PowerShell: Add printers to DNS
I realized today that most of our printers at work did not have DNS entries. This isn’t a big problem for users because they’re on our print server and they get their printers through Group Policy. The Print server has each printer set up to the IPs. We just implemented a management system today, and it lists the printers by IP and because the DNS entries were “Unknown” for most of them, it wasn’t easy to determine what printer we were looking at.
I found several PowerShell examples on the web for interacting with Microsoft DNS servers, and took a bit from each to come up with this script. It takes the shared printer name and publishes that as the DNS name. This does cause a problem if you have spaces in a share name, but our environment doesn’t, so I didn’t program for that issue.
Here’s the script:
Fixing IT problems with a hammer
In a continuing process of cleaning up horrible decisions by our predecessors, we just moved a website off one of our domain controllers. The website was moving from IIS6 to 7 (or 7.5, whatever comes with Server 2008 R2), and it required some tweaking to start working again. One of the parts that didn’t work was a self-help page where teachers could unlock student accounts. I set up this web server, and created a service account for it that doesn’t have any special rights on the domain. Because the website runs in IIS as this service account, it could query the domain with no problems, but it didn’t have the rights to unlock accounts.
This is obviously where I differ from a coworker…
him: “Just add the service account to Domain Admins”
me: “Why would I want to do that?”
In the end I remembered I can delegate just the permissions needed to unlock our student accounts to that service account and it works fine.
Why use a hammer when you only need a tiny screwdriver?
One line administration – search and delete computer accounts
Here’s a quick one-line script I’ve been using to clean up some old computer accounts in active directory. It requires the dsquery and dsrm tools from the Server 2003 Admin Pack or the Remote Server Administration Toolkit.
@for /f %%a in ('DSQUERY COMPUTER -NAME *%1') do (dsrm %%a)
Save that in as a batch file and it’ll query Active Directory for computers including the argument passed. Here’s an example with a naming structure where we have the last 4 digits of the MAC address in the name for uniqueness.
C:\>adrm.cmd 6736
C:\>(dsrm "CN=LABPC6736,OU=Labs,DC=yakk0,DC=org" )
Are you sure you wish to delete CN=LABPC6736,OU=Labs,DC=yakk0,DC=org (Y/N)? y
dsrm succeeded:CN=LABPC6736,OU=Labs,DC=yakk0,DC=org