Funny so am I. I still have some of those plastic propellers locked up to keep the wife and daughter from selling/trashing/giving them away.
Jon From: [email protected] [mailto:[email protected]] On Behalf Of Melvin Backus Sent: Thursday, May 12, 2016 8:28 AM To: [email protected] Subject: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 When I was a kid we played with a stick with a propeller on the end. You spin it between your hands and it flys like a helicopter. Now kids play with remote control drones that fly like helicopters. Same result, except that now the toy does all the work and the kid gets no exercise. L OK, yes, I am that old. J -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: [email protected] [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Thursday, May 12, 2016 8:15 AM To: [email protected] Subject: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 You kids with your newfangled toys. J From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Wednesday, May 11, 2016 5:10 PM To: [email protected] Subject: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 Pre-PowerShell. J This comment is the most important: At the end of the day, you need to know what is right for your environment, understand what the attributes mean, how they behave etc. and develop the process to manage them accordingly. Completely agree with you. From: [email protected] [mailto:[email protected]] On Behalf Of Free Jr., Bob Sent: Wednesday, May 11, 2016 4:55 PM To: [email protected] Subject: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 Oldcmp is awesome (I helped joe with the initial testing cycle and even got my name in the credits <G>) We use it as part of our process to delete thousands of computers a year. That said... Keep in mind that pwdset isn't a panacea. Computer password changes are initiated by the client. [1] There is a GPO that can disable that behavior so they are never reset. A critical computer that has been off the network for quite some time can be booted up and authenticate. Yada Yada Yada At the end of the day, you need to know what is right for your environment, understand what the attributes mean, how they behave etc. and develop the process to manage them accordingly. Asset management should be based on more than just attributes in AD but you can certainly infer a lot from them. Maybe everything in your environment, I can't say for sure. [1] Machine account passwords as such do not expire in Active Directory. They are exempted from the domain's password policy. It is important to remember that machine account password changes are driven by the CLIENT (computer), and not the AD. As long as no one has disabled or deleted the computer account, nor tried to add a computer with the same name to the domain, (or some other destructive action), the computer will continue to work no matter how long it has been since its machine account password was initiated and changed. So if a computer is turned off for three months nothing expires. When the computer starts up, it will notice that its password is older than 30 days and will initiate action to change it. The Netlogon service on the client computer is responsible for doing this. This is only applicable if the machine is turned off for such a long time. From: [email protected] [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Tuesday, May 10, 2016 6:30 AM To: [email protected] Subject: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 Sorry, just saw this. Oldcmp from Joeware might help you. Just schedule task it up with the right parameters. And as mentioned, password last set is what is uses as it is the only reliable method. So you have to adjust your disable period to account for that. http://www.joeware.net/freetools/tools/oldcmp/ <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.joeware.net_freetoo ls_tools_oldcmp_&d=CwMFAg&c=hLS_V_MyRCwXDjNCFvC1XhVzdhW2dOtrP9xQj43rEYI&r=TA _mjBT8bS0r8rLrnubGjA&m=YyjivSHSCFAcOOtThQ30Aj3Z9jBitc-NMWxJmechd_Q&s=NrG_DBk DN5K80smTmrWIiwoHj3xE0xxwxgICOenKPyU&e=> From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Monday, May 9, 2016 8:15 AM To: [email protected] Subject: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 Are computers something that will be considered later or in another script? We constantly have stale computer records because my admins are afraid to delete anything from AD. We find computer accounts in buried OU's that have been stale for 120 days sometimes. A report of those month would clean out AD and all the applications that rely on AD information for their own reporting and management. Right now I use TrendMicro Management interface (Because it has realtime results) and reconcile with AD when I can. A report would make it so I could give the work away. So what I am asking is a list of computers by OU and last seen or login date? Not sure if it AD Health or what but it is needed I think. From: [email protected] [mailto:[email protected]] On Behalf Of Webster Sent: Monday, May 9, 2016 6:14 AM To: [email protected] Subject: [NTSysADM] New script: Microsoft Active Directory Health Check PowerShell Script V2.0 After a lot of work by Michael B. Smith, a group of dedicated testers and myself, we have taken Jeff Wouters' original script to V2.0. http://carlwebster.com/microsoft-active-directory-health-check-powershell-sc ript-v2-0/ <https://urldefense.proofpoint.com/v2/url?u=http-3A__carlwebster.com_microso ft-2Dactive-2Ddirectory-2Dhealth-2Dcheck-2Dpowershell-2Dscript-2Dv2-2D0_&d=C wMFAg&c=hLS_V_MyRCwXDjNCFvC1XhVzdhW2dOtrP9xQj43rEYI&r=TA_mjBT8bS0r8rLrnubGjA &m=YyjivSHSCFAcOOtThQ30Aj3Z9jBitc-NMWxJmechd_Q&s=1etaGEbz1iqCYSP6GRh9fkHcDsG Nxe86XClcCChwTuA&e=> Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com <https://urldefense.proofpoint.com/v2/url?u=http-3A__t.sidekickopen01.com_e1 t_c_5_f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf 67wwsR02-3Ft-3Dhttp-253A-252F-252Fwww.carlwebster.com-252F-26si-3D6012126861 197312-26pi-3D4311b7b1-2D332d-2D4242-2D8585-2D36954b184dc7&d=CwMFAg&c=hLS_V_ MyRCwXDjNCFvC1XhVzdhW2dOtrP9xQj43rEYI&r=TA_mjBT8bS0r8rLrnubGjA&m=YyjivSHSCFA cOOtThQ30Aj3Z9jBitc-NMWxJmechd_Q&s=CLbBig-FPcFXcfvQF1_qgqsPxsq8o3mGoo6z_w7jJ oA&e=> The Accidental Citrix Admin This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
