Thursday, February 20, 2020

PowerShell Get LDAP limits / Default Query Policy

Hi guys,
to get the LDAP limits, defined in the Default Query Policy just run the PowerShell snippet. Before you do so replace DC=DOMAIN,DC=ZZ with your domain!

Get-ADObject -Filter 'ObjectClass -eq "querypolicy"' -SearchBase 'CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=DOMAIN,DC=ZZ' -Properties lDAPAdminLimits | foreach {$_.lDAPAdminLimits}

Monday, February 17, 2020

Configure ADWS debug Log

To configure ADWS debug logging, you have to add some lines to the <appSettings> section:
First you have to set the log level:

<add key="DebugLevel" Value="<Loglevel>" />

<Loglevel> could be one of following values:
None, Error, Warn or Info.

Than you must configure the debug file path:

<add key=”DebugLogFile” value=”<Logpath>” />

To log Error and Warnings you should add these two lines:

<add key="DebugLevel" Value="Warn" />

<add key="DebugLogFile" value="C:\AdwsDebug.log" />

After that you have to restart ADWS:
Restart-Service –name ADWS

Tuesday, February 11, 2020

Restore files from previous versions including all file information

In the following post we will use Robocopy to restore files from previous version including all file information like attributes, timestamps, NTFS ACLs etc

The most admins just move the files from previous versions and lose the original file information.

If files were encrypted our deleted you can use the following method to restore your files, including all information, if shadow copies was configured!

First we need to get the path of the previous version:
















Than we could run the following command to restore our files:
robocopy "\\fileserver\c$\data001\@GMT-2019.11.28-11.06.38\testtree" "\\fileserver\c$\data001\testtree" /E /COPYALL /DCOPY:T

Explanation of the switches used in robocopy:
Copy directory recursively (/E)

Copy all file information (/COPYALL, equivalent to /COPY:DATSOU, D=Data, A=Attributes, T=Timestamps, S=Security=NTFS ACLs, O=Owner info, U=Auditing info)

Preserve original directories Timestamps (/DCOPY:T).

Friday, February 7, 2020

GET AZURE AD USER SYNCHRONIZATION TIME

First you have to connect to MSOnline using your credentials:

$credential = Get-Credential
Import-Module MSOnline
Connect-MsolService -Credential $credential

Than you can get the attribute called LastDirSyncTime using the following command:

Get-MSOlUser -UserPrincipalName "tim.buntrock@domain.com" | Select-Object LastDirSyncTime