Showing posts from January, 2011

Admin Group Policy fails to apply


Group Policy doesn't apply, but gpresult doesn't show any problem.Some Policies are working on the same computerThe same policy is working on other computersThe windows log has an error with something like this:The client-side extension could not remove computer policy settings for ' ' because it failed with error code '0x8007000d The data is invalid.' See trace file for more details.

Delete all files in this path: C:\ProgramData\Microsoft\Group Policy\HistoryIn Windows XP: D:\Documents and Settings\All Users\Application Data\Microsoft\Group Policy\History In a command window run "gpupdate /force"

I ran into a problem where our administrator group policy was not applying for some reason, while other policies were applying. I could not find any information in gpresult or in any group policy settings or information. The policy is the same that is on all the other machines in the domain, and was working, except for one or two machines. 


Export Domain Users to CSV with PowerShell

If you would like to create a list of all domain users in excel with a powershell script you are in luck. Quest software has created some pretty awesome tools to manage Microsoft Active Directory. Here's how to do it:

1.You'll need to install the Quest ActiveRoles management shell v. 1.4 or later, located here:

2. Create a PowerShell file with the following script. Basically, just copy this text into a text file and rename the extension to .ps1.

#This script requires Quest ActiveRoles management shell v.1.4 or later and Powershell to be installed.
#The script may be run on any machine that is bound to the domain and actively connected. You do not have to be a domain administrator.
#Two files will be created. One CSV with results and one TXT log file.

$strTimestamp =  [string](Get-Date -format "yyyy-MM-dd_hh-mm")
start-transcript DomainScriptLog-$strTimestamp.txt…

Export Domain Admins to CSV with Powershell

It would be nice to be able to run a PowerShell script to query certain domain groups in Microsoft Active Directory, and write them to .CSV files for easy review in excel. Here's one way to do it:

1. You'll need to install the Quest ActiveRoles management shell v. 1.4 or later, located here:

2. Create a text file with .ps1 extension, and the following text. You can review the comments in the script to see what each part does, or just google the commands you don't know. Quest has some documentation last time I checked.

#the AD groups that will be queried. These are groups that are considered domain admins
$aGroups = @("Administrators", "Domain Admins", "Server Operators", "Enterprise Admins", "Account Operators", "Backup Operators", "Group Policy Creator Owners", "Schema Admins",  "Domain Controllers")

#where the results are saved. yo…