User Rights Delegation via Powershell (Server 2012)

Similar Messages

• Creating user from template in powershell - Server 2012 R2

  I've been research online how to create a user from a template in powershell and so far can't get it to work. Here is what I'm using:
  $instance = Get-ADUser –identity template_user
  New-ADUser –SamAccountName Test_Scripts –Instance $instance –Name “Test Scripts” –Enabled:$false
  I'm getting an error saying the operation failed because UPN value is not unique.  This is a very strange error to me, because it is saying that about the "-Instance" account.  But of course that one isn't unique.  That's the template.
    If I remove "-Instance $instance" from the code, it works just fine and creates the account, just not from a template, obviously.
  Any ideas?  Below is the entire pasted error.
  New-ADUser : The operation failed because UPN value provided for addition/modification is not unique forest-wide
  At line:1 char:1
  + New-ADUser –SamAccountName Test_Scripts –Instance $instance –Name “Test Scripts” ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (CN=Test Scripts...domain,DC=com:String) [New-ADUser], ADException
      + FullyQualifiedErrorId : ActiveDirectoryServer:8648,Microsoft.ActiveDirectory.Management.Commands.NewADUser

  Hi,
  You'll need to supply a unique UPN for the new user by adding in the -UserPrincipalName parameter.
  http://ss64.com/ps/new-aduser.html
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)

• Is there an application to monitor users who log into Windows Server 2012 R2?

  I'm looking at Family Safety Feature in Windows 8 and like what they can do.  I have a request to monitor, track users who log into Windows Server 2012 R2 to see how many users login, how long each login is for each user so a monthly report can be generated.  
  1.  I just wonder if Windows Essential 2012 can be used for this purpose or not.  If it can, is Windows Essential 2012 a feature can be added or installed on Windows Server 2012 R2?
  2.  If Window Essential 2012 cannot be used for this purpose, is there any feature in Windows Server 2012 R2 that can be used for this purpose?
  3.  Is there any other suggestions?
  Thank you for your help.
  Thanks and Regards,
  Hien Phan

  Hi Hien,
  Anything updates?
  It seems that there is no feature can do that. I agree with Tim that you can check the event logs. In general, the event 4624 would be created when a user was logged on, and the event 4634 would be created when a user account was logged
  off.
  More information:
  Tracking User Logon Activity Using Logon Events
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Adding a shared mailbox to a user's Outlook profile, who has reviewer rights only, via PowerShell

  Hello Everyone,
  I'm working on trying to create something like a knowledge base for my company, and what I'm trying to accomplish is to create a shared mailbox on 365, add users to have read-only rights to the Inbox (which I can achieve via PowerShell) so they can't delete
  the articles, but it seems that by just adding Reviewer permission to a user, it doesn't force the mailbox to open on the end-user's Outlook profile - it only seems to automatically populate if I go through the exchange admin console and allow Full Access
  through User Delegation. 
  Is there a way, via PowerShell, to open a shared mailbox in a user's Outlook profile?
  Thanks for all the help!

  Hi,
  We can create a PRF file that modifies the existing Outlook profile to add the shared mailbox.
  Please have a look at this thread which discussed a similar issue:
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/374e5a31-1732-45b8-afdd-7c0987e04a7e/how-to-add-additional-mailboxes-in-outlook-for-exchange
  For more information about Customize Outlook profiles by using an Outlook Profile (PRF) file, see:
  http://technet.microsoft.com/en-us/library/cc179062(v=office.14).aspx
  Hope this helps.
  Regards,
  Steve Fan
  TechNet Community Support

• Managing user sessions in RDS on Server 2012 R2

  I'm planning on deploying Server 2012 R2 Remote Desktop Services, and I'm finding I'm going to have to go to a training class!  Unfortunately, I don't have the time to do that before deploying. I've figured out how to use policy editor to configure
  what I used to accomplish in "Terminal Services Configuration". What tool do I use to manage Remote Apps, and what tool do I use to view session details? I know I can remote control user sessions from Task Manager, but that doesn't give visibility
  to view session idle time, logon time, etc.

