J House Consulting - DevOps, Microsoft, Citrix & Desktop Virtualisation (VDI) Specialist - +61 413 441 846 - Delivering customer success through technology: IT Infrastructure | Citrix | End User Computing | Platform Engineering | DevOps | Full Stack Developer | Technical Architect | Improvisor | Aspiring Comedian

Script to Find Missing Subnets in Active Directory

January 23, 2014January 21, 2014 by Jeremy Saunders

This PowerShell script will collect all Netlogon.log files from the Domain Controllers, export the last x lines and combine it into one file of unique IP Addresses in CSV format. This easily and simply allows you to then identify any missing subnets that need to be added and associated to an Active Directory Site.

Yes, there are a couple of good examples of this type of script already available on the Internet. The trouble with them is that they would not produce reliable results, especially across environments where Domain Controllers were not all at the same Windows Server versions. Not a great practice, but it does happen in the larger environments where migrations are completed in phases. I’ve previously blogged about the change to the fields in the Netlogon.log file. I also found that other scripts were quite inefficient when reading and collecting the Netlogon.log files over WAN connections. The Report the AD Missing Subnets from the NETLOGON.log script by Francois-Xavier CAT was the best available. So I used it as a base to help derive the results I was after.

Script to Create Group Policy Objects and WMI Filters to Manage the Time Server Hierarchy

February 22, 2017January 10, 2014 by Jeremy Saunders

This PowerShell script will create the Time Server GPOs and WMI Filters for the Domain Controllers to ensure your time server hierarchy remains correct for transfer and seizure of the PDC emulator FSMO role holder.

However, before I talk about the script it’s important to provide some background information on the required settings for the Windows Time Service (W32Time), as many tend to get it wrong.

The three (3) important settings are:

NTPServer
Type
AnnounceFlags
Read more

Script to Create a Report on UserAccountControl flags

February 23, 2017January 6, 2014 by Jeremy Saunders

This PowerShell script will enumerate all user accounts in a Domain, calculate their UserAccountControl flags and create a report of the “interesting” flags in CSV format.

The interesting flags are those you are interested in reporting on as documented in Microsoft KB305144 such as:

SCRIPT
ACCOUNTDISABLE
HOMEDIR_REQUIRED
LOCKOUT
PASSWD_NOTREQD
PASSWD_CANT_CHANGE
ENCRYPTED_TEXT_PWD_ALLOWED
TEMP_DUPLICATE_ACCOUNT
NORMAL_ACCOUNT
INTERDOMAIN_TRUST_ACCOUNT
WORKSTATION_TRUST_ACCOUNT
SERVER_TRUST_ACCOUNT
DONT_EXPIRE_PASSWORD
MNS_LOGON_ACCOUNT
SMARTCARD_REQUIRED
TRUSTED_FOR_DELEGATION
NOT_DELEGATED
USE_DES_KEY_ONLY
DONT_REQ_PREAUTH
PASSWORD_EXPIRED
TRUSTED_TO_AUTH_FOR_DELEGATION
PARTIAL_SECRETS_ACCOUNT
Read more

Script to create a Kerberos Token Size Report

September 22, 2017December 20, 2013 by Jeremy Saunders

SCRIPT UPDATED 22nd September 2017

This PowerShell script will enumerate all user accounts in a Domain, calculate their estimated Token Size and create a report of the top x users in CSV format.

However, before I talk about the script it’s important to provide some background information on Kerberos token size; how to calculate it; and how to manage it.

The Kerberos token size grows depending on the following facts:

Amount of direct and indirect (nested) group memberships.
- Distribution groups are not included in the token, but all security groups are included.
- All group scopes are included in the token evaluation.
Whether or not the user has a SID history, and if so, the number of entries.
Authentication method (username/password or multi-factor like Smart Cards).
The user is enabled for Kerberos delegation.
Local user rights assigned to the user.

If it grows beyond the default maximum allowed size…

A change to the fields in the Netlogon.log file from Windows 2012 and above

January 21, 2014December 13, 2013 by Jeremy Saunders

If you collate and report on the Netlogon.log files from Domain Controllers, you’ll notice that many existing scripts may fail to correctly split the lines when processing the logs from Windows 2012 Domain Controllers; unless of course you’ve already noticed and made an allowance for it.

Citrix Synergy 2013 Slide Deck for SYN328: Learn why AppDNA should be a part of every consultant’s toolkit

July 11, 2013July 11, 2013 by Jeremy Saunders

Here’s my presentation that I’ve uploaded to SlideShare from my Citrix Synergy 2013 session on why AppDNA should be a part of every consultant’s toolkit.

Unfortunately SlideShare currently doesn’t support animations, so some of the slides are not well presented when viewed in this manner. I’ll work to separate out the animations and make this as readable as possible.

I am continually improving the content within this slide deck. Please feel free to contact me for the latest version.

Wow…I am now a CTP

February 25, 2014July 10, 2013 by Jeremy Saunders

Wow…What a year I’m having! I am one of the privileged recipients of a Citrix Technology Professional (CTP) award for 2013!

I am extremely humbled and honoured to now be part of this incredibly talented group I refer to as the crème de la crème of IT Professionals throughout the World.

My First Big Professional Speaking Gig

July 11, 2013July 2, 2013 by Jeremy Saunders

It has always been my career goal to speak at one of the big international and highly recognised IT conferences. My initial focus was to speak at a Citrix Synergy conference. I planted the seed a few years ago for Synergy 2010, but the submission lacked the coolness, the wow factor, some good takeaways, and possibly even professionalism to be taken seriously.

It all started back in 2005 when I attended Citrix iForum in Sydney. I caught up with a long-time Internet friend, Warren Simondson from Ctl-Alt-Del IT Consultancy in Queensland. Way back then Warren and I made a deal that one day we would do a session together at one of these conferences.

We had spoken a few times during 2012, and in November I received an e-mail from him reminding me about the fast approaching submission deadline for Synergy 2013. That’s all I needed to kick me into gear as it was time for me to step up and take action.

AppDNA Team using Podio to create a community and share scripts

July 2, 2013June 27, 2013 by Jeremy Saunders

The Citrix AppDNA Team has created a workspace in Podio to build a community, share scripts and ideas, and to help extend the capabilities of AppDNA.

You’ll first need a Podio account, which will need to be added to the Citrix AppDNA Extensions Workspace. At the time of this posting the only way this can be done is by the administrators of that workspace. If you contact your Citrix Sales Rep or SE, they can forward your request internally. You may also be able to request this from me and I can do the same.

Once you have access you can either go to the Citrix AppDNA Extensions workspace within Podio, or use the following URL: https://citrix.podio.com/appdna-extensions-customers

AppDNA 6.3 Now Available

June 27, 2013June 27, 2013 by Jeremy Saunders

Citrix just shipped another small AppDNA release today. Version 6.3 is now available for download, and the documentation is available on eDocs.

The key new product features are: