HOW TO FIND INACTIVE COMPUTER ON ACTIVE DIRECTORY USING POWERSHELL

 Hi there,

If you are looking to tidy up your Active Directory by finding inactive computer, I have a PowerShell script that can do just that. Save and run this script on your domain controller. This is just a audit tool and wont delete any thing.

1. Save the code with a ".PS1" extension.
2. Open PowerShell as an admin and run the script.
   
   
   Clear-Host
   Write-Host -ForegroundColor yellow " FIND INACTIVE USERS/STALE COMPUTERS"
   
   # Prompt user for number of days of inactivity
   $daysInactive = Read-Host "Enter number of days of inactivity"
   
   # Calculate the threshold date
   $thresholdDate = (Get-Date).AddDays(-$daysInactive)
   
   # Function to recursively fetch OU path
   function Get-OUPath {
   param (
   [string]$DN
   )
   
   # Split DistinguishedName into its components
   $components = $DN -split ','
   $ouPath = @()
   
   # Iterate through components to construct OU path
   for ($i = 1; $i -lt $components.Count; $i++) {
   if ($components[$i] -match '^OU=(.+)$') {
   $ouPath += $Matches[1]
   }
   }
   
   # Reverse the OU path to get correct order (child to parent)
   $ouPath = $ouPath -join '\'
   return $ouPath
   }
   
   # Search for inactive computers in Active Directory
   $inactiveComputers = Get-ADComputer -Filter {LastLogonTimeStamp -lt $thresholdDate -and Enabled -eq $true} -Properties LastLogonDate, DistinguishedName |
   Select-Object Name, LastLogonDate, @{
   Name="OUPath";
   Expression={
   # Call Get-OUPath function to retrieve OU path
   Get-OUPath -DN $_.DistinguishedName
   }
   }
   
   # Display results in Out-GridView
   $inactiveComputers | Out-GridView
   

HOW TO FIND INACTIVE USER ACCOUNT ON ACTIVE DIRECTORY USING POWERSHELL

Hi there,

If you are looking to tidy up your Active Directory by finding inactive accounts, I have a PowerShell script that can do just that. Save and run this script on your domain controller. This is just a audit tool and wont delete any thing.

1. Save the code with a ".PS1" extension.
2. Open PowerShell as an admin and run the script.
   
   
   Clear-Host
   
   Write-Host -ForegroundColor yellow " FIND INACTIVE USERS/STALE USER"
   
   # Import the Active Directory module
   Import-Module ActiveDirectory
   
   # Prompt the user for the number of days
   $daysInactive = Read-Host "Enter the number of days for inactive accounts"
   
   # Calculate the date
   $timeSpan = (Get-Date).AddDays(-$daysInactive)
   
   # Search for inactive user accounts
   $inactiveAccounts = Get-ADUser -Filter {LastLogonDate -lt $timeSpan -and Enabled -eq $true} -Property LastLogonDate, DistinguishedName |
   Select-Object Name, SamAccountName, LastLogonDate, DistinguishedName
   
   # Check if any inactive accounts were found
   if ($inactiveAccounts.Count -eq 0) {
   Write-Host "No inactive accounts found."
   } else {
   # Display the inactive accounts in a grid view
   $inactiveAccounts | Out-GridView -Title "Inactive User Accounts"
   }

HOW TO RESET BIOS PASSWORD

Hi ya

If any one needs bios password reset,

1. All you need to do is type in bios password wrong three time to get the above message

2. Type the code except the bracket and paste in the following website

https://bios-pw.org/

3.Then reset the BIOS to factory setting

HOW TO MIGRATE PRINT SERVER

 If you are trying to migrate your print server from old server to new one, you have come to the right place. 

STEP 1 - INSTALLING PRINT SERVER ROLE TO NEW SERVER

On your new server, please follow the step to install the print server role.
If you have installed print server role on new server, you can skip this step.

1. Open the Server manager. Click on Manage and Add Roles and Features.
2. Click on Next.
3. Select Role-based or feature-based installation and click Next.
4. Select a server from the server pool where you want to install the new print services. Click Next.
5. On server role, select Print and document services. Click on Add Features.
6. Click on next and Continue with Default selection

STEP 2 - EXPORTING PRINTER FILES FROM OLD SERVER

Follow this step on your old print server.
1. Open Print Management
(on Run type in “printmanagement.msc” and enter)
2. When the wizard opens, Right click on your old printer server and click on Export printer to a file

3. Hit Next and Located a folder to save the printer export file. Continue with Default selection.
4. Let the Wizard do its export. This will export all the drivers, forms, Port and printers.

STEP 3 – IMPORTING PRINTER FILES TO NEW SERVER

Follow this step on your new print server
1. Open Print Management
(on Run type in “printmanagement.msc” and enter)
2. When the wizard opens, Right click on your old printer server and click on Import printer from a file
3. Locate the file from the STEP 2, Continue with Default selection.
4. Let the Wizard do its import. This will import all the drivers, forms, Port and printers.
 
STEP 4 – Update your settings. (Optional)
If you have shared printer using GPO, do update the server share UNC name with new server name.

Good luck!!

TROUBLESHOOTING NTP SERVER TIME FOR WINDOWS SERVER

Hi ya,

I have faced many issues with the time on the servers which does not matches with real time and causes many software not to work properly, group policy not applying , user cannot logging to the domain, giving wrong time to the clients. Even I change time and date from the control panel it got revered back.

If time on your Primary domain controller is different, then the actual real time you have come to the right article.

To troubleshoot, First thing I would check 

- If your BIOS Battery are all working, this can be fixed by changing BIOS battery.
- If you are using a Virtual environment

Check the time on the Host VM and check if your VM is using time from the HOST.
Like on Hyper-V Time Synchronisation are on the Integration service.
(I usually keep then unsync)

If all the above are fine and your time of the server/client keeps changing, This might be because your NTP time server is corrupt and  not working correctly on your Primary Domain Controller.

To fix this, on your Primary domain controller (your main DC server).Open command prompt with the administrator user rights.

Run the following line

w32tm /config /manualpeerlist:0.uk.pool.ntp.org /syncfromflags:manual /reliable:yes /update && net stop W32Time && net start W32Time

Or (if you want multiple time server)

w32tm /config /manualpeerlist:”0.uk.pool.ntp.org,1.uk.pool.ntp.org,1.uk.pool.ntp.org” /syncfromflags:manual /reliable:yes /update && net stop W32Time && net start W32Time

I am from UK, so I am using UK (0.uk.pool.ntp.org) NTP time pool from the following website https://www.pool.ntp.org/zone/uk

If you are from different part of world please google any NTP server that you like and replace “0.uk.pool.ntp.org” from the above line.

If you have secondary Domain Controller. On that DC, open command prompt as admin and run the following line . This is not required if your secondary DC time is ok.

w32tm /config /syncfromflags:domhier /update && net stop w32time && net start w32time

Once this is done run the following line on the affected computer (server/client). This will sync the time

w32tm /resync /force

I hope that helps.

HOW TO SET UP GOOGLE CLOUD PRINT (GSUITE AND WINDOWS PRINT SERVER/COMPUTER)

This guide is recommended for the people who have G Suite and Windows print server/Computer setup.
I haven't tried this for standard google account.


PRE CHECKS

1. Make sure you have gsuite account.
2. You have a windows server/computer where printers are shared.
3. Make sure your printers are compatible with Google cloud printing
https://www.google.com/cloudprint/learn/printers/

STEPS
1. On your gsuite create an email account – Like GooglePrint@yourdomain.com
https://www.google.com/cloudprint/learn/printers/
- This account will be used to share printer to other users or group.
- If you want to share the printers to the group, please make sure the above account your created is the owner of the group.

2. Download google print connecter from the GitHub website and install on your print server/computer (where printer is shared)
https://github.com/google/cloud-print-connector/releases

3. Once downloaded, Run the installation. The installation is pretty straight forward. During installation it will ask for user email address to share the printer, you can share it from here or from
https://www.google.com/cloudprint#printers
 (I prefer sharing from google cloud print website –this is because sharing during installation share all printer including the windows default printers)

4. Once print connector is installed, Go to https://www.google.com/cloudprint#printers
Login with the step 1 account and Share the printer to user or the group if you havent shared from step 4.

5. Please note that printer needs to be accept by the user or group owner.
- To accept this login to google account like Gmail, YouTube,etc. and Print ( Control + P)
- On print Destination ,  Dropdown the option and click more
- On the next page you should see the shared printer and accept button.
- Accept the printer (If Printer has been share to a group this only needs to be done by group Owner)

 Now you should be able to printer from anywhere but you need to be logged in with google account.

Good luck !

HOW TO FIND INACTIVE (STALE) COMPUTER AND USER IN AD USING POWERSHELL

Hi Ya,

I have compiled this easy powershell script that will help you find the inactive computer and user.
This is very safe and easy to use as this script only display the inactive computer and user. This wont delete or disable any thing from your Active directory.

Save this script as ".PS1" extension and run this in your DC server.

