Active Directory
-
Active Directory Administrative Center (ADAC) - Bulk Change Clears Manager Attribute
When performing a bulk change on users (select all > properties) the manager field is cleared for nearly all users. I was able to reproduce this effect multiple times enabling/disabling "Protect from accidental deletion." Since the values are variable among multiple users the bug seems to apply a $null value to the manager attribute clearing all managers and direct reports. This has greatly impacted visibility of team calendars and organization charts in Office 365.
Reviewing the PowerShell History window in ADAC the following PowerShell commands are executed when only enabling/disabling deletion protection.
Set-ADObject -Identity:"<userDN>" -ProtectedFromAccidentalDeletion:<bool> -Server:"<DC>"
Set-ADUser -Identity:"<userDN>" -Manager:$null -Server:"<DC>"
1 vote -
Get-GPO does not return UserVersion, ComputerVersion or WMI Filters
Get-GPO does not return UserVersion, ComputerVersion or WMI Filters
Windows PowerShell 5.1 returns these values.
Tested from both Windows 10 1909 and a non-Domain Controller Windows Server 2019 1809.
3 votes -
Import-Module -Name ActiveDirectory ; Get-Help -Name about_ActiveDirectory returns a list of cmdlets, not help info
When I try to use Get-Help with any of the aboutActiveDirectory* topics, it just gives me a list of cmdlets. Other topics, like aboutFor or about_Break work as expected. I had originally thought it was perhaps an interop issue with PowerShell 7 being installed as well, but it happens when I try it on my Domain Controller that has only the PS built in to the server. An example is below:
PS C:\Windows\system32> Get-Help -Name about_ActiveDirectory
Name Category Module Synopsis
Get-ADAuthenticationPolicy Cmdlet ActiveDirectory Gets one or more Active Directory Domain Services authentication policies.
Get-ADAuthenticationPolicySilo Cmdlet ActiveDirectory Gets one…2 votes -
Attribute Editor multi-value sorting issue
When adding values in a multi-value field (such as the serialNumber attribute), the editor sorts by alphabetical order. When adding values via PowerShell, order is the order in which they were inserted.
The order in which the editor displays is not a filter, but modifies the true order (to where even PowerShell displays them that way). Without this order, the positions are useless. One could use a MV field like a simple one row spreadsheet (using ordering like column positions). The only way to make it useful is by making it a key/value pair (e.g. model:12345), and this basically defeats…
1 vote -
New-ADObject for Computer and New-ADComputer behaviors are different
New-ADObject cmdlet with Type 'Computer'
and
New-ADComputer
creates different types of objects.The New-ADObject creates samAccountType is NORMALUSERACCOUNT instead of MACHINE_ACCOUNT.
1 vote -
DNS Conditional Forwarder and Delegation.
Hi,
To put it in a LAB scenario.
Conditional forwarder site2.location1.country1.company.org cannot be created if the Forward zones has location1.country1.company.org -> "A problem occurred while trying to add the conditional forwarder. A zone configuration problem occurred."
I delegate site2 under location1.country1.company.org pointing to external IPs - Successful.
Now if i create a Conditional forwarder site2.location1.country1.company.org it gets created and works even if i delete the delegation done in step 2.
I am not sure if this supported model, but would like to know this approach is documented anywhere? or i am wrong in understanding it.
Thank you.
1 vote -
-
5 votes
-
Add-ADPrincipalGroupMembership fails with $PSDefaultParameterValues
Add-ADPrincipalGroupMembership gives an error if used in conjunction with $PSDefaultParameterValues to choose the Domain Controller.
Using this CMDLET with this variable produces an error that the user does not have permission to perform the specified operation.
1 vote -
GPO: turn off microsoft consumer features all sku
Please make the GPO object for "Turn off Microsoft consumer features" work on all skus not just Enterprise and Education. I am in education but we have been buying Pro skus as we did not know about this garbage limitation which makes no sense. Removing the XBOX app and other preloaded nonsense is necessary no matter the sku. If it can join a domain this should just work. Yes there are scripts to do this but given its supported in "some" skus this should not be necessary.
Tom
8 votes -
Bug - Active Directory Administrative Center Global Search
When double-clicking on a search result in "Global Search", the item that opens is the previously selected item, not the one that is double-clicked.
Steps to reproduce: Open ADAC, enter a value in global search that will get more than one result, for example "domain". This will give a list of results, the top one will be selected. Double-click on any result that is not the selected one.
Result: The previously selected item opens
Expected result: The double-clicked item opens44 votes -
Existing the miracle of creations as user request for
I would like to share about something miracle,that i had seen before. The existing of the miracle object in as i wish for without using technology or any devices.
1 vote -
Administrative Templates language pack wrong region tag
Finnish language pack folder name has changed in 'Administrative Templates (.admx) for Windows 10 (1703) Creators Update’ package.
Earlier the language files folder name was fi-FI (as normal Finnish region tag in Windows systems), now it is fi-FL (I can't find region tag for that). Maybe typo; please check and correct tag in next release (1709). Reported this also directly to PG.2 votes
- Don't see your idea?