Skip to main content

Updating computer's AD Security Group membership without rebooting

I found the following to be very useful -

From the elevated command prompt execute “klist –li 0x3e7” to view the logon session of the computer account. To purge them, simply execute “klist –li 0x3e7 purge”.

A typical use case might involve targeting GPOs based on computer's group membership. When you add computer to the group in order to test the application of policies you can reboot it or, alternatively, run the above mentioned to clear logon sessions, then do “gpupdate /force” and check.

In a spirit of giving credit where credit is due, I found a few references to this, but the one I learned it from was http://setspn.blogspot.com/2010/10/updating-servers-security-group.html

Comments

  1. CE A good blog always comes-up with new and exciting information and while reading I have feel that this blog is really have all those quality that qualify a blog to be a one.

    ReplyDelete
  2. Browse the list of coating agent in food additives online With so many books and articles coming up to give gateway to make-money-online field and confusing reader even more on the actual way of earning money,

    ReplyDelete
  3. CBD Isolate Wholesale Your amazing insightful information entails much to me and especially to my peers. Thanks a ton; from all of us.

    ReplyDelete
  4. dog leash Superbly written article, if only all bloggers offered the same content as you, the internet would be a far better place..

    ReplyDelete

Post a Comment

Popular posts from this blog

Skype for Business and VTC Interoperability

Skype for Business (SfB) has a very, very strong potential, I have written about it in my previous post. I can't think of any other platform that shows as much promise in terms of bridging personal and business communications as well as unifying different modes and mediums. And all of this may have started with a strategic acquisition of Skype by Microsoft in 2011.

That said, the road ahead is not without challenges. For example, interoperability with other platforms. Making SfB work with existing Video TeleConferencing (VTC) systems, many of which represent significant capital investments in organizations' infrastructure, could be of a particular importance.

After reading statements like Skype for Business is based on Session Initiation Protocol (SIP) standards and supports H.264 (MPEG-4 video coding standard) one can come to a quick conclusion that integration and/or interoperability with other VTC solutions is easy or nearly automatic. Unfortunately, the industry is not qui…

PoSh Disable and Move AD Users

A quick and easy way to disable user accounts and move them into designated OU:

Import-Csv "C:\TEMP\users.csv" | ForEach-Object { `      $u=$_."sAMAccountName"; $l="Disabling and moving: " +$u; write-output $l; `      Get-ADUser -Identity $u | `      Disable-ADAccount -PassThru | `      Move-ADObject -TargetPath "OU=Disabled Users,OU=Organization,DC=domain,DC=local"
Input is provided via a CSV file:
users.csv (username) sAMAccountName  jdoe1  jdoe2  jdoe3  jdoe4  jdoe5  

To generate input file run something like this, review and edit as necessary:
Search-ADAccount –UsersOnly –AccountInactive –TimeSpan 180.00:00:00 | `      where {$_.enabled} | `      Get-ADUser | `      select sAMAccountName | `      Export-Csv -Path "C:\TEMP\users.csv"

Mail-enabled security groups in Office 365

Another update (11/19/2013): further evolution of Office 365 services makes creation of distribution and security groups even easier, plus there's now an option of creating a dynamic distribution group (click here for more information):

Update (08/06/2012): a clear sign of Office 365 evolving along the same lines as other agile cloud services - small incremental features and minor new functionality are being delivered almost continuously and, unlike important major service updates, without much fanfare. For example, there's no need to resort to using PowerShell to setup mail-enabled security groups anymore, it can now be done at creation using management portal: 



Those managing Office 365 (O365) tenant via the Microsoft Online Services Portal (MOS Portal) interface would notice that there are two distinct group entities:
Security Groups:can be created via MOS Portal (main portal page>Management>Security Groups) and used for assigning permissions within SharePoint Onlinedo n…