joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...


Hey joe, How Do I Get a Listing of the Number of Direct Members in All Groups in a Domain or Forest

by @ 7:08 pm. Filed under tech


If you need to quickly get a handle on how many members each group in your domain or forest has, here is a quick and dirty method of generating that information:

Retrieving information for a single domain:

adfind -default -f objectcategory=group member -csv -cv

Which would look like

C:\>adfind -default -f objectcategory=group member -csv -cv
"CN=Print Operators,CN=Builtin,DC=testvn,DC=testvg,DC=loc","0"
"CN=Backup Operators,CN=Builtin,DC=testvn,DC=testvg,DC=loc","0"

If you have a large environment you may need to add -t 0 to disable an LDAP timeout.

This could also be done by specifying the domain or even a container somewhere within a given domain via the -b switch like -b dc=testvn,dc=testvg,dc=loc instead of -default (which is a shortcut or alias for “Look up the default domain DN and use it”) or by specifying a specific domain name via the host switch such as -h testvn.testvg.loc

Note that primary group membership is maintained in a different manner and will not be reported this way. See primaryGroupID attribute on a user object for this info.

If you need this information for an entire forest, you can use a for /f loop to execute a similar command above for every domain.

for /f %i in (‘adfind -sc domainlist’) do @adfind -h %i -default -f objectcategory=group member -csv -cv -nocsvheader

That would produce commands like

adfind -h testvg.loc -default -f objectcategory=group member -csv -cv -nocsvheader

adfind -h testvn.testvg.loc -default -f objectcategory=group member -csv -cv –nocsvheader

You will note the use of -csvheader, that switch turns off the header so it isn’t repeated for every domain so you will have a cleaner CSV output.

Alternately, if you would like the output for each domain to go to its own individual text CSV file, you could do something like

for /f %i in (‘adfind -sc domainlist’) do @adfind -h %i -default -f objectcategory=group member -csv -cv >%i.csv

Which would look like:

C:\>for /f %i in (‘adfind -sc domainlist’) do @adfind -h %i -default -f objectcategory=group member -csv -cv >%i.csv

C:\>dir *.csv
Volume in drive C has no label.
Volume Serial Number is 2C39-AD1C

Directory of C:\

10/05/2012  11:10 AM             2,085 testvg.loc.csv
10/05/2012  11:10 AM             2,269 testvn.testvg.loc.csv
               2 File(s)          4,354 bytes
               0 Dir(s)  10,312,482,816 bytes free

Rating 3.50 out of 5

Reducing Hibernation File Size

by @ 5:47 pm. Filed under tech

Not sure where I previously found this but cleaning up my email and wanted to save this tip

powercfg hibernate size xx

Where xx  is the % of the size of hibernation file. Start with xx=60. 

Set xx to 65% if you have problems with 60%.

That will take 40% less size while still giving you the benefits of hibernation.


Keywords: Hibernation File Compression

Rating 3.00 out of 5

Hey joe, How Do I Quickly Get a List of the OSes of Every DC in the Forest?

by @ 5:42 pm. Filed under tech



adfind -gcb -sc dcdmp -dsq | adfind -nodn dnshostname operatingsystem operatingsystemservicepack –jtsv2

Rating 3.00 out of 5


Free Azure eBook

by @ 11:47 am. Filed under general



Free e-book – Microsoft Azure Essentials: Fundamentals of Azure, Second Edition


This free Microsoft Press e-book covers the Azure fundamentals you need to start developing solutions right away. Discover the Azure features you’re most likely to need. Download the e-book.
Download the e-book

Rating 3.00 out of 5


PowerShell source now on GitHub

by @ 8:37 pm. Filed under general

Back in July, the web was afloat of rumors that Microsoft might be open sourcing PowerShell. Now a little over a month later, those rumors have been confirmed, and PowerShell has officially appeared on GitHub for Windows, Linux and MacOS.

Rating 4.00 out of 5


AdFind/AdMod Are In The Garage

by @ 11:31 am. Filed under tech

I am looking at what needs to be updated for AdFind/AdMod for Windows Server 2016 Active Directory and ADLDS. Is anyone actively using the beta and using AdFind/AdMod against it? Thoughts, comments, questions?


Rating 4.33 out of 5

What do I like about Windows 10/Windows Server 2016 TP5?

by @ 11:29 am. Filed under general

It seems I have been having a generally bad attitude about Windows 10 and Windows Server 2016 TP5 lately (especially the Start Menu) so I sat down and thought for a while… what do I really like about Windows 10/Windows Server 2016 TP5.

There has to be something that sticks out to me because it can’t all be painful and/or bad… I realized that my favorite part is the ability to finally be able to set the transparency level on the CMD and PowerShell console windows.

There used to be an application that would do that for you for the CMD console but it was kind of clunky especially when typing fast or the screen was scrolling fast. Glad to have it built in now. That was a feature I fell in love with on FreeBSD ages ago.


