Wednesday, September 25, 2013

S Memo Alternative for Custom Roms


Would like to share my experience about S Memo. Yeah I really love this feature in note series but I got struck to use while I was trying to move to custom rom finally I found few alternative which are really good.

1. Gnote    - Click to Install

imageFeatures of GNote
Multiple widgets which remains even after reboot. Widgets are updated as soon as the corresponding note is edited.
Multiple pages with easy navigation
Update existing widgets note
Simple toolbar which can be hidden.
Notes Gallery for managing notes. (image of the first page of the note is shown in notes gallery)
Notes Gallery - Multiple notes can be deleted.
Images from gallery and camera can be added to the note.
Settings - option to disable back key
Settings - option to disable finger touch.
It remembers last used pen and eraser settings and uses the same when the app is launched next time.
Very smooth and does not lag.
Clicking on the title bar of widget opens a new note
Clicking on the body of the widget opens the note corresponding to the widget.

Note can be shared now

Note can be exported as a png image

Text can be added to the note

Tool tips are added to the toolbar buttons

Selected tool is highlighted in white(applicable to pen, eraser and text)

reverted the icons to holo light theme

2. Memo  - Click to Install 

imageMemo is a note taking app designed specifically for Galaxy Note. Warning: only tested on Original International Galaxy Note (5.3"), use on other devices at your own risk!

S-Pen combatible (including side button and pressure sensitivity)
Works on custom roms such as CM9 and Paranoid Android
Inport and resize/move images from the camera, gallery, webpage or map
Two finger zoom and pan for inputting those finer details
Add typed text to notes
Share notes using MMS, E-mail, Facebook, Twitter, Instagram and more
Lots of options to let you setup the app just how you like it, including left handed mode, different backgrounds and more


3. Papyrus - Natural Note Taking     - Click to Install

Papyrus is a natural handwriting note-taking app that you use just like paper, but with the flexibility and adimagevantages of modern technology. With Papyrus, you can go beyond paper!

Papyrus allows you to take handwritten notes on your Android device using either an active pen (e.g. Samsung S Pen), passive stylus, or your finger. The vector graphics engine keeps your notes beautiful at any zoom level and on any device, while the simple and intuitive user interface allows you to take notes quickly and efficiently!

Premium Features¹
• Tool Pack - Adds a "true" eraser tool (erase parts of strokes), shape tools, and a text tool
• Cloud Services - Backup/restore and export notes as PDFs to cloud storage providers Dropbox and Box

Key Features
• Take notes naturally with a pen on active-pen enabled devices
• Take notes with your finger or passive stylus (non-active pen)
• Vector graphics engine
• Undo/redo, select, move, and resize
• Change the color and weight of selected items
• Cut, copy, and paste items between notes
• Multiple paper types and sizes
• Two finger scroll and pinch-to-zoom
• Two finger double tap to zoom to 100%
• Organize notes within notebooks (long press, drag and drop)
• Sort notes and notebooks
• Image import, crop, and resize
• Export notes to PDF, PNG, or JPEG for printing, archiving, or sharing
• Share notes with friends and colleagues via email, Evernote, and other services
• Samsung Multi-Window support (available on Galaxy Note 2, Note 8.0, and Note 10.1)
• Shortcuts to create a new note or open a notebook

Active Pen Device Exclusive Features
• Pressure sensitive pen for more natural writing
• Use pen side button to select pen strokes without having to switch tools
• Use pen side button for quick flick gestures (undo/redo and tool/color popups)
• Choose primary and secondary side button options
• Use pen eraser to quickly and naturally erase writing

Active Pen Device support includes
• HTC Flyer, HTC Jetstream, HTC EVO View 4G (HTC Scribe Pen)
• Lenovo ThinkPad Tablet
• Samsung Galaxy Note, Note 2, Note 8.0, and Note 10.1 (S Pen)

Information about active pen devices:

Saturday, September 21, 2013

Free Windows based MD5 checksum tool

WinMD5Free is a tiny and fast utility to compute MD5 hash value for files. It works with Microsoft Windows 98, Me, 2000, XP, 2003, Vista ,Windows 7 and 8.

WinMD5 Screenshot

As an Internet standard (RFC 1321), MD5 has been used in a wide variety of security applications, and is also commonly used to check the integrity of file, and verify download. WinMD5 is a small and easy tool to calculate md5 hash or checksum for different files (including files larger than 4 GB).


