Group in $ MyGroups) {
$ GroupInfo.'Group Name '= $ Group.Name
$ GroupInfo.'Group Description '= $ Group.Description
foreach ($ Member in $ Group.Member) {
$ User = Get-Member ADUser $ -Properties Name | select Name
$ GroupInfo.'Member Name '= $ User.Name
$ Groupinfo | select 'Group Name', 'Member Name'
$ AllGroups + = $ groupinfo | Select 'Group Name', 'Member Name'
}
}
$ AllGroups | Export-CSV allginfo.csv -NoTypeInformation
We can use the same script to filter out members of a single chain.For it changed the filter parameter $ MyGroups = Get-ADGROUP -filter {GroupCategory -eq "Security"} that selects all domain security groups for $ MyGroups = Get -ADGroup -filter {Name -eq "groupname"}.
I hope you find it useful!
Posted by às No comments:
TAGS: , ,

Set-ExecutionPolicy: Can not set execution policy

Hello their maledetos nerds !!! ehehehehe
When trying to run a certain PS script remotely on an Exchange server, I came across the following error message:
. \ UpdateIndexAllMailboxDatabases.ps1: File C: \ Temp \ SCRIPTS \ EXCHANGE \UpdateIndexAllMailboxDatabases.ps1 can not be loaded. The file C: \ Temp \ SCRIPTS \ EXCHANGE \UpdateIndexAllMailboxDatabases.ps1 is not digitally signed. The script will not execute on the system. Please see "get-help about_signing" for more details ..
At line: 1 char: 37
... After a Get-ExecutionPolicy had the RemoteSigned return .There think twice !!! Set-ExecutionPolicy Unrestricted and was returned the following message:
Execution Policy Change
The execution policy helps protect you from scripts That You do not trust. Changing the execution policy might expose you to the security risks described in the help topic at about_Execution_Policies
http://go.microsoft.com/fwlink/?LinkID=135170 . Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend Help (default is "Y") [?] Y
Set-ExecutionPolicy: Windows PowerShell execution policy successfully updated your, but the setting is overridden by
the policy defined at a more specific scope. Due to the override, your shell will retain its current effective
execution of policy RemoteSigned. Type "Get-ExecutionPolicy -List" to view your execution policy settings.For more
information please see "Get-Help Set-ExecutionPolicy".
At line: 1 char: 1
+ Set-ExecutionPolicy Unrestricted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: PermissionDenied: (:) [Set-ExecutionPolicy] SecurityException
+ FullyQualifiedErrorId: ExecutionPolicyOverride, Microsoft.PowerShell.Commands.SetExecutionPolicyCommand
As recommended in the message, I ran the cmdlet to list the policy of execution policy by scope
Get-ExecutionPolicy -List
Scope ExecutionPolicy
- -----
MachinePolicy RemoteSigned
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
... Immediately I performed the following Set-ExecutionPolicy -Scope MachinePolicy -executionpolicy Bypass command for the policy to be released ... ops:
Set-ExecutionPolicy: Can not set execution policy. Execution policies at the MachinePolicy or UserPolicy scopes must beset through Group Policy.
To correct this error, we are forced to make this modification directly in season record:
HKLM: \ Software \ Policies \ Microsoft \ Windows \ PowerShell and change the value ExecutionPolicy   toBypass.
By rerunning the command to list the scope for policy, we realize that now really the setting was uncommitted !!
Get-ExecutionPolicy -List
Scope ExecutionPolicy
- -----
MachinePolicy Bypass
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
Then I could run my script and they all lived happily ever after!
Posted by às No comments:
TAGS: , , , , ,