Rating 4.00 out of 5


Microsoft MVP… To be or not to be.

by @ 1:47 pm. Filed under general

Every year I have to submit my "accomplishments" from the prior year to see if I still "rate" as a Microsoft MVP. This is the first year since becoming an MVP in 2001[1] that I have been pinged to be more specific about what makes me valuable enough to be an MVP. I think that could mean that I am on the edge or perhaps over the edge and on my way out. We shall see as the next award cycle when I learn every year if I am still good enough is Oct 1.

I really enjoy being associated with the MVP program. It was always good being able to evangelize and share my voice as a person a lot of folks know as a true honest voice with serious technical chops being able to see behind the curtains at Microsoft a little and assure people that they are good people and trying to help. Also being able to provide feedback internally with minimal hoop jumping has always been a great thing as well. I can no longer recall how many bug fixes and documentation fixes I have submitted over the years mostly all of which started after I became an MVP and started to feel some small sense of ownership over what they published and a sense of "I want this to be right because my name is associated with these folks".

I hope I get awarded again, but if the Directory Services Product Group no longer feels I am a valuable external real world deep tech expert that is entirely their decision to make and I appreciate the time we have had together. 🙂


[1] Funny story. When I was first awarded the MVP I didn’t know what it was and I refused it. The guys running the program at MSFT had to call me and talk me into accepting it. I was quite busy at the time ripping Microsoft to shreds in the newsgroups and other forums for doing stupid shit while I was simultaneously helping people protect themselves from the stupid shit. I refused because I thought they wanted to bring me in to get some level of control over me and what I posted. They assured me that wasn’t the case so after a few weeks I accepted and have been quite happy since being associated with the program. However I do realize that little by little over time I started to worry more about the NDA and what they could say I learned via NDA sources versus on my own and was less and less likely to post the dark underside and badness because NDAs are serious shit and I didn’t want to have to debate with them what I figured out on my own versus what I didn’t learn from NDA. Realistically I haven’t learned a whole lot from the NDA conversations, if anything it has been more useful so I could better respond to deeper more direct questions their folks have had of me.

Rating 4.60 out of 5


Mike Kline

by @ 8:27 pm. Filed under general

It is with great sadness that I share with the joeware community that Mike Kline passed away on February 24th.

Mike was a great guy. He worked for Microsoft as a Premier Field Engineer, was a DS MVP like myself for years prior to working for Microsoft, a very strong proponent and long time evangelist of the joeware site and tools, and although I never had the opportunity to meet him face to face – a friend.

I have no details on what happened (whether sick or accident or ??) but I wanted to take a moment to share this sad news for those who may have knew him or had enjoyed his comments, blog postings, etc.  

Mike will definitely be missed. My thoughts go out to his family for this loss.


Mike’s digital presence:

Rating 4.60 out of 5


How Completely Messed Up Practices Become Normal

by @ 4:25 pm. Filed under general

Absolutely awesome article.

As far as I can tell, what happens at these companies is that they started by concentrating almost totally on product growth. That’s completely and totally reasonable, because companies are worth approximately zero when they’re founded; they don’t bother with things that protect them from losses, like good ops practices or actually having security, because there’s nothing to lose (well, except for user data when the inevetible security breach happens, and if you talk to security folks at unicorns you’ll know that these happen).

The result is a culture where people are hyper-focused on growth and ignore risk. That culture tends to stick even after company has grown to be worth well over a billion dollars, and the companies have something to lose. Anyone who comes into one of these companies from Google, Amazon, or another place with solid ops practices is shocked. Often, they try to fix things, and then leave when they can’t make a dent.

Google didn’t go from adding z to the end of names to having the world’s best security because someone gave a rousing speech or wrote a convincing essay. They did it after getting embarrassed a few times, which gave people who wanted to do things “right” the leverage to fix fundamental process issues. It’s the same story at almost every company I know of that has good practices. Microsoft was a joke in the security world for years, until multiple disastrously bad exploits forced them to get serious about security. Which makes it sound simple: but if you talk to people who were there at the time, the change was brutal. Despite a mandate from the top, there was vicious political pushback from people whose position was that the company got to where it was in 2003 without wasting time on practices like security. Why change what’s worked?

The data are clear that humans are really bad at taking the time to do things that are well understood to incontrovertibly reduce the risk of rare but catastrophic events. We will rationalize that taking shortcuts is the right, reasonable thing to do. There’s a term for this: the normalization of deviance. It’s well studied in a number of other contexts including healthcare, aviation, mechanical engineering, aerospace engineering, and civil engineering, but we don’t see it discussed in the context of software. In fact, I’ve never seen the term used in the context of software.

Rating 3.75 out of 5

[joeware – never stop exploring… :) is proudly powered by WordPress.]