Lync photos in Active Directory - how to retrieve, how to find

To retrieve user photos from Lync, for example to put download photos and put in thumbnailPhoto in Active Directory.
Database: RTC

select UserAtHost,convert(varchar(4000),convert(varbinary(4000),Data))
from PublishedStaticInstance,Resource
where ResourceId = PublisherId
and convert(varchar(4000),convert(varbinary(4000),Data))
like '%%'

Steps (once a day):

• export data from RTC database
• loop for all photos
• download photo
• if needed - scale down to 96x96
• put in thumbnailPhoto

Laast photo update - can be stored in extensionAttributeX (one of available numbers). Why to store photos in both locations? Not every workstation has got Lync 2013 client or newer, the same is for still not migrated all users from Exchange 2010 so... it's better to have all the data in both places.

undelete/recover Active Directory object - powershell

Restore-ADObject -identity (Get-ADObject -SearchBase (get-addomain).DeletedObjectsContainer -IncludeDeletedObjects -filter "sAMAccountName -eq 'OneOfDeletedNames'").distinguishedName

of course OneOfDeletedNames should has dollar sign ($) at the end when deleted object is a computer account.
or for multiple objects
("comp1", "user1345", "jOhnSmith12") | %{ Restore-ADObject -identity (Get-ADObject -SearchBase (get-addomain).DeletedObjectsContainer -IncludeDeletedObjects -filter "sAMAccountName -eq '$_'").distinguishedName}

winhttp proxy settings - registry

Based on this blog.

To distribute proxy settings for operating system and local system processes - it can be set by gpo:

Computer Configuration > Preferences > Windows Settings > Registry

Action: UpdateReplace
Hive: HKEY_LOCAL_MACHINE
Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Value name: WinHTTPSettings
Value type: REG_BINARY
Value data: (You must prepare it from command line and just copy value)

How to prepare binary value? On machine with Group Policy Management Console (GPMC) - run cmd.exe in context of local administrator (run as administrator) and from command line provide command like for some bogus company:
(to avoid lost of setting - let view current setting)
netsh winhttp show proxy
(and finally set to - if it is really required - maybe Your current setting is previously set - set to anything that will be configured on machines through gpo)
netsh winhttp set proxy proxy1:8080 "10.*;192.168.*;"
During creation of setting in GPMC it will be filled up with this value

Huge group - powershell - how to count members

Problem with huge group - members' above 5,000 (web services limit):
(Get-ADGroupMember "some_big_group").Count Get-ADGroupMember : The size limit for this request was exceeded At line:1 char:34 + $groupMembers = Get-ADGroupMember <<<< "some_big_group" + CategoryInfo : NotSpecified: (some_big_group:ADGroup) [Get-ADGrou pMember], ADException + FullyQualifiedErrorId : The size limit for this request was exceeded,Mic rosoft.ActiveDirectory.Management.Commands.GetADGroupMember

Solution:
(Get-ADGroup "some_big_group" -Properties Member | Select -ExpandProperty Member).Count

extremally slow Dell laptop e6520

It's not connected probably with this model only - I tried to found the reason why my brother's laptop is so sloooow and I found that. SpeedStep technology should be disabled in BIOS. What a stupid decision to enable it by default - Intel i5 processor is working like first Pentium.

CRL locations - the most popular (for me) - for offline download

List of CRL locations

AlphaSSL

http://crl2.alphassl.com/gs/gsalphag2.crl
AlphaSSL CA - SHA256 - G2 http://crl2.alphassl.com/gs/gsalphasha2g2.crl
GlobalSign Root CA - R3 http://crl.globalsign.net/root-r3.crl
GlobalSign Root CA - R3 http://crl.globalsign.com/root-r3.crl
GlobalSign Root CA http://crl.globalsign.net/root.crl

Symantec

Symantec Class 3EV SSL CA http://sr.symcb.com/sr.crl
VeriSign http://s1.symcb.com/pca3-g5.crl

DigiCert - crl3 and crl4 point to the same list of crl-s

http://crl4.digicert.com/sha2-ev-server-g2.crl
http://crl3.digicert.com/sha2-ev-server-g2.crl
DigiCert High Assurance EV Root CA http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
http://crl4.digicert.com/sha2-assured-cs-g1.crl
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl
http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl

Baltimore

Baltimore CyberTrust Root http://cdp1.public-trust.com/CRL/Omniroot2025.crl

Microsoft

https://www.microsoft.com/pki/mscorp/cps/default.htm Microsoft IT SSL SHA2 (signed by Baltimore CyberTrust Root) http://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl
Microsoft IT TLS CA 1 (signed by Baltimore CyberTrust Root) http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft IT TLS CA 1.crl
Microsoft IT TLS CA 2 (signed by Baltimore CyberTrust Root) http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft IT TLS CA 2.crl
Microsoft IT TLS CA 4 (signed by Baltimore CyberTrust Root) http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft IT TLS CA 4.crl
Microsoft IT TLS CA 5 (signed by Baltimore CyberTrust Root) http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft IT TLS CA 5.crl

http://crl.microsoft.com/pki/crl/products/tspca.crl
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
http://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl
http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
http://crl.microsoft.com/pki/crl/products/CSPCA.crl

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
http://crl.microsoft.com/pki/crl/products/WinPCA.crl
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl

http://www.microsoft.com/pki/crl/products/MicCerTruLisPCA_2009-04-02.crl
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl
http://www.microsoft.com/pkiops/crl/Microsoft Windows Third Party Component CA 2012.crl


Sharpoint and crls

Verisign (Symantec)

VeriSign Class 3 PCA G5 http://crl.verisign.com/pca3-g5.crl
VeriSign Class 3 Public Primary Certification Authority http://crl.verisign.com/pca3.crl

powershell install module - manual and automatic

Manual

Where to install module? Use:
$env:PSModulePath
Create folder in one of directories, usually it is like: c:\Windows\System32\WindowsPowerShell\v1.0\Modules. This is legacy path, it can be located in different location - if this module will be used by more people - maybe You should consider a new place for modules. Place there downloaded files in some new directory, for example - if you downloaded PSPKI you have folders and structure like (only few folders in example, no files, but they are located inside): .\PSPKI-v.3.2.7.0 .\PSPKI-v.3.2.7.0\Client
.\PSPKI-v.3.2.7.0\Library
.\PSPKI-v.3.2.7.0\Server
.\PSPKI-v.3.2.7.0\Types
.\PSPKI-v.3.2.7.0\(main files)

So - create:
c:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSPKI

and put there all files and folders from:
.\PSPKI-v.3.2.7.0

Automatic

If you have Powershell 5.0 or newer use:

 

powershell version check

How to check?

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.16299.251
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.16299.251
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1