Verifying GPO Replication

How will my dear readers !!
I am in a constant search for a script that brings me the replication time of Sysvol ... remembering that the environment in question is "Windows Server 2003" as functional mode domain; that is, we only have the ability to replicate the Sysvol with FRS ... who can help ... .eheheheheh
... During this journey, I came across a very cool function called Get-ADGPOReplication filtering results of the cmdlet Get-GPO so we can compare the versions of each GPO Sysvol on all domain DCs !! So we can verify that replication as well as the policy objects are consistent throughout the domain ... I know at this time hit that will thrill cry !!
Below function code:
function Get-ADGPOReplication
{
<#
.SYNOPSIS
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
.DESCRIPTION
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
.PARAMETER GPOName
Specify the name of the GPO
All .PARAMETER
Specify That You want to retrieve all the GPO (slow if you have a lot of Domain Controllers)
.EXAMPLE
Get-ADGPOReplication -GPOName "Default Domain Policy"
.EXAMPLE
Get-ADGPOReplication -All
.NOTES
Francois-Xavier Cat
lazywinadm
lazywinadmin.com
VERSION HISTORY
1.0 22/09/2014 Initial version
Adding some more Error Handling
Fix some typo
#>
#requires -version 3
[CmdletBinding ()]
PARAM (
[Parameter (Mandatory = $ True, ParameterSetName = "One")]
[String []] $ GPOName,
[Parameter (Mandatory = $ True, ParameterSetName = "All")]
[Switch] $ All
)
BEGIN
{
TRY
{
if (-not (Get-Module ActiveDirectory -Name)) {Import-Module ActiveDirectory -Name -ErrorAction Stop -ErrorVariable ErrorBeginIpmoAD}
if (-not (Get-Module -Name GroupPolicy)) {Import-Module -Name GroupPolicy -ErrorAction Stop -ErrorVariable ErrorBeginIpmoGP}
}
CATCH
{
Write-Warning -Message "[BEGIN] Something wrong happened"
IF ($ ErrorBeginIpmoAD) {Write-Warning -Message "[BEGIN] Error while Importing the module Active Directory"}
IF ($ ErrorBeginIpmoGP) {Write-Warning -Message "[BEGIN] Error while Importing the module Group Policy"}
Write-Warning -Message "[BEGIN] $ ($ Error [0] .exception.message)"
}
}
PROCESS
{
FOREACH ($ DomainController in ((Get-ADDomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetDC -filter *). Hostname))
{
TRY
{
IF ($ psBoundParameters ['GPOName'])
{
Foreach ($ GPOItem in $ GPOName)
{
$ GPO = Get-GPO -Name $ GPOItem -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPO
[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPOItem
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
} #Foreach ($ GPOItem in $ GPOName)
} #IF ($ PsBoundParameters ['GPOName'])
IF ($ psBoundParameters ['All'])
{
$ GPOList = Get-GPO -All -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPOAll
foreach ($ GPO in $ GPOList)
{
[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPO.DisplayName
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
}
} #IF ($ PsBoundParameters ['All'])
} #TRY
CATCH
{
Write-Warning -Message "[PROCESS] Something wrong happened"
IF ($ ErrorProcessGetDC) {Write-Warning -Message "[PROCESS] Error while running retrieving Domain Controllers with Get-ADDomainController"}
IF ($ ErrorProcessGetGPO) {Write-Warning -Message "[PROCESS] Error while running Get-GPO"}
IF ($ ErrorProcessGetGPOAll) {Write-Warning -Message "[PROCESS] Error while running Get-GPO -All"}
Write-Warning -Message "[PROCESS] $ ($ Error [0] .exception.message)"
}
} #FOREACH
} #PROCESS
}
  1. Create a .ps1 file containing the code above, or download it here
  2. Run the script in PS ISE as administrator
  3. Run the function !!
1
We have some syntax options, such as:
To bring the result of a single GPO:
Get-ADGPOReplication -GPOName "Default Domain Policy"
To bring the result of some policies:
Get-ADGPOReplication -GPOName "Default Domain Policy", "Default Domain Controllers Policy"
To bring its results for the All Policies:
Get-ADGPOReplication -All
We can also improve the filters with the following command:
Get-ADGPOReplication -all | Out-GridView -Title "GPO Verify $ (Get-Date)"
2
... Now we just need to be able to filter the time required for a change in Sysvol, is uncommitted in all domain DC's.
Posted by às No comments:
TAGS: , , , , , ,

Saved Queries

Active Directory Queries!!!!!!

Find Groups that contains the word admin

(objectcategory=group)(samaccountname=*admin*)
Find users who have admin in description field
(objectcategory=person)(description=*admin*)
Find all Universal Groups 
(groupType:1.2.840.113556.1.4.803:=8)
Empty Groups with No Members 
(objectCategory=group)(!member=*)
Finds all groups defined as a Global Group, a Domain Local Group, or a Universal Group
(groupType:1.2.840.113556.1.4.804:=14)
Find all User with the name Bob
(objectcategory=person)(samaccountname=*Bob*)
Find user accounts with passwords set to never expire
(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)
Find all users that never log in to domain
(&(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*))))
Find user accounts with no log on script
(objectcategory=person)(!scriptPath=*)
Find user accounts with no profile path
(objectcategory=person)(!profilepath=*)
Finds non disabled accounts that must change their password at next logon
(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)
Finds all disabled accounts in active directory
(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)
Finds all locked out accounts
(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)
Finds Domain Local Groups
(groupType:1.2.840.113556.1.4.803:=4)
Finds all Users with Email Address set
(objectcategory=person)(mail=*)
Finds all Users with no Email Address
(objectcategory=person)(!mail=*)
Find all Users, Groups or Contacts where Company or Description is Contractors
(|(objectcategory=user)(objectcategory=group)(objectcategory=contact))(|(description=North*)(company=Contractors*))
Find all Users with Mobile numbers 712 or 155
(objectcategory=user)(|(mobile=712*)(mobile=155*))
Find all Users with Dial-In permissions
(objectCategory=user)(msNPAllowDialin=TRUE)
Find All printers with Color printing capability
Note: server name must be changed
(&(&(&(uncName=*Servername*)(objectCategory=printQueue)(printColor=TRUE))))
Find Users Mailboxes Overriding Exchange Size Limit Policies
(&(&(&objectCategory=user)(mDBUseDefaults=FALSE)))
Find all Users that need to change password on next login.
(&(objectCategory=user)(pwdLastSet=0))
Find all Users that are almost Locked-Out
Notice the “>=” that means “Greater than or equal to”.
(objectCategory=user)(badPwdCount>=2)
Find all Computers that do not have a Description
(objectCategory=computer)(!description=*)
Find all users with Hidden Mailboxes
(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))
Find all Windows 2000 SP4 computers
(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))
Find all Windows XP SP2 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))
Find all Windows XP SP3 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))
Find all Vista SP1 computers
(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))
Find All Workstations
(sAMAccountType=805306369)
Find all 2003 Servers Non-DCs
(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))
Find all 2003 Servers – DCs
(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))
Find all Server 2008
(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

referência: http://www.kreslavsky.com/2008/08/active-directory-saved-queries-templates.html
Posted by às No comments:
TAGS: , , , ,
Subscribe to: Posts (Atom)