Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # DisableKerbGroupCompression.ps1
- # http://support.microsoft.com/kb/2774190
- #
- # Script to Disable Kerberos Group SID Compression
- #
- param( $principalName)
- $newValue = 0
- # Get the AD principal and value
- $obj = get-adobject -Filter {(cn -like $principalName)} -Properties *
- if($obj -eq $null)
- {
- Write-Host "Cannot find $principalName in the directory"
- break
- }
- $newValue = $value = $obj."msDS-SupportedEncryptionTypes"
- $msgBefore =$msgAfter = "Resource group compression status on principal {0}: " -f $principalName
- if( ($value -band 0x0080000) -eq 0)
- {$msgBefore += "Enabled"}
- else
- {$msgBefore += "Disabled"}
- Write-Host $msgBefore
- if( ($value -band 0x00080000) -eq 0) #enable the disable bit
- {$newValue = $value -bor 0x00080000}
- if($newValue -ne $value) #update if values are different
- {
- Set-ADObject $obj -Replace @{"msDS-SupportedEncryptionTypes"=$newValue}
- if( ($newvalue -band 0x0080000) -eq 0)
- {$msgAfter += "Enabled"}
- else
- {$msgAfter += "Disabled"}
- Write-Host $msgAfter
- }
- else
- { Write-Host "Resource group compression did not change."}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement