Category Archives: Uncategorized

Listing parent of AD object in PowerShell

Recently, I wanted to provide a client with a list of groups that related to some work he was doing. I wanted the group names as well as their location with AD. Although I often use the ds* commands or excellent ADfind tool for this type of task, I had been working in PowerShell on another project, so I decided to use the PowerShell ActiveDirectory module.

The Get-ADGroup Cmdlet pulled out the groups easily enough, but the there wasn’t a property representing the group object’s parent, nor is there an LDAP property that I could request (AFAIK). The object’s parent is contained within the DistinguishedName (DN) property, though.

Read the post at

Working on EFS DRA and Certificates

I found I couldn’t just “add” a user as a new recovery agent, because that account’s user object didn’t have an appropriate certificate. According to the document in my previous post, there are significant advantages to using our Certificate Authority to manage EFS-related keys.
I found the following sequence of articles useful:
I’m still working on this, though.

Progress on MOM Summary Reporting

I’ve successfully run the aggregation operations for a bunch of the data, including all of December ’05. I shortened the retention period by a few days and ran the grooming job. It finished without hammering too much on the system.
Tomorrow, I will complete the manual aggregation process, and I will continue to reduce data retention incrementally.
Much appreciation to Pete Zerger for his help via the MOM Reporting newsgroup.

MS Article – Understanding patch management options for student computers

Understanding patch management options for student computers
Every fall, higher education institutions host the return of thousands of students to campus. While this return is a challenge on many fronts, in recent years it has become increasingly challenging for IT staff to mitigate the threat posed by unmanaged student machines. For the 2005 back to school timeframe, Microsoft has several options for managing the patching and vulnerability assessment process, most of which are no-cost service add-ons to Windows 2003 Server.

  1. Microsoft Update
  2. Windows Server Update Service (WSUS)
  3. Systems Management Server (SMS)

Printers in AD

Printers published into AD are created as printQueue objects.
The objects appear to be created as child objects of the server object which hosts them, and the objects’ CNs start with the server name. ( e.g. cn: PRINTERS-CIT - HP Color LaserJet 3500 - Downstairs )
Search sample:
dsquery * domainroot -filter "(&(objectClass=printQueue)(printerName=CIT*))"