User Rights Delegation via Powershell (Server 2012)
Hi
In the Exam Ref 70-414 book the author refers the the following powershell cmdlets in server 2012 to assign /delegate user rights by using the constant names.
The cmdlets;
Get-privilege
Grant-privilege
Revoke-privilege
Test-privilege
I am not sure if i'm missing something blatantly, but i seem not to find any information or syntax on this, even after updating powershell help, it doesn't recognize the cmdlets.
Any help will be appreciated.
Here this will tide you over:
PS C:\scripts> function Get-Privileges{whoami /priv /fo csv|Out-String|convertFrom-Csv}
PS C:\scripts> Get-Privileges
Privilege Name Description State
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
¯\_(ツ)_/¯
Similar Messages
-
Creating user from template in powershell - Server 2012 R2
I've been research online how to create a user from a template in powershell and so far can't get it to work. Here is what I'm using:
$instance = Get-ADUser –identity template_user
New-ADUser –SamAccountName Test_Scripts –Instance $instance –Name “Test Scripts” –Enabled:$false
I'm getting an error saying the operation failed because UPN value is not unique. This is a very strange error to me, because it is saying that about the "-Instance" account. But of course that one isn't unique. That's the template.
If I remove "-Instance $instance" from the code, it works just fine and creates the account, just not from a template, obviously.
Any ideas? Below is the entire pasted error.
New-ADUser : The operation failed because UPN value provided for addition/modification is not unique forest-wide
At line:1 char:1
+ New-ADUser –SamAccountName Test_Scripts –Instance $instance –Name “Test Scripts” ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (CN=Test Scripts...domain,DC=com:String) [New-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8648,Microsoft.ActiveDirectory.Management.Commands.NewADUserHi,
You'll need to supply a unique UPN for the new user by adding in the -UserPrincipalName parameter.
http://ss64.com/ps/new-aduser.html
Don't retire TechNet! -
(Don't give up yet - 13,225+ strong and growing) -
Is there an application to monitor users who log into Windows Server 2012 R2?
I'm looking at Family Safety Feature in Windows 8 and like what they can do. I have a request to monitor, track users who log into Windows Server 2012 R2 to see how many users login, how long each login is for each user so a monthly report can be generated.
1. I just wonder if Windows Essential 2012 can be used for this purpose or not. If it can, is Windows Essential 2012 a feature can be added or installed on Windows Server 2012 R2?
2. If Window Essential 2012 cannot be used for this purpose, is there any feature in Windows Server 2012 R2 that can be used for this purpose?
3. Is there any other suggestions?
Thank you for your help.
Thanks and Regards,
Hien PhanHi Hien,
Anything updates?
It seems that there is no feature can do that. I agree with Tim that you can check the event logs. In general, the event 4624 would be created when a user was logged on, and the event 4634 would be created when a user account was logged
off.
More information:
Tracking User Logon Activity Using Logon Events
Best regards,
Susie
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Hello Everyone,
I'm working on trying to create something like a knowledge base for my company, and what I'm trying to accomplish is to create a shared mailbox on 365, add users to have read-only rights to the Inbox (which I can achieve via PowerShell) so they can't delete
the articles, but it seems that by just adding Reviewer permission to a user, it doesn't force the mailbox to open on the end-user's Outlook profile - it only seems to automatically populate if I go through the exchange admin console and allow Full Access
through User Delegation.
Is there a way, via PowerShell, to open a shared mailbox in a user's Outlook profile?
Thanks for all the help!Hi,
We can create a PRF file that modifies the existing Outlook profile to add the shared mailbox.
Please have a look at this thread which discussed a similar issue:
http://social.technet.microsoft.com/Forums/systemcenter/en-US/374e5a31-1732-45b8-afdd-7c0987e04a7e/how-to-add-additional-mailboxes-in-outlook-for-exchange
For more information about Customize Outlook profiles by using an Outlook Profile (PRF) file, see:
http://technet.microsoft.com/en-us/library/cc179062(v=office.14).aspx
Hope this helps.
