Communication Tab not showing in ADUC

By default, the Communications tab is not displayed in the Active Directory Users and Computers MMC snap-in on a computer that is running a 64-bit version of Windows.

To display the Communications tab, start the Active Directory Users and Computers MMC snap-in in 32-bit mode. To do this, click Start, click Run, type dsa.msc -32, and then click OK.

 Happy Learning!!!

Export Bitlocker Recovery Keys from Active Directory

Today I've received a request from one of my colleague.


Requirement is to export bitlocker keys from AD. He's already using a vbscript from MS, but the script works in such a way that it creates output file for each computer in AD. He was executing the script manually everyday.


With some modifications, I could achieve the output to single file. Just want to share with other techies who might have similar requirement.


Here is the script.


## Use the script @ your own risk.


#Script starts here


sDate = DatePart("m", Now) & "-"
sDate = sDate & DatePart("d", Now) & "-"
sDate = sDate & DatePart("yyyy", Now) & ""
Set FS=CreateObject("Scripting.FilesystemObject")
'***********************************************************
'mention the path to save output file
'***********************************************************
Set Write = Fs.OpenTextFile ("c:\bitlocker-" & sDate & sTime & ".xls",2,True)
write.writeline "Computer Name" &  vbTab &  "AD Path  "  &  vbTab & "DateAdded & PasswordID"& vbTAB & "RecoveryGuid" & vbTab & "RecoveryPassword"
Sub ShowUsage
  Wscript.Echo "USAGE: Get-BitLockerRecoveryInfo [Optional Computer Name]"
  Wscript.Echo "If no computer name is specified, the local computer is assumed."
  WScript.Quit
  End Sub
Function HexByte(b)
      HexByte = Right("0" & Hex(b), 2)
End Function
Function ConvertOctetGuidToHexString(ByteArray)
  Dim Binary, S
  Binary = CStr(ByteArray)
  On Error Resume Next
  S = "{"
  S = S & HexByte(AscB(MidB(Binary, 4, 1)))
  S = S & HexByte(AscB(MidB(Binary, 3, 1)))
  S = S & HexByte(AscB(MidB(Binary, 2, 1)))
  S = S & HexByte(AscB(MidB(Binary, 1, 1)))
  S = S & "-" 
  S = S & HexByte(AscB(MidB(Binary, 6, 1)))
  S = S & HexByte(AscB(MidB(Binary, 5, 1)))
  S = S & "-" 
  S = S & HexByte(AscB(MidB(Binary, 8, 1)))
  S = S & HexByte(AscB(MidB(Binary, 7, 1)))
  S = S & "-" 
  S = S & HexByte(AscB(MidB(Binary, 9, 1)))
  S = S & HexByte(AscB(MidB(Binary, 10, 1)))
  S = S & "-" 
  S = S & HexByte(AscB(MidB(Binary, 11, 1)))
  S = S & HexByte(AscB(MidB(Binary, 12, 1)))
  S = S & HexByte(AscB(MidB(Binary, 13, 1)))
  S = S & HexByte(AscB(MidB(Binary, 14, 1)))
  S = S & HexByte(AscB(MidB(Binary, 15, 1)))
  S = S & HexByte(AscB(MidB(Binary, 16, 1)))
  S = S & "}"
  On Error GoTo 0
  ConvertOctetGuidToHexString = S
End Function

' --------------------------------------------------------------------------------
' Get path to Active Directory computer object associated with the computer name
' --------------------------------------------------------------------------------
Function GetStrPathToComputer(strComputerName)
    ' Uses the global catalog to find the computer in the forest
    ' Search also includes deleted computers in the tombstone
    Set objRootLDAP = GetObject("LDAP://rootDSE")
    namingContext = objRootLDAP.Get("defaultNamingContext") ' e.g. string dc=fabrikam,dc=com   
    strBase = """

