Use Set-ADUser command to update user attributes

How to use Set-ADUser command? Updating user properties manually can be time consuming. This is why its good to have a script for bulk modifications. One of the ActiveDirectory module command is called Set-ADUser and it allows us to modify user properties. Below you can find script for adding or updating AD user mobile phone. To update phone number for one specific user we can just run the following command: …

Identify Azure AD provisioning errors

In this article I want to show you how to identify Azure AD provisioning errors during sync. One of the feature of Azure Active Directory is identifying issues caused by conflicts during run one of the synchronization tools. Usually this kind of issues are caused by two attrbiutes UserPrincipalName and ProxyAddress which should be unique for objects like Users or Groups in one Azure AD tenant. Identifying Azure AD provisioning …

Get restricted groups from GPO

Today I want to share you my function which will show you how to get restricted groups from GPO. In big Active Directory environments access to servers and workstations are usually managed by AD groups and group policies. Script which I prepared can help administrators to find which restricted groups have an acccess to servers/workstations in specific OU. How script works? Script is checking for all of the GPOs which …

Use PowerShell to generate token bloat report

Today you will find out how to create token bloat report and send it to specified email address. If you are working in large scale environment you may find this useful. There is often a situation when some user is complaining that he is unable to access some corporate applications. After short investigation you can find that one of the reason for that might be large number of group membership. …

PowerShell one-liner: Find BitLocker key

As you probably know PowerShell is a powerful tool and getting BitLocker key is one of its capabilities. In this article you will find out how to use one-liner script based on ActiveDirectory module to gather BitLocker key information. The easiest way is to use Get-BitLockerVolume command but we need to have BitLocker module installed: Get-ADObject is one of the AD module commands which helps to gets an Active Directory …

PowerShell one-liner: Find AD user based on property

While working in Active Directory based environment you are often dealing with AD user accounts and probably using often Get-ADUser command. In this article I want to present several simple examples how to use it. Normally when we want to display user details we use -Identity : To list names of all available user properties we can use Get-Member command: The case will be a little bit different when we …

Check when user was added to AD group

Today I will show you script to check when user was added to AD group. Script is using functionality of repadmin tool to check when users were modified inside the group. Showobjmeta displays the replication metadata for a specified object stored in Active Directory, so it can be used not only for group membership checking. You can find other functionalities of this tool on TechNet site. Output from repadmin tool …

PowerShell one-liner: Get AD user groups

Starting from today we will add new series of articles describing one-liner scripts. In this post I would like to show you how to get group names that user is a member of using just one-liner script. Get-ADUser allows you to list all information for Active Directory user account. This command is a part of ActiveDirectory module where you can also see other commands. Check available modules on your PC: …

Test LDAP Connection with PowerShell

In this article you will find out how to test LDAP Connection to your domain controllers. It is very similar to previous post about Test-PortConnection function. In this example we will focus on making an LDAP connection using ADSI. On the beginning of function we need to check if DC name provided as a parameter is valid: Usage: Final script:

ADSI – Searching for an user object in Active Directory

In this article you will learn how to use ADSI searcher. Script finds users based on samaccountnames and gathers their attributes. Instead of using AD cmdlets like Get-ADUser we can use ADSI search method which is much faster – it can be used when we have to query many users: In $SAMNames variable you have to add your AD users samaccountnames and in object part you can specify which attributes …