  Is it on a Domain or Workgroup, if it is on a Domain (and you had previous experience with RDS 2008/R2) then you can simply read this guide
  http://social.technet.microsoft.com/wiki/contents/articles/20684.management-how-to-changes-for-rds-in-windows-server-2012-and-2012r2.aspx
  If it is on a workgroup you have to do a bit more to get it right. The only problem is if you are on a workgroup you can not have RemoteApps
  Hope this helps!

• Resizing User Profile Disks in Existing Server 2012 R2 RDS Deployment Question

  Once the initial maximum size is set and the VHDXs have been created in a Server 2012 R2 RDS deployment, will attempting to increase Collection's maximum UPD size by say.. issuing a Powershell command of:
  Set-RDSessionCollectionConfiguration -CollectionName MySpiffyNewCollection -MaxUserProfileDiskSizeGB 10
  over-write the existing VHDXs instead of simply increasing their size? (max size is currently 5GB)
  I'm not at a point where I can test this in a lab condition to find out, and I have not found this question asked (or at least not definitively answered) in this forum yet.
  -G

  Hi,
  Thank you for posting in Windows Server Forum.
  We can resize the UPD file with below command:
  Resize-VHD –Path c:\BaseVHDX.vhdx –SizeBytes 1TB
  After running this mount the .vhdx file and open disk manager and there will be unallocated disk, and then you can click extend disk/volume and its done.
  You can refer following article for more information.
  Resize User Profile Disks
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Files an folders have wrong user rights on OS X Server with 10.5.6

  Hi there, since updating to 10.5.6 we have a strange behaviour in our network. All Leopard clients are not able to search on our network volumes (OS X Server 10.4.11). The user rights are owner: admin; everyone: read only
  All groups and users which are defined in the server management where not shown. The rights on all machines which are working under Tiger show the correct rights.
  Any ideas?

  Try the server products forums.

• User Profile Disks with Windows Server 2012 and Windows 8 VDI

  Hello experts!
  We are building a new server setup for the office and are unable to figure out why UPD will not work. We have VDI setup and a user for instance
  connecting through the RDWeb workplace will dynamically get one of the available Windows 8 Machines delivered through Hyper-V and can successfully login on this machine via Active Directory. So far so good...
  However, when we activate the User Profile Disks "UPD" feature the login takes forever and the VHDX will not mount on c:\users\...
  as expected within the virtual Windows 8 machine.
  The UPD config is quite simple, with just the path "\\vmhost\upd\" set. This share has (now during test) full access for everyone,
  both on share level and on security level, but still the VHDX will not mount.
  The UVHD-template.vhdx file gets created just fine when UPD is activated, and during login through RDWeb a TEMP-UVHD-S-1-5-21-1477358240-4159876597-995667825-500.vhdx
  gets created, but there it stops... The login process takes a couple of minutes by the "Windows förbereds" (roughly translated to English "Preparing Windows"), and then the user gets logged in with a temporary profile.
   - The event log says (translated using Google translate):
  Failed to obtain a user profile disk for the user account with SID S-1-5-21-1477358240-4159876597-995667825-500.
  Make sure the location of the user profile desk can be reached, the server's computer account has read and write permissions to the site and that there is a template file for user profile disks at the site.
  Name of the virtual desk"font-size:14px;font-family:'Droid Serif', Georgia, 'Times New Roman', serif;color:#222222;line-height:23px;"
  />HRESULT: 0x8007007B.0
  Please help, it should not be that hard to achieve this.