    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOOBject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection
    strFilter = "(&(objectCategory=Computer)(cn=" &  strComputerName & "))"
    strQuery = strBase & ";" & strFilter  & ";distinguishedName;subtree"
    objCommand.CommandText = strQuery
    objCommand.Properties("Page Size") = 100
    objCommand.Properties("Timeout") = 100
    objCommand.Properties("Cache Results") = False
    ' Enumerate all objects found.
    Set objRecordSet = objCommand.Execute
    If objRecordSet.EOF Then
      WScript.echo "The computer name '" &  strComputerName & "' cannot be found."
      WScript.Quit 1
    End If
    ' Found object matching name
    Do Until objRecordSet.EOF
      dnFound = objRecordSet.Fields("distinguishedName")
      GetStrPathToComputer = "LDAP://" & dnFound
      objRecordSet.MoveNext
    Loop

    ' Clean up.
    Set objConnection = Nothing
    Set objCommand = Nothing
    Set objRecordSet = Nothing
End Function
TAB  = CHR( 9 )
CRLF = CHR( 13 ) & CHR( 10 )
Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_USE_SEALING = 64 '0x40
Const ADS_USE_SIGNING = 128 '0x80
Const ADS_SCOPE_SUBTREE = 2
Set objConnection1 = CreateObject("ADODB.Connection")
Set objCommand1 = CreateObject("ADODB.Command")
objConnection1.Provider = "ADsDSOObject"
objConnection1.Open "Active Directory Provider"
Set objCOmmand1.ActiveConnection = objConnection1
objCommand1.CommandText = _
"Select Name, Location from 'LDAP://OU=test,DC=cxx,DC=com' " _ ' ============Mention LDAP OU PATH HERE===================='
& "Where objectCategory='computer'"
objCommand1.Properties("Page Size") = 1000
objCommand1.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet1 = objCommand1.Execute
objRecordSet1.MoveFirst
Do Until objRecordSet1.EOF
  ' --------------------------------------------------------------------------------
  ' Parse Arguments
  ' --------------------------------------------------------------------------------
  Set args = WScript.Arguments
  Select Case args.Count
 
   Case 0
    ' Get the name of the local computer     
    strComputerName =objRecordSet1.Fields("Name").Value
   
   Case 1
   If args(0) = "/?" Or args(0) = "-?" Then
      ShowUsage
   Else
     strComputerName = args(0)
   End If
 
  Case Else
    ShowUsage
End Select
' --------------------------------------------------------------------------------
' Helper function: Convert the octet GUID string (byte array) to a hex string
' --------------------------------------------------------------------------------
'Reference: http://blogs.msdn.com/ericlippert/archive/2004/05/25/141525.aspx

' --------------------------------------------------------------------------------
' Securely access the Active Directory computer object using Kerberos
' --------------------------------------------------------------------------------

Set objDSO = GetObject("LDAP:")
strPathToComputer = GetStrPathToComputer(strComputerName)
Set objFveInfos = objDSO.OpenDSObject(strPathToComputer, vbNullString, vbNullString, _
                                   ADS_SECURE_AUTHENTICATION + ADS_USE_SEALING + ADS_USE_SIGNING)

objFveInfos.Filter = Array("msFVE-RecoveryInformation")
' Iterate through each recovery information object

dim row
row = 0
For Each objFveInfo in objFveInfos
 strName = objFveInfo.Get("name")
 
   strRecoveryGuidOctet = objFveInfo.Get("msFVE-RecoveryGuid")
  
   strRecoveryGuid = ConvertOctetGuidToHexString(strRecoveryGuidOctet)

   strRecoveryPassword = objFveInfo.Get("msFVE-RecoveryPassword")

   write.WriteLine strComputerName &  vbTab &  strPathToComputer &  vbTab & strName & vbTab & strRecoveryGuid & vbTab & strRecoveryPassword

   If len(strRecoveryGuid) <> 38 Then
      WScript.echo "WARNING: '" & strRecoveryGuid & "' does not appear to be a valid GUID."
   End If
Next
'WScript.Quit  ''''''''''''''''''''''''''''''''''''''''''

Set strComputerName = Nothing
objRecordSet1.MoveNext
Loop
WScript.Quit

Solution Center for Access Denied Error Messages

This solution center provides links to information which will help you troubleshoot scenarios in which you receive an "access denied" error message.