  • Supports almost all Windows platforms including Microsoft Windows 95, 98, 2000, Me, XP, 2003, Vista ,Windows 7 and 8.
  • Fast and multi-threaded. It can compute a 2 GB file less than 1 minute.
  • Supports big files larger than 4 GB.
  • Low resource usage. It uses less than 5 MB RAM.
  • Don’t require .NET runtime installed. It is a standalone EXE file and the startup is speedy. There are MD5 tools for Windows on the market, but most of them requires .NET runtime and they may take a few seconds to start. This is also the reason I wrote the program.
  • Supports “Drag & Drop”. You may either select a file, or drag and drop a file to the program window to get the MD5 hash value.
  • Supports verification of original MD5 value and current MD5 value.
  • Most important, it is FREE. No spyware or adware bundle.
  • Small size, an effective and tiny tool for data security.

Download (only 249KB):

WinMD5 Freeware Download MD5: 73f48840b60ab6da68b03acd322445ee

WinMD5Free.exe MD5: 944a1e869969dd8a4b64ca5e6ebc209a

You may simply download it, then unzip and put the exe to any folder on your hard drive, and start to use. No installation is required. The download does not contain any virus, spyware, adware or malware.

License Agreement:

You are granted unlimited rights to distribute WinMD5Free, but not limited to, the following terms: WinMD5Free may not be sold or resold, distributed as a part of any commercial package, used in a commercial environment, used or distributed in support of a commercial service, or used or distributed to support any kind of profit-generating activity, even if it is being distributed freely. All files must remain intact and unmodified from the original as distributed by the author.

Disclaimer of Warranty


MD5 Algorithm | MD5 Software for other platforms

Android 4.2.2 Official for Galaxy Grand Duos GT-I9082


The Android 4.2.2 firmware update for the Galaxy Grand Duos GT-I9082 is available for  the users of the device in 9 countries. Since all the firmware's, except one for Philippines, are unbranded, they can be installed on any Grand Duos that is not locked to a network carrier.

Features and Changes:

As expected from any major firmware update the Android  4.2.2 Jelly Bean firmware for the Galaxy Grand Duos brings a lot of new changes, features and some bug fixes. Some of the major features this new update comes with are as follows:

  • New lock screen with multi-page and support for widgets
  • Ripple and light effects on the lock screen
  • Semi-transparent status bar
  • Page Buddy
  • New Quick Settings toggles page in Notification Panel
  • Daydream feature under Display settings
  • Tabbed UI in Settings like the Galaxy S4
  • White Multi-Window bar
  • Faster performance that Android 4.1.2
  • Better battery life
  • Now you can change device name from Settings> More> About and then by tapping on “Device Name”
  • More…





Saudi Arabia:






Philippines (Sun):

Philippines (Smart):






How to Install:

Please note that this firmware is a test version and has a wipe attribute. It means that it will reset your phone when installed. To avoid any data loss, backup your apps and files stored on internal SD card.

  1. Download and extract the .rar file on your computer.
  2. Make sure your device has at least 60% battery.
  3. Turn on USB Debugging from Settings> Developer options.
  4. Make sure Samsung USB Drivers or Kies is installed on your PC: Download
  5. Turn off the device and boot it into Download Mode. To do this, hold Volume Down + Home + Power buttons at the same time for 2-3 seconds then press the Volume Up key to enter Download Mode.
  6. Launch Odin3-v3.07 and connect phone to computer with USB cable.
  7. When you see blue indicator and “Added!!” message on Odin.
  8. Click on PDA and select the CODE_I9082XXUBMF2_871997_REV05_user_mid_noship.tar.md5 file
  9. Click Phone button and add MODEM_I9082XXUBMF2_REV05.tar.md5 to it.
  10. Click on CSC button and select CSC_OXA_I9082OXABMF2_871997_REV05_user_mid_noship.tar.md5
  11. Then Click PIT button and select the baffin.pit file.
  12. Finally, click the Start button and wait till installation finishes.
  13. You will see a PASS!/RESET! massage on Odin followed by automatic device reboot.

When your phone boots up, you will see the welcome/set up screen and then your Galaxy Grand Duos GT-I9082 will be ready to use with the newly installed Android 4.2.2 Jelly Bean firmware. Enjoy!

