PowerShell – Change homedirectory permissions in bulk.

Recently I was asked to change the homedirectory permissions for >4000 users from Full Control, to ready only.

I’ve used below powershell commands to achieve this.

Firstly we need to get all SamAccountName’s in a .csv list. (Change the searchbase).

Get-ADUser -Filter * -SearchBase "OU=www,DC=iterrors,DC=com" | Where { $_.Enabled -eq $True} | select SamAccountName | export-csv c:\temp\iterrors.com

Afer we created the .csv file we need to run below script, this will query all users for their homedirectory path and change the permissions.

Import-Module 'ActiveDirectory'
import-csv c:\temp\iterrors.csv | foreach-object{
$homeDrive = (Get-ADUser -Identity $_.SamAccountName -Properties homedirectory).homedirectory #Query AD for the HomeDrive attribute
$user = (Get-ADUser -Identity $_.SamAccountName -Properties SamAccountName).SamAccountName #Query AD for the SamAccountName attribute
$ACL = Get-Acl $homeDrive
$ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.SamAccountName, "ReadAndExecute", "ContainerInherit,ObjectInherit", "none", "allow")))
Write-Host "Changing permissions on $homeDrive for user $user" -ForegroundColor Magenta
Set-Acl $homeDrive $ACL
}

Sharepoint Online – Add members and owners via PowerShell

To add members and owners to a SharePoint Online TeamSite you have the below commands avaiable:

Note that if you need to make someone Owner of the Teamsite, the user first needs to be member! And then you make the user Owner.

#Get Credentials
$credObject = Get-Credential

#Connect to Exchange Online
$ExchOnlineSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $credObject -Authentication Basic -AllowRedirection

Import-PSSession $ExchOnlineSession

#Get Groupnames
Get-UnifiedGroup

#Check for current members
Get-UnifiedGroupLinks –Identity "groupname" –LinkType Members

#Check for current owners
Get-UnifiedGroupLinks –Identity "groupname" –LinkType Owners

#Add user as member
Add-UnifiedGroupLinks –Identity "groupname" –LinkType Members –Links info@iterrors.com

#Add user as owner (first make the user ‘member’)!!
Add-UnifiedGroupLinks –Identity "groupname" –LinkType Owner –Links info@iterrors.com

#Remove user as member
Remove-UnifiedGroupLinks –Identity "groupname" –LinkType Members –Links info@iterrors.com -Confirm:$false

#Remove user as Owner (Don’t forget to also remove the Members entry).
Remove-UnifiedGroupLinks –Identity "groupname" –LinkType Owners –Links info@iterrors.com -Confirm:$false

#Extra option, turn off the Welcome Message.
Set-UnifiedGroup "groupname" -UnifiedGroupWelcomeMessageEnabled:$false

We’ve run into a problem with your Office 365 subscription after tenant to tenant migration.

After a tenant to tenant migration multiple people got the message ‘We’ve run into a problem with your Office 365 subscription’.

I found a script wroted by someone on 365labs.net;
How to resolve “We’ve run into a problem with your Office 365 subscription” with PowerShell

So to resolve this issue you start powershell on the PC that has the problems and run the following command.
set-executionpolicy unrestricted

Then create an .ps1 file with the following code


<# .SYNOPSIS This script locates OSPP.vbs and removes all product keys to trigger O365 reactivation. It will remove ALL product keys. .NOTES File Name: Author : Johan Dahlbom, johan[at]dahlbom.eu Blog : 365lab.net The script is provided “AS IS” with no guarantees, no warranties, and they confer no rights. #>
#Check that the script runs with privileged rights
if (-not([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "You need to have Administrator rights to run this script!`nPlease re-run this script as an Administrator in an elevated powershell prompt!"
break
}
#Find OSPP.vbs path and run the command with the dstatus option (Last 1...)
$OSPP = Resolve-Path -Path "C:\Program Files*\Microsoft Offic*\Office*\ospp.vbs" | Select-Object -ExpandProperty Path -Last 1
Write-Output -InputObject "OSPP Location is: $OSPP"
$Command = "cscript.exe '$OSPP' /dstatus"
$DStatus = Invoke-Expression -Command $Command

#Get product keys from OSPP.vbs output.
$ProductKeys = $DStatus | Select-String -SimpleMatch "Last 5" | ForEach-Object -Process { $_.tostring().split(" ")[-1]}

if ($ProductKeys) {
Write-Output -InputObject "Found $(($ProductKeys | Measure-Object).Count) productkeys, proceeding with deactivation..."
#Run OSPP.vbs per key with /unpkey option.
foreach ($ProductKey in $ProductKeys) {
Write-Output -InputObject "Processing productkey $ProductKey"
$Command = "cscript.exe '$OSPP' /unpkey:$ProductKey"
Invoke-Expression -Command $Command
}
} else {
Write-Output -InputObject "Found no keys to remove... "
}

Then you can launch the script via powershell and all should be fine.