Regards,
Steve Fan
TechNet Community Support -
Managing user sessions in RDS on Server 2012 R2
I'm planning on deploying Server 2012 R2 Remote Desktop Services, and I'm finding I'm going to have to go to a training class! Unfortunately, I don't have the time to do that before deploying. I've figured out how to use policy editor to configure
what I used to accomplish in "Terminal Services Configuration". What tool do I use to manage Remote Apps, and what tool do I use to view session details? I know I can remote control user sessions from Task Manager, but that doesn't give visibility
to view session idle time, logon time, etc.Is it on a Domain or Workgroup, if it is on a Domain (and you had previous experience with RDS 2008/R2) then you can simply read this guide
http://social.technet.microsoft.com/wiki/contents/articles/20684.management-how-to-changes-for-rds-in-windows-server-2012-and-2012r2.aspx
If it is on a workgroup you have to do a bit more to get it right. The only problem is if you are on a workgroup you can not have RemoteApps
Hope this helps! -
Resizing User Profile Disks in Existing Server 2012 R2 RDS Deployment Question
Once the initial maximum size is set and the VHDXs have been created in a Server 2012 R2 RDS deployment, will attempting to increase Collection's maximum UPD size by say.. issuing a Powershell command of:
Set-RDSessionCollectionConfiguration -CollectionName MySpiffyNewCollection -MaxUserProfileDiskSizeGB 10
over-write the existing VHDXs instead of simply increasing their size? (max size is currently 5GB)
I'm not at a point where I can test this in a lab condition to find out, and I have not found this question asked (or at least not definitively answered) in this forum yet.
-GHi,
Thank you for posting in Windows Server Forum.
We can resize the UPD file with below command:
Resize-VHD –Path c:\BaseVHDX.vhdx –SizeBytes 1TB
After running this mount the .vhdx file and open disk manager and there will be unallocated disk, and then you can click extend disk/volume and its done.
You can refer following article for more information.
Resize User Profile Disks
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
Files an folders have wrong user rights on OS X Server with 10.5.6
Hi there, since updating to 10.5.6 we have a strange behaviour in our network. All Leopard clients are not able to search on our network volumes (OS X Server 10.4.11). The user rights are owner: admin; everyone: read only
All groups and users which are defined in the server management where not shown. The rights on all machines which are working under Tiger show the correct rights.
Any ideas?Try the server products forums.
-
User Profile Disks with Windows Server 2012 and Windows 8 VDI
Hello experts!
We are building a new server setup for the office and are unable to figure out why UPD will not work. We have VDI setup and a user for instance
connecting through the RDWeb workplace will dynamically get one of the available Windows 8 Machines delivered through Hyper-V and can successfully login on this machine via Active Directory. So far so good...
However, when we activate the User Profile Disks "UPD" feature the login takes forever and the VHDX will not mount on c:\users\...
as expected within the virtual Windows 8 machine.
The UPD config is quite simple, with just the path "\\vmhost\upd\" set. This share has (now during test) full access for everyone,
both on share level and on security level, but still the VHDX will not mount.
The UVHD-template.vhdx file gets created just fine when UPD is activated, and during login through RDWeb a TEMP-UVHD-S-1-5-21-1477358240-4159876597-995667825-500.vhdx
gets created, but there it stops... The login process takes a couple of minutes by the "Windows förbereds" (roughly translated to English "Preparing Windows"), and then the user gets logged in with a temporary profile.
- The event log says (translated using Google translate):
Failed to obtain a user profile disk for the user account with SID S-1-5-21-1477358240-4159876597-995667825-500.
Make sure the location of the user profile desk can be reached, the server's computer account has read and write permissions to the site and that there is a template file for user profile disks at the site.
Name of the virtual desk"font-size:14px;font-family:'Droid Serif', Georgia, 'Times New Roman', serif;color:#222222;line-height:23px;"
/>HRESULT: 0x8007007B.0
Please help, it should not be that hard to achieve this.Hi,
As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many
similar scenarios.
If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer
as you wish.
In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hitting limit when adding users to groups via powershell
I've written a powershell to search AD for users with a specific UPN suffix and add them to a group. It's working, except I am hitting some limit. After the script runs, I see that the group only had 1,500 members (exactly). I am expecting somewhere in the
neighborhood of 7,000.
I did some digging and changed the LDAP policy MaxValRange from 1500 to 15000. This increased my results up to 5,000 (exactly).
I appear to be hitting some other limit....any ideas what it could be? Here are my current LDAP policies:
Policy Current(New)
MaxPoolThreads 4
MaxDatagramRecv 4096
MaxReceiveBuffer 10485760
InitRecvTimeout 120
MaxConnections 10000
MaxConnIdleTime 900
MaxPageSize 1000
MaxQueryDuration 120
MaxTempTableSize 10000
MaxResultSetSize 262144
MinResultSets 0
MaxResultSetsPerConn 0
MaxNotificationPerConn 5
MaxValRange 15000
ThreadMemoryLimit 0
SystemMemoryLimitPercent 0
Thanks!Hello,
have you seen
http://technet.microsoft.com/en-us/library/cc756101.aspx for limits in AD.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
I have an application which connects to SQL through ODBC 11.
ODBC statement is :
SELECT PID
FROM PENTITY PENTITY01 WHERE ((NUM1 NOT BETWEEN ? + 10.7895 AND ? + 200.6734 AND NUM2 NOT IN (5996/ 8, ? - 89.3892, ? + 80.7543))
and the SQLBindparameter statement is :
static UCHAR num1[12]=12.589
rc = SQLBindParameter(hstmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, sqlType, precision, scale,
&num1, sizeof(num1), NULL);
With this SQLBindparameter statement I am getting error, It is working without any error if I change the value to 12.
The same code is working when connecting to SQL server 2008.
Thanks in advance.Hi Nalsr,
From my research, I found:
"[Microsoft][ODBC SQL Server Driver]String
data right truncation" error may be returned from a call to
SQLBindParameter if the size of the string parameter being used is greater than the size of the column being compared to. In other words if the
string size of the <expression> to the left of the <comparison_operator> is less than the
string size of the <expression> to the
right, ODBC may return this error.
The resolution is to make the string size of the <expression> to the
right of the <comparison_operator> less than or equal to the
string size of the <expression> on the left.
It is difficult to track down this type of problem when third party development applications are being used. ODBC Trace can be used to help determine if this problem is occuring.
Here is an example where the customer has submitted a query "select count(*) from type1 where type1 = ?", type1 is varchar(5) and the
data type being passed by the application is char[9].
Here is the relevant portion of the trace. The following information from the "exit" of SQLDescribeParam
SWORD * 0x0095e898 (12)
UDWORD * 0x0095e880 (5)
Maps to the following with the actual value in parenthesis - SQL_VARCHAR Size 5:
SQLSMALLINT *DataTypePtr
SQLUINTEGER *ParameterSizePtr
The "exit" value from SQLBindParameter provides the following
information:
SWORD 1 <SQL_PARAM_INPUT>
SWORD 1 <SQL_C_CHAR>
SQL Data Type SWORD 12 <SQL_VARCHAR>
Parameter Size UDWORD 5
SWORD 0
Value PTR 0x0181c188
Value Buffer Size SDWORD 5
String Length SDWORD * 0x0181c103 (9)
The string length parameter is the length of the
string being bound to the parameter, in this instance there is a size mismatch which results in the SQLError and the SQLErrorW with the message "[Microsoft][ODBC SQL Server
Driver]String data
right truncation" .
Hope this could be helpful.
Best regards,
Halin Huang -
How to get which domain a user belongs to via powershell
Hi Guys
I have a forest that contains many subdomain, like
Forest Root: contoso.com
Child Domain: a.contoso.com ; b.contoso.com and so on, now I'd like to write a powershell query to find out a which domain a user belongs to , was it possible ?Hi,
Here's something you can try:
Get-ADUser USERNAME -Properties CanonicalName |
Select @{N='Domain';E={($_.CanonicalName -split '/')[0]}}
Don't retire TechNet! -
(Don't give up yet - 12,950+ strong and growing) -
Adobe Connect prevents external users from connecting via Edge Server
Errors thrown in the logs:
Bad network data; terminating connection : bad chunk version 24 on input stream 07726718
Bad network data; terminating connection : (Adaptor: _defaultRoot_, VHost: Unknown, IP: 110.141.64.253, App: , Protocol: rtmp) : 18
Bad network data; terminating connection : (Adaptor: _defaultRoot_, VHost: Unknown, IP: 110.141.64.253, App: , Protocol: rtmp) : 03
Any advice would be greatly appreciated!
Regards
Ole KristensenHi,
Please check all the services are started on Lync Edge server.
Please double check the ports for both Edge server internal and external interface with the help of the link below:
http://technet.microsoft.com/en-us/library/gg425891.aspx
You can test your remote connectivity with the help of the link below:
https://testconnectivity.microsoft.com/
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
I have a user on a virtual machine (server 2012) and their desktop is basically a windows 8 environment. When I tried to install icloud control panel 3 it fails, stating that it needs windows 8 or 7.
Since it really is windows 8, but icloud doesn't see that, is it possible to fix this, so it can install?Hi jerelo:
I have successfully installed iCloud Control Panel 3 on a machine running Windows Server 2012 R2. I am not running a VM on the server; rather, the users (about 10) connect via RDC. In any event, you might check out another thread related to Server 2008: https://discussions.apple.com/message/24899308#24899308.
In the thread, a poster suggests modifying the install file to work on Server 2008 R2. I was experiencing the same problem you describe and after the fix detailed in the cited thread, iCloud installed without any problems. Now all users can access it as normal via RDC.
I hope this helps,
JW -
Server 2012 RDS - User Profile Disks
Hello,
I'm implementing Server 2012 RDS session-based.
Can I increase the limit of User Profile Disk after it is initially set?
Is it ok that my Admin user has a User Profile Disk i.e. no local profile on the server as they did previously.
Are PSTs supported on User Profile Disks - previously PSTs were unsupported on network share - User Profile Disks are on network share.
I had an issue where a UPD was created for a user - I then delete the UPD. I then logged in as the user (a domain admin) and expected a local profile to be created - this didn't happen. A temporary profile was created instead. This was unexpected.Hi Gary,
You can try to change the size of User Profile Disk by mounting .Vhdx file. Please refer below thread for information.
Resize User Profile Disks
As per my research, i can suggest you to use admin local user profile on server.You can get more information for UPD on below listed article.
1. Easier User Data Management with User Profile Disks in Windows Server 2012
2. Using User Profile Disks (UPD) in combination with predefining the Modern UI Start Screen on RDS 2012 (appsfolder.itemdata-ms)
Hope it helps!
Thanks,
Dharmesh -
What share/ntfs permission i've to setup for user profile disks on Server 2012 R2?
Please, let me know.
Regards!
Lasandro LopezHi Lasandro,
As far as I know, share permissions for UPD are automatically set up by the management tools.
Besides, regarding how to install and configure UPD, the following article can be referred to as reference.
Installing and Configuring User Profile Disks (UPD) in Windows Server 2012
https://social.technet.microsoft.com/wiki/contents/articles/15304.installing-and-configuring-user-profile-disks-upd-in-windows-server-2012.aspx
In addition, regarding UPD, the following article can be referred to for more information.
Easier User Data Management with User Profile Disks in Windows Server 2012
http://blogs.msdn.com/b/rds/archive/2012/11/13/easier-user-data-management-with-user-profile-disks-in-windows-server-2012.aspx
Best regards,
Frank Shen
Maybe you are looking for
-
User Exit or BADI on saving of Sales order cost estimate (CK51N)
Hi, Can any one share with me what are the User Exit or BADI that gets triggered on saving of Sales order cost estimate (CK51N). Regards, Bijay
-
Run the same procedure many times in parallel but no more than 10 at a time
I have a table filled with individual such criteria and want to run a stored pl/sql procedure to run searches on an external server on each of them. The stored procedure deals with the API and the external server can handle the concurrency. I want to
-
Have you tried to Back-up or Burn a CD with this CRAP 10.4 version. I have been attempting to get an answer from Apple for over a month. So far 7 different individuals have gone from telling me to read the "Back-up to CD" page, after telling them Th
-
Recording audio from rtp session
Dear all; I am not sure that this is the right forum to post my question. I am new in jmf and i want to record calls from nortel Pbx for example and others like asterisk PBX which records all in and out calls.first of all is it possible to use jmf fo
-
How to find out what version of DB Server was installed (32bit or 64)?
Hello Maybe somebody would know if there is any way to find out what version of DB Server was installed (32bit or 64)? I need this information when downloading patches from oracle metalink. PN