Disable Schema Master to replicate changes to other Domain Controllers while extending Schema

How to Disable Schema Master to avoid replicate changes to other Domain Controllers while extending Schema?

Time may come when you want to extend the Schema Master while you are Installing Exchange Server.
And don't want to Replicate until the Installation is successful. You may go for Isolating the Schema master by disabling its ability to replicate changes to other DC's in forest.

This can by done by executing the command :
repadmin /options +DISABLE_OUTBOUND_REPL

Once the outbound replication is halted you can proceed with extending schema and re-enable once the installation is successful. On other side, if Schema master fails you simply shut down the server, wipe it and seize the schema role on another DC.

Refer to the below Helpful commands as well:

• To disable outbound replication on a domain controller, enter the following:

                c:\> repadmin /options +DISABLE_OUTBOUND_REPL

• To re-enable outbound replication, enter the following:

                c:\> repadmin /options DISABLE_OUTBOUND_REPL

• To disable inbound replication, enter the following:

                c:\> repadmin /options +DISABLE_INBOUND_REPL

• To re-enable inbound replication, enter the following:

                c:\> repadmin /options DISABLE_INBOUND_REPL

------------------Happy Reading---------------

Export all GPO’s across domains in html file.

Below are the AD-PowerShell commands to Export all GPO's across domains in html file.

Syntax:
Import-Module Grouppolicy
Get-GPOReport -All -ReportType html -path c:\gpo.htm

OR


Get-GPOReport -Name "GPO Name" -Server domain.com -ReportType html
-path c:\GPO.html


Help about –Module:
get-command –module grouppolicy
get-command –module grouppolicy | get-help


---Being handy sometime ;)

Forest Wide Object Search

==========================================================

With the below command script you can dig out or search the domain objects forestwide by using Quest AD Powershell.

$Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()

$domain.forest.domains | foreach {get-qaduser -service
"$($_.name):389" "User Name"} | ft
Name,DN,Email,Description,SamAccountName

OR

$domain.forest.domains | foreach {get-content -path c:\Users.txt |
get-qaduser -service "$($_.name):389"} | ft
Name,DN,Email,Description,SamAccountName

OR

$domain.forest.domains | foreach {get-content -path c:\Users.txt |
get-qaduser -service "$($_.name):389"} | Select-Object
Name,Email,Description,DN,SamAccountName | Export-Csv -path
Users.csv

OR

$domain.forest.domains | foreach {get-content -path c:\Users.txt |
get-qaduser -service "$($_.name):389"} -ErrorAction:SilentlyContinue |
Select-Object Name,Email,Description,DN,SamAccountName | Export-Csv
-path Users.csv

============================================================

Logparser : Export - View EventLogs by Logparser.

ID Created Logs


logparser.exe -o:CSV >> C:\IDCreation.csv "SELECT
TimeGenerated,EventTypeName,EventCategoryName,
extract_token(strings,0,'|') AS UserName, EXTRACT_TOKEN(Strings,1,'|')
AS Domain,EXTRACT_TOKEN(Strings,3,'|') AS IDCreatedby, message,
eventid FROM D:\EvtLogs\*.evt where eventid=624"


ID Disabled Logs
logparser.exe -o:CSV >> C:\ID-Disable.csv "SELECT
TimeGenerated,EventTypeName,EventCategoryName,
extract_token(strings,0,'|') AS UserName, EXTRACT_TOKEN(Strings,1,'|')
AS Domain,EXTRACT_TOKEN(Strings,3,'|') AS IDDisabledby, message,
eventid FROM D:\EvtLogs\*.evt where eventid=629"


ID Enabled Logs
logparser.exe -o:CSV >> C:\ID-Enabled.csv "SELECT
TimeGenerated,EventTypeName,EventCategoryName,
extract_token(strings,0,'|') AS UserName, EXTRACT_TOKEN(Strings,1,'|')
AS Domain,EXTRACT_TOKEN(Strings,3,'|') AS IDEnabledby, message,
eventid FROM D:\EvtLogs\*.evt where eventid=626" 

What are the classes of Ip Address and its range?

Class A           0-126
Class B           128-191
Class C           192-223
Class D           224-239 (Used for Multicast)
Class E           240-255 (Used for Research and Education)

Private address range:
10.0.0.0           to         10.255.255.255
172.16.0.0       to         172.31.255.255
192.168.0.0     to         192.168.255.255
169.254.0.0     to         169.254.255.255 (used as self assigned IP)

Get Shared Folders & Access Permissions

I have compiled a command to dig out Shared folders & there access permissions.

=============================================================================================

ACL :

1.       Get-Acl c:\foldername | Select-Object Path,Owner,Group,AccessToString | Export-Csv -path C:\ACL.CSV

2.       Dir c:\foldername | Get-Acl | Select-Object Path,Owner,Group,AccessToString | Export-Csv -path c:\dir.csv

3.       Get-content -path c:\folders.txt | get-acl | Select-Object Path,Owner,Group,AccessToString | Export-Csv c:\folders.csv

4.       Get-Content Folders.txt | Foreach-Object { get-acl $_ }

5.       Classical Commands : Cacls & Xcacls

Share Folders :

1.       Get-WmiObject win32_share

2.       Get-WmiObject win32_share -filter "name='foldername'"

3.       Get-WmiObject win32_share | Select-Object path,name,description | Export-Csv c:\AllShareFolders.csv

4.       $Share = gwmi -class Win32_Share | sort type, name
$Share | ft name, description, type, path -auto 

Combined :

Get-WmiObject win32_share -filter "name='test'" | get-acl | Select-Object Path,Owner,AccessToString | fl

Whole & Soul:

Get-WmiObject win32_share | Get-Acl | Select-Object Path,Owner,AccessToString | Export-Csv -path c:\permissions.csv

===============================================================================================

Get OCS sip enabled User id's using QPowershell

If you ever want to dig OCS enabled user's from AD, Below is a powershell command.
Syntax:
Get-Content -Path "c:\UsersList.txt" | Get-QADUser -LDAPFilter '(msRTCSIP-UserEnabled=TRUE)' -IncludedProperties 'msRTCSIP-PrimaryUserAddress' | select-object msrtcsip-primaryuseraddress,dn | Export-Csv -Path "c:\OCSusers.csv" -Verbose