Friday, June 19, 2015

Very slow work of a mailbox in Exchange 2010

      Faced with an unexpected problem: a single mailbox in the vault is very slow and the Outlook and OWA. After a long diagnostic wake up the user creates a tasks for subordinates from Outlook. The solution was to reset the incorrect synchronize tasks. This can be done manually:
1. Click on the task with an exclamation point in a condition
2. Selected from single copies of tasks
3. click "save this copy"

or by running the Outlook with a parameter /resettodobar

Powershell: create workstation and delegate permissions to join in domain

In this article I show you an example of the script create a computer in the Active Directory and delegating the permissions to add a domain for support team. This script uses the module "Quest ActiveRoles Management Shell for Active Directory". This current module can be downloaded from Dell or old this link(x64)
Please note that the name of the computer a simple and with SamAccountName the symbol "$". This is important, since it is possible to obtain unexpected errors when adding a computer to a domain which is not obvious solution :) eg:

"The computer cannot be joined to the domain because there is not enough disk space"
"You have exceeded the maximum number of computer accounts you are allowed to create in this domain"
"Duplicate computer account in Active Directory"

Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue

$pc_name = "PC001"
$OU = "blogspot.com/workstations"
$add_domain_gr = Get-qadgroup "blogspot\suppot_team1" -service dc1.blogspot.com

$pc_name2 = $pc_name + "$"
new-QADComputer -name $pc_name -SamAccountName $pc_name2 -ParentContainer $OU
Start-Sleep -s 30
Get-QADComputer -name $pc_name | Add-QADPermission -Account $add_domain_gr -Extendedright 'User-Force-Change-Password' -ApplyTo ThisObjectOnly
Get-QADComputer -name $pc_name | Add-QADPermission -Account $add_domain_gr -Rights 'ReadProperty, WriteProperty' -PropertySet 'User-Account-Restrictions' -ApplyTo ThisObjectOnly
Get-QADComputer -name $pc_name | Add-QADPermission -Account $add_domain_gr -Rights Self -ValidatedWrite 'Validated-DNS-Host-Name' -ApplyTo ThisObjectOnly
Get-QADComputer -name $pc_name | Add-QADPermission -Account $add_domain_gr -Rights Self -ValidatedWrite 'Validated-SPN' -ApplyTo ThisObjectOnly
Get-QADComputer -name $pc_name | Add-QADPermission -Account $add_domain_gr -Rights 'ReadProperty, WriteProperty' -Property 'SAMAccountName' -ApplyTo ThisObjectOnly
Get-QADComputer -name $pc_name | Add-QADPermission -Account $add_domain_gr -Rights 'ReadProperty, WriteProperty' -Property 'DisplayName' -ApplyTo ThisObjectOnly
Get-QADComputer -name $pc_name | Add-QADPermission -Account $add_domain_gr -Rights 'ReadProperty, WriteProperty' -Property 'Description' -ApplyTo ThisObjectOnly
Get-QADComputer -name $pc_name | Add-QADPermission -Account $add_domain_gr -Rights 'ReadProperty, WriteProperty' -PropertySet 'User-Logon' -ApplyTo ThisObjectOnly
Get-QADComputer -name $pc_name | Add-QADPermission -Account $add_domain_gr -Rights 'DeleteTree, ExtendedRight, Delete, GenericRead'  -ApplyTo ThisObjectOnly