Cleanup disabled users from AD Group/s

Cleanup disabled accounts from groups is one of the most boring job, and also take lots of time. Manually it’s almost impossible to maintain. Recently I had a request to perform such task for many groups, so, I wrote a script to do it automatically on behalf of me. I am now sharing this script, hoping this might help you as well.


This script will do following task automatically.

  • Get the members of a group.
  • Identify only users.
  • Identify disabled users.
  • Check every disabled users group memberships.
  • Remove the disabled users from that group.
  • Generate a report with status (success / failure).
  • Keep the report on your desktop.

Multi-Threading Super-Fast Disk Utilization Report using Background Jobs in PowerShell

Automate task using script is always helpful, it reduced human error and efforts, but sometimes it still takes a lots of time to execute same command on multiple remote servers one by one. For example, my disk utilization script, it works perfectly fine, but taking lots of time to generate report for thousands of servers. To get the result faster I started looking for using Background Jobs, and the result was really promising.


Earlier approx. for 500 servers, it took almost 10 to 15 seconds each and total more than 2 hours, and after using PS Background Jobs, it takes less than 5 minute to generate the report.
Continue reading

Task Scheduler Error “A specified logon session does not exist” – Fix via Command Line and PowerShell for Scripting

This is very know issue, if you search internet, you will get multiple blog post with same solution for this issue, and if you follow the steps, it actually resolve this issue.

In simple word, solution of this problem is

  1. Logon to the faulty system.
  2. Open SECPOL.MSC from Run
  3. Go to Security Settings | Local Policies | Security Options
  4. Open Network access: Do not allow storage of passwords and credentials for network authentication
  5. To resolve this issue, simply set this policy to Disabled.

But, my problem is little bit different, I was working on a script to validate the Local Admin password of multiple remote systems, I found best way to validate this is to create a ONSTART task with local admin credentials with schtasks.exe via PS Remoting (WSMan). Something like this

If the scheduled task created successfully, it means the local admin account authenticating. Now the problem is, when I was trying to run this remotely on multiple Windows 2008 R2 servers, I am getting “A specified logon session does not exist” and my script reporting wrong status. Solution is already available, but who will made those changes on hundreds of servers manually, and I am also not sure why this policy was enabled. So I don’t want made any permanent changes on all the servers for validating local admin password.

What I did is, logged on to a problematic system, and extracted the local security policy configuration using this command
Continue reading