  Hi,
  As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many
  similar scenarios.
  If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer
  as you wish.
  In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Hitting limit when adding users to groups via powershell

  I've written a powershell to search AD for users with a specific UPN suffix and add them to a group. It's working, except I am hitting some limit. After the script runs, I see that the group only had 1,500 members (exactly). I am expecting somewhere in the
  neighborhood of 7,000.
  I did some digging and changed the LDAP policy MaxValRange from 1500 to 15000. This increased my results up to 5,000 (exactly).
  I appear to be hitting some other limit....any ideas what it could be? Here are my current LDAP policies:
  Policy Current(New)
  MaxPoolThreads 4
  MaxDatagramRecv 4096
  MaxReceiveBuffer 10485760
  InitRecvTimeout 120
  MaxConnections 10000
  MaxConnIdleTime 900
  MaxPageSize 1000
  MaxQueryDuration 120
  MaxTempTableSize 10000
  MaxResultSetSize 262144
  MinResultSets 0
  MaxResultSetsPerConn 0
  MaxNotificationPerConn 5
  MaxValRange 15000
  ThreadMemoryLimit 0
  SystemMemoryLimitPercent 0
  Thanks!

  Hello,
  have you seen
  http://technet.microsoft.com/en-us/library/cc756101.aspx for limits in AD.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Getting SQLSTATE:22001(Message : [Microsoft][SQL Server Native Client 11.0]String data, right truncation) in SQL Server 2012 but in SQL server 2008 R2.

  I have an application which connects to SQL through ODBC 11.
  ODBC statement is :
  SELECT PID
  FROM PENTITY PENTITY01 WHERE ((NUM1 NOT BETWEEN ? + 10.7895 AND ? + 200.6734 AND NUM2 NOT IN (5996/ 8, ? - 89.3892, ? + 80.7543))
  and the SQLBindparameter statement is :
  static UCHAR num1[12]=12.589
  rc = SQLBindParameter(hstmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, sqlType, precision, scale,
  &num1, sizeof(num1), NULL);
  With this SQLBindparameter statement I am getting error, It is working without any error if I change the value to 12.
  The same code is working when connecting to SQL server 2008.
  Thanks in advance.

  Hi Nalsr,
  From my research, I found:
  "[Microsoft][ODBC SQL Server Driver]String
  data right truncation" error may be returned from a call to
  SQLBindParameter if the size of the string parameter being used is greater than the size of the column being compared to. In other words if the
  string size of the <expression> to the left of the <comparison_operator> is less than the
  string size of the <expression> to the
  right, ODBC may return this error.
  The resolution is to make the string size of the <expression> to the
  right of the <comparison_operator> less than or equal to the
  string size of the <expression> on the left.
  It is difficult to track down this type of problem when third party development applications are being used. ODBC Trace can be used to help determine if this problem is occuring.
  Here is an example where the customer has submitted a query "select count(*) from type1 where type1 = ?", type1 is varchar(5) and the
  data type being passed by the application is char[9].
  Here is the relevant portion of the trace. The following information from the "exit" of SQLDescribeParam
  SWORD * 0x0095e898 (12)
  UDWORD * 0x0095e880 (5)
  Maps to the following with the actual value in parenthesis - SQL_VARCHAR Size 5:
  SQLSMALLINT *DataTypePtr
  SQLUINTEGER *ParameterSizePtr
  The "exit" value from SQLBindParameter provides the following
  information:
  SWORD 1 <SQL_PARAM_INPUT>
  SWORD 1 <SQL_C_CHAR>
  SQL Data Type SWORD 12 <SQL_VARCHAR>
  Parameter Size UDWORD 5
  SWORD 0
  Value PTR 0x0181c188
  Value Buffer Size SDWORD 5
  String Length SDWORD * 0x0181c103 (9)
  The string length parameter is the length of the
  string being bound to the parameter, in this instance there is a size mismatch which results in the SQLError and the SQLErrorW with the message "[Microsoft][ODBC SQL Server
  Driver]String data
  right truncation" .
  Hope this could be helpful.
  Best regards,
  Halin Huang

• How to get which domain a user belongs to via powershell

  Hi Guys
    I have a forest that contains many subdomain, like
  Forest Root: contoso.com
  Child Domain: a.contoso.com ; b.contoso.com and so on, now I'd like to write a powershell query to find out a which domain a user belongs to , was it possible ?

  Hi,
  Here's something you can try:
  Get-ADUser USERNAME -Properties CanonicalName |
  Select @{N='Domain';E={($_.CanonicalName -split '/')[0]}}
  Don't retire TechNet! -
  (Don't give up yet - 12,950+ strong and growing)

• Adobe Connect prevents external users from connecting via Edge Server

  Errors thrown in the logs:
  Bad network data; terminating connection : bad chunk version 24 on input stream 07726718
  Bad network data; terminating connection : (Adaptor: _defaultRoot_, VHost: Unknown, IP: 110.141.64.253, App: , Protocol: rtmp) : 18
  Bad network data; terminating connection : (Adaptor: _defaultRoot_, VHost: Unknown, IP: 110.141.64.253, App: , Protocol: rtmp) : 03
  Any advice would be greatly appreciated!
  Regards
  Ole Kristensen

  Hi,
  Please check all the services are started on Lync Edge server.
  Please double check the ports for both Edge server internal and external interface with the help of the link below:
  http://technet.microsoft.com/en-us/library/gg425891.aspx
  You can test your remote connectivity with the help of the link below:
  https://testconnectivity.microsoft.com/
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• HT204053 How to run icloud control panel on a users windows 8 desktop running in windows server 2012?

  I have a user on a virtual machine (server 2012) and their desktop is basically a windows 8 environment. When I tried to install icloud control panel 3 it fails, stating that it needs windows 8 or 7.
  Since it really is windows 8, but icloud doesn't see that, is it possible to fix this, so it can install?

  Hi jerelo:
  I have successfully installed iCloud Control Panel 3 on a machine running Windows Server 2012 R2. I am not running a VM on the server; rather, the users (about 10) connect via RDC. In any event, you might check out another thread related to Server 2008: https://discussions.apple.com/message/24899308#24899308.
  In the thread, a poster suggests modifying the install file to work on Server 2008 R2. I was experiencing the same problem you describe and after the fix detailed in the cited thread, iCloud installed without any problems. Now all users can access it as normal via RDC.
  I hope this helps,
  JW

• Server 2012 RDS - User Profile Disks

  Hello,
  I'm implementing Server 2012 RDS session-based.
  Can I increase the limit of User Profile Disk after it is initially set?
  Is it ok that my Admin user has a User Profile Disk i.e. no local profile on the server as they did previously.
  Are PSTs supported on User Profile Disks - previously PSTs were unsupported on network share - User Profile Disks are on network share.
  I had an issue where a UPD was created for a user - I then delete the UPD. I then logged in as the user (a domain admin) and expected a local profile to be created - this didn't happen. A temporary profile was created instead. This was unexpected.

  Hi Gary,
  You can try to change the size of User Profile Disk by mounting .Vhdx file. Please refer below thread for information.
  Resize User Profile Disks
  As per my research, i can suggest you to use admin local user profile on server.You can get more information for UPD on below listed article.
  1.  Easier User Data Management with User Profile Disks in Windows Server 2012
  2.  Using User Profile Disks (UPD) in combination with predefining the Modern UI Start Screen on RDS 2012 (appsfolder.itemdata-ms)
  Hope it helps!
  Thanks,
  Dharmesh

• What share/ntfs permission i've to setup for user profile disks on Server 2012 R2?

  Please, let me know.
  Regards!
  Lasandro Lopez

  Hi Lasandro,
  As far as I know, share permissions for UPD are automatically set up by the management tools.
  Besides, regarding how to install and configure UPD, the following article can be referred to as reference.
  Installing and Configuring User Profile Disks (UPD) in Windows Server 2012
  https://social.technet.microsoft.com/wiki/contents/articles/15304.installing-and-configuring-user-profile-disks-upd-in-windows-server-2012.aspx
  In addition, regarding UPD, the following article can be referred to for more information.
  Easier User Data Management with User Profile Disks in Windows Server 2012
  http://blogs.msdn.com/b/rds/archive/2012/11/13/easier-user-data-management-with-user-profile-disks-in-windows-server-2012.aspx
  Best regards,
  Frank Shen