 Write-Host -ForegroundColor Yellow "Input the no of inactive days : " -NoNewline   
 $staledays = Read-Host  
 $staledays = (Get-Date).AddDays(-$staledays)   
 Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $staledays}| Select-Object -Property Name,LastLogonDate,Distinguishedname,Enabled|Sort-Object -Property Name | Out-GridView -Title 'List of stale computers'  
 Get-ADuser -Property Name,lastLogonDate -Filter {lastLogonDate -lt $staledays}| Select-Object -Property Name,LastLogonDate,Distinguishedname,Enabled|Sort-Object -Property Name | Out-GridView -Title 'List of stale users'  

HOW TO MOVE ALL FSMO ROLE USING GUI

Please see my previous post to find the FSMO roles.
https://theitways.blogspot.com/2019/05/how-to-find-fsmo-roles-on-your-sever.html

If you need to migrate the FSMO role using GUI you have come to the right place.

To move Domain wide roles
- Infrastructure Master
- Relative ID (RID) Master
- PDC Emulator

1. Login to the server with Network domain admin permission where you want the FSMO migrated
2. Open run and type in
DSA.MSC
3. This will open Active Directory Users and computers
4. Right click on your domain name and Click on OPERATIONS MASTERS..

5. On  operation master you can move the 3 domain wide roles

To move Forest wide roles
Forest Wide Roles
- Schema Master
- Domain naming Master

For Domain naming master
1. Login to the server with Network domain admin permission where you want the FSMO migrated
2. Open CMD by running as Administrator
3. On Cmd type in the
regsvr32 schmmgmt.dll

4. This will Register the schema managment dll.
5. Open run and type in
MMC
6. On MMC click on FILE and ADD/REMOVE SNAP-IN

7. Select ACTIVE DIRECTORY SCHEMA , Click on ADD and click on OK

8. Right Click on active directory schema, and click on OPERATION MASTER

9. Click on change to transfer the role

For Domain naming master
1. Login to the server with Network domain admin permission where you want the FSMO migrated
2. Open run and type in
DOMAIN.MSC
3. This will open Active directory domain and trust
4. Right click on Active directory domain and trust and click on OPERATION MASTER..

5. Click on CHANGE to transfer the role

Good Luck!!

HOW TO FIND FSMO ROLES ON YOUR SERVER

Hi ya,

If you are an administrator with multiple server, You definitely need to know where the FSMO (Flexible Single-Master Operation) roles are installed . There are 5 FSMO roles

Forest Wide Roles

- Schema Master 

- Domain naming Master 

Domain Wide Roles

- Infrastructure Master

- Relative ID (RID) Master 

- PDC Emulator

To simply find the 5 FSMO roles, login into to one of your server using network administrator account,

1. Open up your Command prompt

You can do this by open Run (Windows + R )

Then type in 

CMD

2. On command prompt type the following

netdom query fsmo

Good luck !!

HOW TO DELETE STUCK PRINT JOBS IN WINDOWS SERVER

Hi Ya,

If you have cancelled you jobs in print queue and the job is still stuck, you have come to the right place. Here is how you can clean your stuck print jobs.

1. On the server where your print management is installed, Open up print management

You can do this by open Run (Windows + R )

Type in the following

PRINTMANAGEMENT.MSC

2. On the Print Management console, Right click on your print server name > Click properties.

3. Open the Spool folder location

4. Open Services

You can do this by open Run (Windows + R )

Type in the following

SERVICES.MSC

5. Find Print Spooler and stop the service, (don’t close the console as you need it to start again)

6.Delete all the file inside the step 3 location

7. Start the print spooler

8. Close and open your print management console.

This should remove all the stuck print jobs. Please make sure that you are logged in with admin privilege .

Good luck !!

8. Close and open your print management console.

HOW TO ADD TWO IP ADDRESS IN ONE NETWORK INTERFACE CARD(NIC)

Hi ya,

If you are wondering how you can add two IP address in one NIC card, you have come to the right place.  Please follow the following step below.

1. Open up your Network connection

You can do this by open Run (Windows + R )

Type in the following

NCPA.CPL

2. Double click required Port – Ethernet if you are using LAN or Wi-Fi if you are using Wireless.

3. Select the Internet Protocol Version 4 (TCP/IPv4) , Click properties

4. Make sure you untick obtain an IP address automatically and select the Use the following IP address

5. Fill in the Primary IP address, subnet mask, defaultgate , Preferred DNS server and Alternate DNS server details.

6. Then Click on Advance... and click on Add

7. Fill up the box with the secondary IP address and subnet you desire.

Good luck !!!