User Profile Service error

Recently I was domain joining a number of machines which had previously been a member of another domain. Some of the Windows 10 machines had been upgraded from Windows 7, and this left an issue in the Default profile which cause an error when creating a new profile.

This error occured when trying to log in with a domain user.

The solution is simple:

  1. Find a healthy Windows 10 machine, preferably one that has been originally installed with Windows 10
  2. Copy the folder “C:\users\Default” onto a USB-stick (or a file share)
  3. Log on the affected machine with a local admin account
  4. Backup (or rename) the exisiting Default folder (hint: it’s hidden)
  5. Copy the Default folder from your USB stick into “C:\users\” on the affected machine
  6. Try to log on with the domain user

I read a lot of suggested solutions to this issue, many requiring complex forensics into registry, and file analysis on the default and affected profiles. This is the only solution I was able to come up with which in my case had a 100% chance of success.

Techtip: One-liner to get free space

Say you’d like to copy an exuberant amount of data from one server to another and you’re unsure if the target disk has sufficient space. Perhaps you’d simply like to know how much space you’ve got.¬† There are several way to check this, but here’s one more, and in my opinion the fastest:

Run this one-liner from any computer, and as long as you run it a user context where you have user rights on the server, you will get the amount of free space in GB.

You can also use this a basis for a script listing out renaming space on several computers or several disks on a single server, but that might be the subject for another article!

Working around number ranges limited to 32 bit integers

I head a real brain teaser when working a script earlier today. Basically I was modifying a script which lists out unused phone numbers in a range. It turns out German phone numbers (and any number greater than¬†2147483647) are incompatible with number ranges. Here’s why, and how to solve it.

When using number ranges, you are limited to signed 32 bit integers (-2147483646 to +2147483647). This is rarely an issue, but when working with untypical numbers, like unformatted phone numbers or the byte value of very large files, it can pose a problem.

This is an example of a range that will work:

This however, won’t work:

The high number is above the max value for a signed 32 bit integer.

Solving required a bit of a hack. To work around this limitation, use a While loop to create an array with the number series you’d like to feed into to your variable. Below is an example:

$Counter is initially set to be the starting number of your range. It will be the control parameter that the While loop uses to check if it’s done working.
$NumberStart is the starting (low) number in you range.
$NumberEnd is the end (high) number in you range
$Array is your range (or it’s equivalent). It gets fed each value from $NumberStart to $NumberEnd. This array will hold 64 bit integers.

 

Techtip: Reassociating an orphaned user after Database move

Every database on a Microsoft SQL Server instance maintains its own Access Control List (ACL) with a list of the users which have rights on the database, and what rights they have. This ACL however, doesn’t contains only contain user names, but also the Security Identifier (SID) of the user. This means that when moving a database, you can’t simply create a user on the instance you’re moving the database to and expect it to have the same rights. It won’t, because the SID of that user will be different, even if the user name is the same.

Microsoft has hedged against this, and allows you to update the ACL on the database by associating the user name in the ACL with the SID of the user with the same name on the instance to which the database has been moved. By doing this, you don’t have to manually delete the user permissions from the database security tab and set them up again. You can simply run a stored procedure.

To check whether or not there are any orphaned users in your database ACL, run this command on the database:

This will list any orphaned users with rights on the database.

To reassociate the users with a valid SID and keep it’s ACL entries on the database, run the following query:

After running the last command, your user rights will be correct for that user. You can test by running the first command again. No entry for that user should show up.

NB. The square brackets <> can be removed.

Techtip: Connecting to iSCSI targets via Powershell

Imagine wanting to set up two or more nodes in a file cluster and wanting to avoid configuration mismatches creating a troubleshooting nightmare even before putting your solution into production! How would you best go about doing that? Script it, and run the script throughout your nodes!

In this article I’d like to focus only on a very simple iSCSI target scenario. Two commands letting you create a persistent connection to an iSCSI target using Powershell. This in turn will let you do the exact same on every server you’d like to remain identical. You could even run it in a foreach loop letting you execute the same command set across a number of nodes without even having to log into them, and I’ll get to that in a later article.

First, connect to your iSCSI server:

Second you need to find your iSCSI target and connect to it. If there’s only one target on your server then you’ve got an easy time, but in case there are several, you should filter by it’s name, like this:

Replace fileshare1 with the name of your iSCSI target. You might want to test your filter before running the command and if so, simply omit the “Connect…” command after the pipe above and make sure the result set only contains the targets you’d like to connect to.

Of course there’s more, and if you’d like to delve deeper, please check out this blog:

Techtip: Change name using Powershell

In Windows Server 2012, you can do most, if not all administrative tasks using Powershell. There are roughly 2400 comdlets letting you manipulate the system in every unholy way imaginable! One of those ways is to change the computer name.

To change the computer name, simply run the following two lines:

You can for example use this code to script renaming multiple computers in bulk, or just to avoid cluttering up your screen with a GUI.