A quick post on how to change the Windows display language with Powershell. You might use these commands based on any logic that determines the user's location/language. For instance, I created a script that gets executed on logon and sets the language based on some criteria (maybe an Active-Directory group or attribute).

Set-Culture en-US
Set-WinSystemLocale -SystemLocale en-US
Set-WinUILanguageOverride -Language en-US
Set-WinUserLanguageList en-US -Force
Set-WinHomeLocation -GeoId 244

You can find the right GeoID on Microsoft's website

There is a built-in app in Windows that helps you record your screen and automatically creates steps with screenshots and a description. Just search "Steps Recorder" in the start menu.

Running the program as administrator allows you to record programs that run with highest privileges. Just start recording, go through the steps needed for the specific action, stop the recording and finally save the steps.

A compressed file will be created containing the report as a MHT file. It can be opened with a common browser.

A very handy tool both for documentations or end users.

Enjoy!

So last time we created a Master-VHDX on Hyper-V with Windows Server 2019 in order to save space. Today we are installing the first Domain Controller with a fresh domain. Very straight forward stuff.

Before installing Active Directory Directory Services, the computer should have a decent name.

Give it a fixed IP address. Since this is going to be a lab, I am not going to plan the IP design. The Default Gateway does not exist yet. Also, the secondary DNS server will be installed later on a Server Core version.

From Server Manager Add Roles and Features, Select Role-based or feature-based installation

Select the Active Directory Directory Services Role

Everything else can be left on default.

Once the installation is completed, the server can be promoted to a Domain Controller.

Since there is no existing forest, the root domain name must be defined:

Define a new password for the Directory Services Restore Mode (DSRM). DSRM allows you to perform an authoritative restore of single or multiple AD objects through ntdsutil (from cmd).

This warning can be safely ignored.

The NetBIOS domain name can be used when logging into a domain computer, for example AJNI\Domainuser. The UserPrincipalName can be also used – domainuser@ajni.it.

The rest can be left to default.

The server will restart, after that the domain will be up and running!

The next blog post will be covering the installation of an additional Domain Controller (the second DNS server 10.10.10.11) with Windows Server 2019 Core Edition.

Stay tuned !

Hyper-V has a very interesting feature that allows to save a lot of space: By creating a golden VHDX Disk with the base operating system, you can then use so called “Differencing” disks, which reference the Master VHDX and only save the changes on their disk.

So, first things first: Just create a normal VM to prepare the golden image for later use.

Specify Generation 2

Give the Golden disk a self-explanatory name

Before starting the VM, disable automatic checkpoints (in VMware known as Snapshots) and give it more juice. Do not forget to apply changes:

Install the OS (standard procedure)

Once the OS installed and custom settings are made, the machine is ready to be Sysprep’ed.

Delete the VM once stopped, the disk will not be deleted. Then locate the VHDX and set it into Read-Only mode.

Now a new VM can be created in Hyper-V with a Differencing disk. Note: In the VM creation wizard specify “Attach a virtual disk later”:

Now in the VM settings under SCSI Controller add a new Hard Drive:

Select the last option for Differencing:

This will be the new disk name:

And finally, the base disk we created previously:

Before powering on the machine make sure the new disk is first in the boot order.

The VM is up and running!

Notice the size of the new VHDX. Only 1.4 GB!

In the VM settings you can once again inspect the disk and see the relationship with the golden disk.

Hey folks!

Here is a quick way to find inactive AD Users in your environment. Get-ADUser ist the cmdlet we are going to use.

We are getting all users from the highest OU (domain.com) and using the Property LastLogonDate, which will not be returned if not specified in the -Properties parameter. After that a Where statement is going to show users that haven't logged in since 90 days or more.

Get-ADUser -Filter * -Properties lastlogondate | where { $_.lastlogondate -lt (Get-Date).AddDays(-90) }

We could also specify the OU where the command is going to search:

Get-ADUser -Filter * -Properties lastlogondate -SearchBase "OU=TerminatedEmployees,DC=Company,DC=com"| where { $_.lastlogondate -lt (Get-Date).AddDays(-90) }|select Name,Lastlogondate

There is also the -SearchScope Onelevel parameter to determine that we are not going to search recursively:

Get-ADUser -Filter * -Properties lastlogondate -SearchBase "OU=TerminatedEmployees,DC=Company, DC=com" -SearchScope OneLevel | where { $_.lastlogondate -lt (Get-Date).AddDays(-90) }|select Name,Lastlogondate

Have fun!