Skip to main content

Updating computer's AD Security Group membership without rebooting

I found the following to be very useful -

From the elevated command prompt execute “klist –li 0x3e7” to view the logon session of the computer account. To purge them, simply execute “klist –li 0x3e7 purge”.

A typical use case might involve targeting GPOs based on computer's group membership. When you add computer to the group in order to test the application of policies you can reboot it or, alternatively, run the above mentioned to clear logon sessions, then do “gpupdate /force” and check.

In a spirit of giving credit where credit is due, I found a few references to this, but the one I learned it from was http://setspn.blogspot.com/2010/10/updating-servers-security-group.html
Labels:

Comments

  1. SkOfficalAugust 23, 2018 at 6:31 AM

    CE A good blog always comes-up with new and exciting information and while reading I have feel that this blog is really have all those quality that qualify a blog to be a one.

    ReplyDelete
  2. SkOfficalAugust 25, 2018 at 4:44 AM

    Browse the list of coating agent in food additives online With so many books and articles coming up to give gateway to make-money-online field and confusing reader even more on the actual way of earning money,

    ReplyDelete
  3. SkOfficalAugust 26, 2018 at 3:37 AM

    CBD Isolate Wholesale Your amazing insightful information entails much to me and especially to my peers. Thanks a ton; from all of us.

    ReplyDelete
  4. SkOfficalOctober 1, 2018 at 1:36 PM

    dog leash Superbly written article, if only all bloggers offered the same content as you, the internet would be a far better place..

    ReplyDelete

Post a Comment

Popular posts from this blog

Mail-enabled security groups in Office 365

Another update (11/19/2013):  further evolution of Office 365 services makes creation of distribution and security groups even easier, plus there's now an option of creating a dynamic distribution group (click here for more information):    Update (08/06/2012): a clear sign of Office 365 evolving along the same lines as other agile cloud services - small incremental features and minor new functionality are being delivered almost continuously and, unlike important major service updates,  without much fanfare. For example, there's no need to resort to using PowerShell to setup mail-enabled security groups anymore, it can now be done at creation using management portal:       Those managing Office 365 ( O365 ) tenant via the Microsoft Online Services Portal  ( MOS Portal ) interface would notice that there are two distinct group entities: Security Groups: can be created via MOS Portal (main portal page>Management>Security Groups) and used for assigning
3 comments
Read more

Drumbeat - Sales and Technical Resources for Office 365

​ Drumbeat - provides information as well as technical and sales resources for Office 365. From partnering with Microsoft, to building up your sales and technical readiness, to adopting proven methodologies for successful deployment - you will find lots of good information and many helpful links there. Here's a quick sample of topics covered: The Customer Decision Framework is Microsoft's selling methodology designed to help partners sell Office 365 to their customers. Office 365 FastTrack is Microsoft's new, 3-step pilot and deployment methodology designed so customers experience service value early in the sales cycle with a smooth path to advance from a pilot to deployment.
Post a Comment
Read more

Sample DS Command

PowerShell is all the hype these days, and rightfully so - you can do just about anything with it; but, call me old-fashioned I still like to use ds commands every now and then, it's quick and dirty. Here are a few samples that query AD and to get some basic counts and other information: # Get a count of enabled and disabled user accounts in the domain dsquery user -limit 0 domainroot | dsget user -dn -disabled | find /c /i " no" dsquery user -limit 0 domainroot | dsget user -dn -disabled | find /c /i " yes" # Get a count of enabled and disabled computer accounts in the domain dsquery computer -limit 0 domainroot | dsget computer -dn -disabled | find /c /i " no" dsquery computer -limit 0 domainroot | dsget computer -dn -disabled | find /c /i " yes" # Get a count of enabled, but inactive (at least 24 weeks) user and computer accounts in the domain dsquery user -inactive 24 -limit 0 domainroot | dsget user -dn -disabled | find /c /i
3 comments
Read more