CamScanner -Phone PDF Creator Pro Features for Free


CamScanner -Phone PDF Creator app is very popular app on the Google Play Store excellent user ratings. This best document scanning app has recently touched the milestone of 60 million users and celebrate this wonderful achievement, the developers have come up with a generous offer that is available for a limited time. By signing up for a free account at the official site, you can now enjoy all the pro features (worth $4.99) for free.

CamScanner uses your phone’s camera to scan documents and then employs its own image cropping and enhancing algorithm to bring out better results. The scanned images can then be converted into PDF files. You can easily split the scanned images into various pages according to your convenience. The app also supports file sharing and cloud uploading for easy access. Its advanced document editing features let you do anything you might want to do with a digital document.

Once you sign up for the account, you will be able to enjoy the Pro features, such as:

  • 10 GB more space for storing documents to cloud
  • Higher quality of scanning
  • Extract texts in PDF files for later editing or sharing
  • Password protection support for document sharing
  • Unlimited annotations on documents
  • No watermarks on generated PDF file
  • Ad free

Thousands of people have already been rushing to get the free license of the pro version of the app. To make sure that you get one for yourself, hurry now and sign up for an account on their official portal.

Click here to Sign Up for the Account

Download the app from the Play Store

Price: Free

Friday, September 20, 2013

Faster Touch Wiz on Your Samsung Galaxy Devices


To make Touch Wiz respond faster, you can try the following trick. I have tested it on Galaxy S3, S4 and Note 1 & 2 and it really works.

  1. Open your Galaxy device Settings.
  2. Scroll down to Developer Options.
  3. In case you have Galaxy S4 or any Galaxy device with Android 4.2 or up, you’ll not be able to see Developer Options under Settings until you enable it.
  4. Okay, now tap on Developer Options and scroll down to the following options:
    • Windows animation scale
    • Transition animation scale
    • Animator duration scale
  5. Tap all the 3 options one by one and set the Animation Scale configuration either OFF or to 0.5x (for less animation effect).
  6. Besides, you can also try turning “Force GPU Rendering” option ON by checking the box (avoid this step if you play 3D games on your device).
  7. Finally, you can free some more RAM by setting your device to kill any activity as soon as you leave it. To do this scroll down to “Do not keep activities” option and select it.





You are done now! Leave the Settings interface and play with the TouchWiz UI. You should now experience significant improvements in the lag-delays and enjoy faster response on your Galaxy phone or tablet.








Thanks to Rakesh.

Customize Your Rooted Android Device with Xposed Framework



Customization and flexibility lie at the core of Android and it is this potential that draws  more and more people to it, making it the most loved platforms for mobile devices. I see Android as an assertion of freedom against some other major operating systems like iOS and Windows Phone. At the same time, it must be admitted that this liberty comes tagged with a check and can be experienced by only those who are adventurous in nature. An Android device in its maiden state is just a little better than devices from its opponents, but once rooted, its leaves all others far behind.

We do not mean that customization is not possible altogether on an unrooted phone or tablet. You can install 3rd party launchers and icon packs and decorate your home screens with a variety of widgets. However, the range of such type of personalization is limited to a certain level. By rooting yourAndroid device, you get the key to unlock the whole next level of customization. If you have root access on your device, you can flash custom ROMs and mods to achieve not only true customization, but also improve its performance significantly not possible otherwise.

Also Read: To Root or not to Root, that’s the Question!

What is a Custom Framework?

In case you have a rooted device but you do not wish to install custom ROMs or mods, or a custom recovery is not available for it, there is yet another way of tasting the custom flavors of Android. And this can be done byinstalling a custom framework on your phone or tablet. All such frameworks modify the system.bin file replacing the original codes with those of the custom framework. The hacked system core then starts allowing changes imposed via custom modules. The best part of this whole business is that you can customize your device with stock firmware.

If you are not new to Android, you must have heard about some custom frameworks for Android like JKay, Xposed, 3Minit, etc. Developed by XDA member rovo89, the Xposed Framework is most popular of all its peers because of its potential and compatibility with almost all Android devices with Android 4.0 or above that house an ARM processor within them and are rooted.

How to Install Xposed Framework

Download the latest Xposed Installer app

“Installing a custom framework” might sound a little geeky and complicated task to most new users. On the contrary, Xposed Framework can be installed very easily like a simple APK. All you have to do is to download theXposed Installer app and install it on your device. Then open the app, select Framework and tap on the“Install/Update” button. The app will ask you to grant root permission, do it and wait for a while till you get an on-screen confirmation that the framework has been installed on your phone.


Now you have a custom base framework that can change the way you use your device with the help of compatible modules. Xposed Framework will not add any functionality to your device that can be used individually. Just search for Xposed modules and then you will be able to customize your device in various ways. The module files for the framework come as simple APK files and  can be installed normally.

How to Install Xposed Framework Modules:

As we already mentioned above, it is the modules that let you customize your device and therefore, you will have to find and download the desired modules and install them separately on your device. Fortunately, the developer has now added the option to download modules right from the app’s interface. Open Xposed Installer and tap on“Download” option. You will now see a long list of available Xposed modules that can be downloaded. Just select the module you like and hit the Download button.


Besides the modules available in the app, you can find more at forums like XDA and others. I have downloaded 2 modules, namely Wanam Xposed and Icon Changer on my Galaxy S4 with stock rooted ROM and both of them work perfectly. After installing the modules, do not forget to select them in Xposed Installer. Launch the app, tap on “Modules” and check the newly installed module.


Download Latest Xposed Installer and Modules:

You can download the latest version of Xposed Installer app from here, and get the module APKs from here.


Thanks to Rakesh

All-in-One Android Manager Tool- Mobogenie



You cannot get a perfect user interface with any smartphone or tablet unless you got a good PC suite tool installed on your computer too. Switching to Android years ago was a great move on my part but there is one thing I always miss in Android, and that is the lack of a PC Companion that is rich in functionality and helps in performing various tasks like managing contacts, sending messages, installing apps from the market and also individual APKs, managing media files,backing up and restoring data etc.

Mobogenie Android Manager is an all-in-one tool for Android devices that can do almost anything you might expect from a useful PC companion for your smartphone or tablet device. It’s very lightweight utility (only about 20 MBs) as compared to those bulky PC Suits you might be using.

A Must Have Tool for Android Users !

The above screenshot should be sufficient to show what wishes this little genie can fulfill, yet I am summarizing some of its features below:

  1. Shows your device’s info with network signal strength and battery charging percent.
  2. Manage internal SD card.
  3. Backup and restore apps, contacts, messages, music, images and video files.
  4. Install Apk files stored on your PC.
  5. Manage your apps, images, videos, music, contacts, messages, etc.
  6. Search for apps on the Google Play
  7. Install apps and games directly from Google Play to your device.
  8. Update apps and games.
  9. Download YouTube videos in MP4, FLV and 3GP formats.
  10. Download your favorite ringtones and wallpapers from all over the web.
  11. Interestingly, Mobogenie uses your computer’s data connection for downloading all stuff and then it pushes them to your device.

Windows XP, 2003, Vista, 7 and 8.




Thanks to Rakesh

Wednesday, September 11, 2013

Top 10 Active Directory Tasks Solved with PowerShell Using cmdlets is easier than you think


Managing Active Directory (AD) with Windows PowerShell is easier than you think -- and I want to prove it to you. Many IT pros think that they must become scripting experts whenever anyone mentions PowerShell. That couldn't be further from the truth. PowerShell is a management engine that you can work with in an interactive management console. It just so happens that you can take those interactive commands and throw them into a script to save typing, but you don't need to script to use PowerShell. You can handle the most common AD management tasks without writing a single script.

Learn more from "Searching and Managing Active Directory Groups with PowerShell" and "Managing AD in Bulk Using PowerShell."


To use PowerShell to manage AD, you need to meet a few requirements. I'm going to demonstrate how to use the AD cmdlets from a Windows 7 desktop. (You can also use the free AD cmdlets from Quest Software, in which case the syntax will vary slightly.)

To use the Microsoft cmdlets, you must have a Windows Server 2008 R2 domain controller (DC), or you can download and install the Active Directory Management Gateway Service on legacy DCs. Be sure to read the installation notes carefully; installation requires a DC reboot.

On the client side, download and install Remote Server Administration Tools (RSAT) for either Windows 7 or Windows 8. In Windows 7, you'll need to open Programs in Control Panel and select Turn Windows Features On or Off. Scroll down to Remote Server Administration Tools and expand Role Administration Tools. Select the appropriate check boxes under AD DS and AD LDS Tools, especially the check box for the Active Directory Module for Windows PowerShell, as shown in Figure 1. (In Windows 8, all tools are selected by default.) Now we're ready to roll.

Figure 1: Turning on AD DS and AD LDS Tools

Figure 1: Turning on AD DS and AD LDS Tools

For the sake of simplicity, I've logged on with an account that has domain admin rights. Many of the cmdlets that I'll show allow you to specify alternative credentials. In any case, I recommend reading full cmdlet Help and examples for everything I'm going to show you.

Open a PowerShell session and import the module:

PS C:\> Import-Module ActiveDirectory

The import also creates a new PSDrive, but we won't be using it. However, you might want to see which commands are in the module:

PS C:\> get-command -module ActiveDirectory

The beauty of these commands is that if I can use a command for one AD object, I can use it for 10 or 100 or 1,000. Let's put some of these cmdlets to work.

Task 1: Reset a User Password

Let's start with a typical IT pro task: resetting a user's password. We can easily accomplish this by using the Set-ADAccountPassword cmdlet. The tricky part is that the new password must be specified as a secure string: a piece of text that's encrypted and stored in memory for the duration of your PowerShell session. So first, we'll create a variable with the new password:

PS C:\> $new=Read-Host "Enter the new password" -AsSecureString

Next, we'll enter the new password:

PS C:\>

Now we can retrieve the account (using the samAccountname is best) and provide the new password. Here's the change for user Jack Frost:

PS C:\> Set-ADAccountPassword jfrost -NewPassword $new

Unfortunately, there's a bug with this cmdlet: -Passthru, -Whatif, and -Confirm don't work. If you prefer a one-line approach, try this:

PS C:\> Set-ADAccountPassword jfrost -NewPassword
(ConvertTo-SecureString -AsPlainText -String
"P@ssw0rd1z3" -force)

Finally, I need Jack to change his password at his next logon, so I'll modify the account by using Set-ADUser:

PS C:\> Set-ADUser jfrost -ChangePasswordAtLogon $True

The command doesn't write to the pipeline or console unless you use -True. But I can verify success by retrieving the username via the Get-ADUser cmdlet and specifying the PasswordExpired property, shown in Figure 2.

Figure 2: Results of the Get-ADUser Cmdlet with the PasswordExpired Property

Figure 2: Results of the Get-ADUser Cmdlet with the PasswordExpired Property

The upshot is that it takes very little effort to reset a user's password by using PowerShell. I'll admit that the task is also easily accomplished by using the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in. But using PowerShell is a good alternative if you need to delegate the task, don't want to deploy the Active Directory Users and Computers snap-in, or are resetting the password as part of a larger, automated IT process.

Task 2: Disable and Enable a User Account

Next, let's disable an account. We'll continue to pick on Jack Frost. This code takes advantage of the
-Whatif parameter, which you can find on many cmdlets that change things, to verify my command without running it:

PS C:\> Disable-ADAccount jfrost -whatif
What if: Performing operation "Set" on Target "CN=Jack Frost,

Now to do the deed for real:

PS C:\> Disable-ADAccount jfrost

When the time comes to enable the account, can you guess the cmdlet name?

PS C:\> Enable-ADAccount jfrost

These cmdlets can be used in a pipelined expression to enable or disable as many accounts as you need. For example, this code disables all user accounts in the Sales department:

PS C:\> get-aduser -filter "department -eq 'sales'" |

Granted, writing the filter for Get-ADUser can be a little tricky, but that's where using -Whatif with the Disable-ADAccount cmdlet comes in handy.

Task 3: Unlock a User Account

Now, Jack has locked himself out after trying to use his new password. Rather than dig through the GUI to find his account, I can unlock it by using this simple command:

PS C:\> Unlock-ADAccount jfrost

This cmdlet also supports the -Whatif and -Confirm parameters.

Task 4: Delete a User Account

Deleting 1 or 100 user accounts is easy with the Remove-ADUser cmdlet. I don't want to delete Jack Frost, but if I did, I could use this code:

PS C:\> Remove-ADUser jfrost -whatif
What if: Performing operation "Remove" on Target
"CN=Jack Frost,OU=staff,OU=Testing,DC=GLOBOMANTICS,DC=local".

Or I could pipe in a bunch of users and delete them with one simple command:

PS C:\> get-aduser -filter "enabled -eq 'false'"
-property WhenChanged -SearchBase "OU=Employees,
DC=Globomantics,DC=Local" | where {$_.WhenChanged
-le (Get-Date).AddDays(-180)} | Remove-ADuser -whatif

This one-line command would find and delete all disabled accounts in the Employees organizational unit (OU) that haven't been changed in at least 180 days.

Task 5: Find Empty Groups

Group management seems like an endless and thankless task. There are a variety of ways to find empty groups. Some expressions might work better than others, depending on your organization. This code will find all groups in the domain, including built-in groups:

PS C:\> get-adgroup -filter * | where {-Not
($_ | get-adgroupmember)} | Select Name

If you have groups with hundreds of members, then using this command might be time-consuming; Get-ADGroupMember checks every group. If you can limit or fine-tune your search, so much the better.

Here's another approach:

PS C:\> get-adgroup -filter "members -notlike '*'
-AND GroupScope -eq 'Universal'" -SearchBase
DC=local" | Select Name,Group*

This command finds all universal groups that don't have any members in my Groups OU and that display a few properties. You can see the result in Figure 3.

Figure 3: Finding Filtered Universal Groups

Figure 3: Finding Filtered Universal Groups

Task 6: Add Members to a Group

Let's add Jack Frost to the Chicago IT group:

PS C:\> add-adgroupmember "chicago IT" -Members jfrost

It's that simple. You can just as easily add hundreds of users to a group, although doing so is a bit more awkward than I would like:

PS C:\> Add-ADGroupMember "Chicago Employees" -member
(get-aduser -filter "city -eq 'Chicago'")

I used a parenthetical pipelined expression to find all users with a City property of Chicago. The code in the parentheses is executed and the resulting objects are piped to the -Member parameter. Each user object is then added to the Chicago Employees group. It doesn't matter whether there are 5 or 500 users; updating group membership takes only a few seconds This expression could also be written using ForEach-Object, which might be easier to follow.

PS C:\> Get-ADUser -filter "city -eq 'Chicago'" | foreach
{Add-ADGroupMember "Chicago Employees" -Member $_}

Task 7: Enumerate Members of a Group

You might want to see who belongs to a given group. For example, you should periodically find out who belongs to the Domain Admins group:

PS C:\> Get-ADGroupMember "Domain Admins"

Figure 4 illustrates the result.

Figure 4: Finding Members of the Domain Admins Group

Figure 4: Finding Members of the Domain Admins Group

The cmdlet writes an AD object for each member to the pipeline. But what about nested groups? My Chicago All Users group is a collection of nested groups. To get a list of all user accounts, all I need to do is use the -Recursive parameter:

PS C:\> Get-ADGroupMember "Chicago All Users"
-Recursive | Select DistinguishedName

If you want to go the other way -- that is, find which groups a user belongs to -- you can look at the user's MemberOf property:

PS C:\> get-aduser jfrost -property Memberof |
Select -ExpandProperty memberOf
CN=Chicago Test,OU=Groups,OU=Employees,
CN=Chicago IT,OU=Groups,OU=Employees,
CN=Chicago Sales Users,OU=Groups,OU=Employees,

I used the -ExpandProperty parameter to output the names of MemberOf as strings.

Task 8: Find Obsolete Computer Accounts

I'm often asked how to find obsolete computer accounts. My response is always, "What defines obsolete?" Different organizations most likely have a different definition for when a computer account (or user account, for that matter) is considered obsolete or no longer in use. Personally, I've always found it easiest to find computer accounts that haven't changed their password in a given number of days. I tend to use 90 days as a cutoff, assuming that if a computer hasn't changed its password with the domain in that period, it's offline and most likely obsolete. The cmdlet to use is Get-ADComputer:

PS C:\> get-adcomputer -filter "Passwordlastset
-lt '1/1/2012'" -properties *| Select name,passwordlastset

The filter works best with a hard-coded value, but this code will retrieve all computer accounts that haven't changed their password since January 1, 2012. You can see the results in Figure 5.

Figure 5: Finding Obsolete Computer Accounts

Figure 5: Finding Obsolete Computer Accounts

Another option, assuming that you're at least at the Windows 2003 domain functional level, is to filter by using the LastLogontimeStamp property. This value is the number of 100 nanosecond intervals since January 1, 1601, and is stored in GMT, so working with this value gets a little tricky:

PS C:\> get-adcomputer -filter "LastlogonTimestamp -gt 0"
-properties * | select name,lastlogontimestamp,
($_.Lastlogontimestamp)}},passwordlastset | Sort

I took the liberty of adding a custom property that takes the LastLogonTimeStamp value and converts it into a friendly date. Figure 6 depicts the result.

Figure 6: Converting the LastLogonTimeStamp Value to a Friendly Date

Figure 6: Converting the LastLogonTimeStamp Value to a Friendly Date

To create a filter, I need to convert a date, such as January 1, 2012, into the correct format, by converting it to a FileTime:

PS C:\> $cutoff=(Get-Date "1/1/2012").ToFileTime()
PS C:\> $cutoff

Now I can use this variable in a filter for Get-ADComputer:

PS C:\> Get-ADComputer -Filter "(lastlogontimestamp -lt
$cutoff) -or (lastlogontimestamp -notlike '*')" -property
* | Select Name,LastlogonTimestamp,PasswordLastSet

This query finds the same computer accounts that I found in Figure 5. Because there's a random offset with this property, it doesn't matter which approach you take -- as long as you aren't looking for real-time tracking.

Task 9: Disable a Computer Account

Perhaps when you find those inactive or obsolete accounts, you'd like to disable them. Easy enough. We'll use the same cmdlet that we use with user accounts. You can specify it by using the account's samAccountname:

PS C:\> Disable-ADAccount -Identity "chi-srv01$" -whatif

What if: Performing operation "Set" on Target "CN=CHI-SRV01,


Or you can use a pipelined expression:

PS C:\> get-adcomputer "chi-srv01" | Disable-ADAccount

I can also take my code to find obsolete accounts and disable all those accounts:

PS C:\> get-adcomputer -filter "Passwordlastset
-lt '1/1/2012'" -properties *| Disable-ADAccount

Task 10: Find Computers by Type

The last task that I'm often asked about is finding computer accounts by type, such as servers or laptops. This requires a little creative thinking on your part. There's nothing in AD that distinguishes a server from a client, other than the OS. If you have a laptop or desktop running Windows Server 2008, you'll need to get extra creative.

You need to filter computer accounts based on the OS. It might be helpful to get a list of those OSs first:

PS C:\> Get-ADComputer -Filter * -Properties OperatingSystem |
Select OperatingSystem -unique | Sort OperatingSystem

Figure 7 shows what I have to work with.

Figure 7: Retrieving a List of OSs

I want to find all the computers that have a server OS:

PS C:\> Get-ADComputer -Filter "OperatingSystem -like
'*Server*'" -properties OperatingSystem,OperatingSystem
ServicePack | Select Name,Op* | format-list

I've formatted the results as a list, as you can see in Figure 8.

Figure 8

Figure 8

As with the other AD Get cmdlets, you can fine-tune your search parameters and limit your query to a specific OU if necessary. All the expressions that I've shown you can be integrated into larger PowerShell expressions. For example, you can sort, group, filter, export to a comma-separated value (CSV), or build and email an HTML report, all from PowerShell and all without writing a single PowerShell script! In fact, here's a bonus: a user password-age report, saved as an HTML file:

PS C:\> Get-ADUser -Filter "Enabled -eq 'True' -AND
PasswordNeverExpires -eq 'False'" -Properties
PasswordLastSet,PasswordNeverExpires,PasswordExpired |
Select DistinguishedName,Name,pass*,@{Name="PasswordAge";
Expression={(Get-Date)-$_.PasswordLastSet}} |sort
PasswordAge -Descending | ConvertTo-Html -Title
"Password Age Report" | Out-File c:\Work\pwage.htm

Although this one-line command might look intimidating at first, it's pretty simple to follow when you have a little PowerShell experience. The only extra step that I took was to define a custom property called PasswordAge. The value is a timespan between today and the PasswordLastSet property. I then sorted the results on my new property. Figure 9 shows the output from my little test domain.

Figure 9

Figure 9


Thanks to ItPro.

Active Directory Domain Services (AD DS) Troubleshooting Survival Guide and Content Map


Honestly Just wanted to keep awesome article in my blog.

