Powershell: List/Export Active Directory users UNDER certain OU incl. Home share

Powershell: List/Export Active Directory users UNDER certain OU incl. Home share

Searchbase = distinguishedName

How to find this out:

  • Start Active Directory User and Computers Console
  • Go to the OU you want to export and Right click > Attribute Editor
  • Copy the distinguishedName into the script below behind search base
  • Change your Domain controller behind Server

Searchbase = distinguishedName



IMPORT all Active Directory attributes under certain OU

Change all READ to your site info as mentioned above

import-module ActiveDirectory



'Server' = 'yourdomaincontroller'

'Searchbase' = 'OU=User,OU=Schweiz,DC=butsch,DC=ch'

'Searchscope'= 'Subtree'

'Filter' = '*'

'Properties' = '*'




'Property' = 'SAMAccountname', 'CN', 'title', 'DisplayName', 'Description', 'EmailAddress', 'mobilephone',@{name='businesscategory';expression={$_.businesscategory -join '; '}}, 'office', 'officephone', 'state', 'streetaddress', 'city', 'employeeID', 'Employeenumber', 'enabled', 'lockedout', 'lastlogondate', 'badpwdcount', 'passwordlastset', 'created','homeDrive','homeDirectory'



get-aduser @ADUserParams | select-object @SelectParams | export-csv "c:\edv\users.csv"


Save Powershell as c:\edv\dump.ps1

Logon on to Domain Controller

Start Powershell

Run .\dump.ps1 from c:\edv folder (Notice the .\ infront of dump.ps1)


You will get a COMMA Seperated list like this

#TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser



W7, 64BIT, WMI Hotfixes do date post SP1


WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.


IE11patch Infos:



YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO = Does not install on same system


001 (YES)





002 (YES)





003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7


2465990 > SUPERSEEDED > Replaced by > 2617858 (https://support.microsoft.com/en-us/kb/2617858)

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)


004 (YES)





005 (NO)







WSUS: Windows Update Server. Most common Problems. FAQ

Connect to SQL Internal WSUS Datbase on diffrrent OS:

Auf 2003:    \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query
Auf 2012R2: \\.\pipe\microsoft##WID\tsql\query

Missing "SelfUpdate" in Default Website when running WSUS under 8530


To make sure that the self-update tree is working correctly, first make sure that there is a Web site set up on port 80 of the WSUS server. You must have a Web site that is running on port 80, even if you put the WSUS Web site on a custom port. The Web site that is running on port 80 does not have to be dedicated to WSUS. WSUS uses the site on port 80 only to host the self-update tree. After verifying the Web site on port 80, you should run the WSUS script to guarantee a correct configuration of self-update on port 80. Open a Command prompt on the WSUS server and type the following:

cscript  WSUSInstallDirectory \setup\installselfupdateonport80.vbs (WSUSInstallDirectory is the directory in which WSUS is installed).

For more information about SelfUpdate, see Issues with Client Self-Update on Microsoft TechNet or download the Windows Server Update Services 3.0 SP2 Operations Guide from the Microsoft Download Center.


Sample from WSUS Server running under Server 2008R2 on Port 8530

Wrong WSUS:

Missing Virtual Directories under the "Default Web Site"



Fix the self-update virtual directory on port 80:

C:\>cd "Program Files"

C:\Program Files>cd "Update Services"

C:\Program Files\Update Services>cd setup

C:\Program Files\Update Services\setup>cscript installselfupdateonport80.vbs



Missing ASPNET_Client Folder in WSUS


Reset ASP-NET in IIS

Remove: aspnet_regiis –u

Install: aspnet_regiis -u



Make sure you install this Update for WSUS 3.0 SP2

An update for Windows Server Update Services 3.0 Service Pack 2 is available

  • Öffnen Sie cmd.exe im erhöhten Modus auf dem Windows-Client.
  • Geben Sie die folgenden Befehle ein.

    Net Stop wuauserv

    RD/s %windir%\softwaredistribution\

    Net start wuauserv



Check the WSUS Server with wsusutil.exe

C:\Program Files\Update Services\Tools>wsusutil.exe

Windows Server Update Services-Verwaltungsdienstprogramm. Versuchen Sie Folgendes:
        wsusutil.exe help checkhealth
        wsusutil.exe help configuressl
        wsusutil.exe help configuresslproxy
        wsusutil.exe help deletefrontendserver
        wsusutil.exe help listinactiveapprovals
        wsusutil.exe help removeinactiveapprovals
        wsusutil.exe help export
        wsusutil.exe help healthmonitoring
        wsusutil.exe help import
        wsusutil.exe help listfrontendservers
        wsusutil.exe help movecontent
        wsusutil.exe help reset
        wsusutil.exe help usecustomwebsite
        wsusutil.exe help listunreferencedpackagefolders

DB slow, unstable console, Check WSUS SQL Database (Internal)








WsusDBMaintenance.sql (4.64 kb)




sqlcmd -S np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -i c:\edv\WsusDBMaintenance.sql

2012 R2 erscheint nicht im WSUS sondern unter 6.1


Installieren 2 Hotfixe auf 2003 R2 WSUS 3.0

  1. http://support.microsoft.com/kb/2720211
  2. http://support.microsoft.com/kb/2734608
  3. Cleanup SQL script laufen lassen (Achtung die Funktion COPY CODE nicht benutzen!)
  4. Cleanup Wizard im WSUS selber laufen lassen



Command Line Options fuer WSUS Client

The following are the command line for wuauclt.exe


Most used:

wuauclt.exe /reportnow

wuauclt.exe /reportnow /detectnow

wuauclt.exe /UpdateNow

wuauclt.exe /resetauthorization /detectnow



/a /ResetAuthorization

Initiates an asynchronous background search for applicable updates. If Automatic Updates is disabled, this option has no effect.

