Cleaning up the DFS errors

November 21, 2016

Some DFS-related errors, such as “Cannot enumerate namespace“, “Element not found” or “RPC server is not available” are related to the configuration issues in namespace. All  DFS components in registry, Active Directory and file system should be in sync. If they are not, the mentioned above errors happen. Pretty often it is easier and faster to remove DFS namespace completely and recreate it rather than to fix it. This article is about removing a DFS namespace and cleaning up all its components.

Read the rest of this entry »


List the Printers in Print Cluster

March 25, 2014

New plans, new projects…

As a part of one of such plans I needed to list all the printers located at the Windows 2000 print cluster (I know, I know what you wanna say). Simple task, one line command can do this

Get-WMIObject win32_Printer -computerName PrintClusterName

Ooops… No printers listed. OK, this print cluster has several resource groups and several virtual names, one per department. Print cluster itself does not have any printer, all are installed within those resource groups

Get-WMIObject win32_Printer -computerName DepartamentalVirtualName

No printers listed.

Short investigation showed that Windows cluster 2000/2003 does not support WMI, so, no way to list the printers.

Good thing is that all those printers were published in Active Directory. This approach worked, not from the first run though.

Search for the PrintQueue object class

$ADRoot = [ADSI]””
$Searcher = New-Object System.Directoryservices.DirectorySearcher($ADRoot)
$Searcher.SearchRoot = $ADRoot
$Searcher.SearchScope = “subtree”
$Searcher.Filter = “(objectClass=PrintQueue)”
$ADPrinters = $Searcher.FindAll()

and be aware that all the object properties are collections and their names are case sensitive.For example, the driver name is available like this

$ADPrinter.Properties.drivername[0] 

That’s it. In addition the script pings IP printer addresses to filter out “forgotten” printers.

The entire script is provided below. It allows to get almost every bit of information we usually see in the Printer Properties window

#####################################################################
#### FUNCTIONS ####################################################
#####################################################################
FUNCTION Ping ($Device)
{
$Filter = “Address=” + [char]34 + $Device + [char]34
$PingStatus = Get-WMIObject Win32_PingStatus -Filter $Filter
return (($PingStatus -ne $Null) -and ($PingStatus.StatusCode -eq 0))
}

FUNCTION GetProperty ($PropertyName)
{
if ($ADPrinter.Properties.$PropertyName -eq $Null)
{return “”}
else
{
if ($ADPrinter.Properties.$PropertyName[0] -ne $Null)
{return $ADPrinter.Properties.$PropertyName[0].ToString()}
else
{return $ADPrinter.Properties.$PropertyName.ToString()}
}
}

#####################################################################
#####################################################################
#####################################################################

#####################################################################
#### INITIALIZING THE VARIABLES
#####################################################################
$InfoMessage = $Host.PrivateData.WarningForeGroundColor
$ErrorMessage = $Host.PrivateData.ErrorForeGroundColor
$ScriptPath = Split-Path $MyInvocation.MyCommand.Path

############################################################
$OutputFileName = (Read-Host “Enter the result file name”).Trim()
if ($OutputFileName -ne “”)
{
if ($OutputFileName.IndexOf(“:”) -eq -1)
{$OutputFileName = Join-Path $ScriptPath $OutputFileName}
if ((Test-Path $OutputFileName) -eq $True)
{
Write-Host ($OutputFileName + ” already exists”) -foregroundColor $ErrorMessage
return
}
Add-Content $OutputFileName -value “Virtual Cluster Name;Printer Name;Port Name;IP Address;Share Name;Driver Name;Creation Date;Location;Description;Active”
}

#####################################################################
#### MAIN LOOP
#####################################################################

$ADRoot = [ADSI]””
$Searcher = New-Object System.Directoryservices.DirectorySearcher($ADRoot)
$Searcher.SearchRoot = $ADRoot
$Searcher.SearchScope = “subtree”
$Searcher.Filter = “(objectClass=PrintQueue)”
$ADPrinters = $Searcher.FindAll()
Write-Host “Searching for the printers in Active Directory…”

ForEach ($ADPrinter in $ADPrinters)
{
Write-Host “.” -noNewLine

$Line = (GetProperty “shortservername”) + “;” + (GetProperty “printername”) + “;” + (GetProperty “portname”) + “;”

$Active = “Incorrect Port Name”
$IPAddress = “”
if ($ADPrinter.Properties.portname[0] -match “IP_(.*)”)
{
$IPAddress = $Matches[1]
if ((Ping $IPAddress))
{$Active = “YES”}
else
{$Active = “No”}
}

$Line = $Line + $IPAddress + “;” + (GetProperty “printsharename”) + “;” + (GetProperty “drivername”) + “;” + (GetProperty “whencreated”) + “;”
$Line = $Line + (GetProperty “location”) + “;” + (GetProperty “description”)
$Line = $Line + “;” + $Active
Add-Content $OutputFileName -value $Line
}
Write-Host

return

 

 


Not enough storage is available to complete this operation

October 28, 2011

Running dcpromo to remove a domain controller from domain, I received the following error message

Read the rest of this entry »


How to Add a Group to the “Send On Behalf Of” Attribute

July 31, 2011

Only Users and Other objects are available for the Send on Behalf of list. Groups cannot be added to the list. Almost.  A group can be added via ADSI Editor; the attribute name is publicDelegates


How to Set Up ManagedBy AD Attribute

July 31, 2011

It is not a big deal to set up ManagedBy property for an Active Directory group. It becomes a big deal, if there are plenty of such groups.

ManagedBy is just one of the attributes of a group object, so it is pretty easy to change it. The Manager can update membership list checkbox, however, is not a property. It represents the security permission on the group object, called WriteMembers. The checkbox is in fact a logical statement

Checkbox = (ManagedBy_Object_Permissions = WriteMembers)

Read the rest of this entry »


ManagedBy and Access Denied

February 10, 2011

Sometimes I sleep, sometimes it’s not for days…
(c) Bon Jovi, Wanted Dead Or Alive

Two posts for one day!

When a member of the group in the Managed By field is trying to change the group membership, he or she gets the following message:

Read the rest of this entry »


How to add a group to the Managed By field

February 10, 2011

The Managed By field in the AD group properties allows to grant permissions to a person, who will be able then to change the list of group members. What if I need to grant such permissions to another or the same group? At the first sight it is easy: click on Change button and select the group. Well, my object picker allowed me to select either a user or a contact. The internet search led me to the conclusion that I could not select a group for the Managed By field. However, it is possible

Read the rest of this entry »