This page categorizes the Active Directory troubleshooting information that is spread all over the Internet, so you can get to the resource you need to solve your specific issue.

Troubleshooting Overviews

You might want to check out these overviews, flow charts, and general Active Directory troubleshooting strategy resources if you are not quite sure where to start:

Collecting Information

The following topics contain information that can help you gather more information about the problems that you are experiencing:

Useful Utilities

DCdiag - general domain controller diagnostics especially dcdiag /fix on a domain controller
Netdiag - general network diagnostics, especially useful is netdiag /fix for Windows Server 2003 R2 and earlier implementations
Netdom - used for resetting domain member computer secure channels and setting up trust relationships
ADSIEdit - used for browsing Active Directory structure from an LDAP perspective
LDP - LDAP browser that can be used for browsing, finding, and modifying the security settings of Active Directory objects
Insight for Active Directory - Intercepts and displays LDAP and ADSI calls to show you what is happening when Active Directory is accessed from the system on which it is installed.
ACLDiag - shows permissions set on Active Directory objects
SDCheck - Security Descriptor Checker is used to query security descriptor information on Active Directory objects
DSAStat - used to compare Active Directory replica sets
NTFRSUtil - used to monitor and diagnose issues with the NT File Replication System used for Active Directory replication by default in Windows Server 2003 R2 and earlier. Starting in Windows Server 2008 Directory File Service Replication (DFSR) was enabled by default on new forests
Repadmin - used for monitoring and troubleshooting Active Directory replication
Replmon - a graphical replication troubleshooting tool for Windows Server 2003 R2 and earlier - deprecated starting in Windows Server 2008
Codeplex Active Directory Utilities - Multiple tools available for Active Directory from this site
Useful Microsoft Active Directory Tools - Another site that is dedicated to discussing Active Directory tools.
Active Directory Replication Status Tool   - GUI tool released 7/2012 to analyze and check replication status.

Active Directory Events

Starting with Windows Server 2008 the most frequently encountered event viewer messages have been targeted for more information. There are two big collections in the TechNet Library that we are planning to move onto the TechNet Wiki, so that a larger group of people can help provide assistance in getting them documented.

There are also people working on a similar endeavor at EventID.Net , where you can search for more information by providing the Event Source and ID. A similar mechanism exists on the TechNet Errors and Events Message Center .  This TechNet Wiki may one day be the best place to find more information on Events and Errors as there are several people working on fleshing these out on this platform. More about that in the following section.

Event Sources

The vision for this section is to link from each of the following event sources below to pages that discuss the event source and link out to specific Event IDs. The Event ID pages will then provide troubleshooting information specific to the event. We are already working on this as you can see in Event ID 1311. Our goal is for each page to provide the information that people will need to solve the issues they encounter. There are many people already committed to this effort and working on it. Still, we can use all the help we can get; if you are inclined to help - we encourage you to do so.


Active Directory Limitations

There are many different factors that can limit the scale and performance of Active Directory. Here are articles that discuss them:

Active Directory Replication Issues

Resources that will help you troubleshoot Active Directory replication issues include:

Services or Access Denied

If the user account you are using truly does not have permissions to perform an action in Active Directory, you will likely receive an Access Denied message. To see if you are using an account with the appropriate privileges, see Privileges. To learn more about permissions and the specific permissions required to perform specific tasks, see Best Practices for Delegating Active Directory Permissions: Appendices .
You might also need a service principal name (SPN) for your service in Active Directory. To learn more abouttroubleshooting SPNs, take a look at Service Principal Names (SPNs).
Sometimes the reason for an access denied message may be related to something that is not immediately obvious. For example, it is possible that the computer was set to Shutdown the system immediately if unable to log security eventsor the CrashOnAuditFail Registry value was set. You may have to log on interactively or directly to the console (Session 0). For more information, see Services Denied and Computer Unresponsive When Security Event Log is Full." For more information about Session 0, see Scheduled Tasks Run in the Context of Session 0 with Terminal Services and How to Connect to and Shadow the Console Session with Windows Server 2003 Terminal Services and Application Compatibility Session 0 Isolation .

Performance Issues

Blogs with Troubleshooting Information

AD Troubleshooting blog
Ask the Directory Services Team

Similar Guides

access denied, Active Directory, AD DS, Diagnosing, en-US, has comment, Has TOC, limits, performance,troubleshooting