Allow synchronisation of files with special characters (like # and %).

Allow synchronisation of files that include special characters in the filenames, like # and %.

Step 1; Download and install the ‘SharePoint Online Management Shell’
link: https://www.microsoft.com/en-us/download/details.aspx?id=35588

Step 2; Open the SharePoint Online Management Shell by searching for ‘sharepoint’ in your startmenu.

Step 3; Run the following command: (replace the values according to the tenant you are connecting to)

$adminUPN="info@iterrors.com"
$orgName="iterrors"
$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential

Enter the password, click OK and press ENTER.

Step 4; Run the following command:

Set-SPOTenant -SpecialCharactersStateInFileFolderNames Allowed

All done, it can take hours or even a couple of days to get the files to sync after the change.

Windows 10 PC / Laptop goes randomly to sleep mode.

When your experience your PC or laptop going into sleep mode randomly there a lot of things that could cause that. What resolved the issue for me is this:

# Open command prompt as administrator and run the following command:
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0" /v Attributes /t REG_DWORD /d 2 /f

# Restart the ‘explorer.exe’ process via task manager.

# Go to your energy settings and edit the power plan you are currently using. Choose ‘change advance power settings’ and go to the sleep section.
Expand the ‘System unattended sleep timeout’ and change the 2 minutes to 0, or whatever.

DFS – Replication service failed to recover from an internal database error on volume.

When DFS is not replicating anymore and you see event ID 2104 with error 9214 there is a simple solution to do which i found on this website: http://www.asptricks.net/2017/01/replication-service-failed-to-recover.html

Basicly it’s disabling the replication group nodes and running a .bat file.

1. Disable group replication (DFS Management -> Replication -> Replication group -> Connections -> disable the group members.

2. Create a .bat file with the following content:


set DFSR_DB_DRIVE=E:
REM Removes the broken DFSR configuration database from the system
net stop dfsr
%DFSR_DB_DRIVE%
icacls "%DFSR_DB_DRIVE%\System Volume Information" /grant "Domain Admins":F
cd "%DFSR_DB_DRIVE%\System Volume Information"
move DFSR %DFSR_DB_DRIVE%\DFSR_backup
cd ..
icacls "%DFSR_DB_DRIVE%\System Volume Information" /remove:g "Domain Admins"
net start dfsr
dfsrdiag PollAD /Member:%userdomain%\%computername%

Windows – Open HKEY_CURRENT_USER as different user

It can happpen that you would need to edit the registery for a user, but regedit is disabled for the userprofile.

There is an option to open registery settings for another user as the administrator;

#1 Log in as Administrator and open regedit.
#2 Select HKEY_USERS and then go to ‘File -> Load Hive
#3 Browse for the NTUSER.Dat file from the user you want to edit the registery from. (make sure the user is not logged on)
#4 Enter the key you want to open, for example: HKEY_CURRENT_USER.
#5 When done, close / delete the hive.

Outlook – Pressed backspace, where did my email go?

When you (accidently) press ‘backspace’ within Outlook you will see your highlighted email dissapear.

You will not find it in deleted items or even in restore deleted items, because it’s in your ‘Archive’ folder within your profile.

Find your ‘Archive’ folder and you will see the message you just pressed ‘backspace’ on.

VLC is crashing when starting up a game

When you have a doublescreen setup and you want to use VLC to watch video’s or play music while you game it will crash.

There is a solution for this issue;

Steps: Open VLC and go to preferences -> go to video -> choose ‘all’ at the bottom and search for Overlay video output in the list under ‘video’ and turn it off. Then go back to simple preferences and go to video. Make sure accelerated video output(overlay) is not checked. Then turn off hardware YUV>RGB. And finally change your output to OpenGL.

Outlook 2016 – Upgrade in Progress

Recently i faced some Outlook 2016 functionality issues. It became impossible to sent / receive email.

In Outlook 2016 options there was a message ‘Upgrade in progress’ This could be there for days without any change.
Some websites are saying that opening Outlook in /safe mode is resolving the issue, this was not the case for me.

The solution for me was:

start -> run -> regedit
go to HKEY_CLASSES_ROOT\Installer\Components\F1291BD604B860441AB89E60BDEE0F9C
right click -> permissions
‘add’ the current user or ‘everyone’ and give it READ permissions.

Open Outlook 2016 and all should work fine.