Tuesday, January 30, 2018

Viewing CRL in Windows Certification Authority console

The CA Console will not display CRL by default, as shown in the attached screenshot.

















You have to run the following command to view it:
certsrv.msc /e
















You can also run the following command to view it.
certutil -view -out "CRLThisPublish,CRLNumber,CRLCount" CRL

Tuesday, January 23, 2018

Get new group membership to apply a GPO to a computer without a restart

If you add a computer to an AD group that is assigned to a GPO, you need to restart the computer to get the new group membership.

If you want to bypass this, you can delete the Kerberos ticket.

Run the following command as an admin to do this:
klist -li 0x3e7 purge

Et voila, your computer get its new membership!

After that you can run a gpupdate to apply the assgined Policies.




Wednesday, January 17, 2018

Import User Photo to Active Directory

If you want to have an image in Outlook, Skype for Business or SharePoint you can use the attribute thumbnailPhoto in Active Directory.

Doing it with Powershell:
Import-Module activedirectory
$UserPhoto = [byte[]](Get-Content C:\admin\User1.jpg -Encoding byte)
Set-ADUser User1 -Replace @{thumbnailPhoto=$UserPhoto}

You can use a software called ADPhotoEdit:
http://www.cjwdev.co.uk/Software/ADPhotoEdit/Download.html

Note:
- Image file size should be not higher than 10kb, because with every file you AD database will grow!
- The maximum image size is 100kb
- Pixel size 96x96 pixels is recommended