/r /ReportNow

Sends all queued reporting events to the server asynchronously.

/? /h /help

Shows this help information.

Client Version XP/W7:


2003R2 Server version:


Most of these options don't give any noticable response, but that may be because of the state of the service. The command 'wuauclt /ResetAuthorization /DetectNow' worked for me right away.


Batch to Reset WSUS client



net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow



Windows Update Client Stuck on Server




 Windows Update Client Stuck on Server

1) Als erstes wuauclt.exe /resetauthorization /detectnow

Reboot des Server und Kontrolle ob es schon geht.

2) Siehe http://support.microsoft.com/kb/555175/en-us

3) Loeschen der Registry Keys:

  • HKEY_LOCAL_MACHINE\COMPONENTS\AdvancedInstallersNeedResolving

4) Loeschen der Datei pending.xml in Ordner %systemroot%/winsxs


Missing or corrupt WSUS Console.


Check the File "wsus" in Profile:

C:\Dokumente und Einstellungen\admin.butsch\Anwendungsdaten\Microsoft\MMC





BATCH to Full reset alls WSUS clients components:


@echo off
@echo Please read:
@echo -----------------------------------------
@echo This totally resets all of your Windows Update Agent settings.
@echo Many times, the computer will do a full reset and will not be able to
@echo install updates for the rest of the day. This is so that the server
@echo does not get overutilized because of the reset.
@echo If you don't receive any updates after this script runs, please
@echo wait until tomorrow.
@echo Re-running this script will reset the PC again and it will have
@echo to wait again.
PING -n 1 -w 30000 >NUL
net stop bits
net stop wuauserv
regsvr32 /u wuaueng.dll /s
@echo Deleting AU cache...
del /f /s /q %windir%\SoftwareDistribution\*.* del /f /s /q %windir%\windowsupdate.log
@echo Registering DLLs...
regsvr32 wuaueng.dll /s
regsvr32.exe %windir%\system32\wups2.dll /s
regsvr32.exe %windir%\system32\wuaueng1.dll /s
regsvr32.exe %windir%\system32\wuaueng.dll /s
regsvr32.exe %windir%\system32\wuapi.dll /s
%windir%\system32\regsvr32.exe /s %windir%\system32\atl.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\jscript.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\msxml3.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\softpub.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuapi.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng1.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wucltui.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wups.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuweb.dll
@Cleaning registry...
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
net start bits
net start wuauserv
@echo Checking in...
@echo It's possible the server will not release the updates in
@echo just one session, so it's ok if this script does not immediately
@echo install updates.
@echo This is due to the full reset on this PC. Just let it be for a few
@echo hours and updates should resume as normal.
wuauclt.exe /resetauthorization /detectnow
PING -n 1 -w 30000 >NUL
@echo Script has completed. Please restart your PC.
PING -n 1 -w 30000 >NUL


HP biosconfigutility.exe and password in BIOS options, error 10

HP this is absolue confusing! Not all syntax provided in the "Biosconfigutlity.exe" seem to work in a certain order!

Here is the correct syntax and a working example under Windows PE 3.X 32BIT boot media:

Biosconfigutlity.exe /cspwd:"youroldbiospassword" /cspws:"yournewbiospassword"

And an example to renew the existing BIOS password and write new BIOS Setting in one command:

BiosConfigUtility.exe /cspwd:"youroldbiospassword" /nspwd:"yournewbiospassword" /set:"%cd:~0,3%bios\6300\settings\6300.txt"

  • %cd:~0,3% = Current Drive letter your batch is on
  • bios\6300\settings\6300.txt (The config file with the new bios settings in some file Directory structure bios\modelltype\settings\modelltypeconfigfile.txt (Just an example)
  • Yes, you have to mention the "-chars (Quotation marks)
  •  "IF" you provider a existing password (cspwd), AND it does not match, it will be overseen and the NEW password written (cspws)
  • The exact syntax and ORDER of the options have to be followed

Make sure you don't mess UP with this tool. On certain newer laptops if you mess UP the BIOS password you "Can't" reset it with a jumper. There are two way (Send device to HP or buy a unlock key from russia for USD50). A cutomer from us has tried and did not understand the tool correct.

 If you don't want plain text passwords in your scripts you may have to use "HPQPswd.exe" which makes a password.BIN file from your entrys with the password encrypted.


Internet Explorer 9 Setup Breaks Active Setup of further MSI Packages


Active Setup is used in Windows Installer technology to setup certain Registry or file changed to all users of a computer. If you have a shared computer with several different local users this method is used to apply a certain setting to all profiles that exist on the machine.

The Internet Explorer 9 setup uses Active Setup to Switch between two different versions of Internet Explorer. In this example from IE8 and IE9. This can only happen after the Reboot of the Internet Explorer Setup.

If a regular (Domain User) without Admin permissions does Logon after the Reboot the Active setup does not get handheld correct. This si not by design and is an error of the IE9 Setup (Also IEAK Version).

To fix this remove Following Registry Setting after the reboot and installion of Internet Explorer 9. We had this problem also under Germans Windows 64BIT with IEAK 9 Setup.

reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f






 Frontrange/Enteo V7.1 Package (Exported and packed with 7ZIP)

{B090D188-091B-4470-95D4-A422E4991B49}.7z (2.90 kb)