+ On your computer

How to troubleshoot scenarios when you are unable to open a file or folder or when a service on your computer fails to start on your computer.

File System "Access Denied" How to troubleshoot scenarios when you are unable to open a file or folder on a local drive on your computer. This can occur if you don’t have permissions on the file or folder, or if the file has been encrypted Troubleshoot "access denied" when opening files or folders This article desribes how to resolve common problems with accessing files or folders. Certain folders may have to be excluded from antivirus scanning when you use a file-level antivirus program in SharePoint This article includes information about folders that may have to be excluded from antivirus scanning when you use a file-level antivirus program in SharePoint to avoid receiving "access denied" error messages when files are uploaded. You cannot delete a file or a folder on an NTFS file system volume This article describes why you may not be able to delete a file or a folder on an NTFS file system volume and how to address the different causes to resolve this issue. "Access Is Denied" Error Message Appears When Permissions Are Correct How to troubleshoot an issue when you receive an "access is denied" error message while trying to access a file on an NTFS file system volume. Services "Access Denied" How to troubleshoot an Error 5 or "Access Denied" when a service on your computer fails to start. This can occur if the permissions on the service account that is used to start the service have been changed or does not have permissions to the Windows registry keys used by the service. Error message when attempting to start the Windows Event Log Service: "Access denied" How to troubleshoot an "Error 5: Access Denied" error message when you try to start the Windows Event Log service from the Services console on Windows Server 2008 and the Windows Event Log service fails. Some services do not start in Windows Vista How to troubleshoot an "access denied" error message when you try to manually start the Windows Firewall service on Windows Vista computers or the DHCP Client or “Diagnostic Policy Service” services.

---

+ On a shared network

How to troubleshoot when you are unable to open a file or folder on another computer on a network.

Network "Access Denied" How to troubleshoot when you are unable to open a file or folder on another computer on a network. This can occur for a number of reasons, including network issues, whether the file or folder has been shared, and the share permissions might not be configured correctly. Troubleshoot file and printer sharing This article desribes how to resolve common problems with file and printer sharing on a network. Access Denied Error When Attempting to Connect to a Network Share How to troubleshoot when you receive an "access denied" error message while attempting to connect to a network share. New network shared folders automatically assign Read permissions to the Everyone group in Windows Server 2003 This article provides a hotfix to correct a problem in Windows Server 2003 where the value of the SrvsvcDefaultShareInfo entry in a registry subkey is ignored when you create a new network share.

---

+ On the Internet

How to troubleshoot when you are unable to access secure web sites (Secure Web sites are generally accessed by using a URL that includes the https:// protocol) or a web site that is not a trusted site.

Internet "Access Denied" How to troubleshoot when you are unable to access secure web sites (Secure Web sites are generally accessed by using a URL that includes the https:// protocol) or a web site that is not a trusted site. If you are installing some programs over the internet, the installation may fail with an “access denied” error if Internet Explorer determines that the web site is not a trusted site. You may receive a scripting error message when you browse a secure Web site that contains multiple frames How to troubleshoot an "access denied" or "permission denied" error message when you browse a secure Web site that contains multiple frames if Internet Explorer is configured to use a proxy auto-configuration (.pac) file. You cannot view a secure Web site in Internet Explorer 8 How to resolve issues related to viewing a secure web site with Internet Explorer 8. You cannot view, access, or load some webpages in Internet Explorer 8 or Internet Explorer 9 Beta This automated troubleshooter fixes issues related to webpages not loading or displaying as expected in Internet Explorer 8 and Internet Explorer 9 Beta. Internet Explorer Product Solution Center Visit the Internet Explorer Solution Center for support information including key resources, top issues, downloads, add-ons, support options, and support lifecycle details.

Reference: http://support.microsoft.com/gp/access-denied#tab0#phrss