Use Set-ADUser command to update user attributes

How to use Set-ADUser command? Updating user properties manually can be time consuming. This is why its good to have a script for bulk modifications. One of the ActiveDirectory module command is called Set-ADUser and it allows us to modify user properties. Below you can find script for adding or updating AD user mobile phone. To update phone number for one specific user we can just run the following command: …

Get restricted groups from GPO

Today I want to share you my function which will show you how to get restricted groups from GPO. In big Active Directory environments access to servers and workstations are usually managed by AD groups and group policies. Script which I prepared can help administrators to find which restricted groups have an acccess to servers/workstations in specific OU. How script works? Script is checking for all of the GPOs which …

Use PowerShell to generate token bloat report

Today you will find out how to create token bloat report and send it to specified email address. If you are working in large scale environment you may find this useful. There is often a situation when some user is complaining that he is unable to access some corporate applications. After short investigation you can find that one of the reason for that might be large number of group membership. …

PowerShell one-liner: Find BitLocker key

As you probably know PowerShell is a powerful tool and getting BitLocker key is one of its capabilities. In this article you will find out how to use one-liner script based on ActiveDirectory module to gather BitLocker key information. The easiest way is to use Get-BitLockerVolume command but we need to have BitLocker module installed: Get-ADObject is one of the AD module commands which helps to gets an Active Directory …

PowerShell one-liner: Find AD user based on property

While working in Active Directory based environment you are often dealing with AD user accounts and probably using often Get-ADUser command. In this article I want to present several simple examples how to use it. Normally when we want to display user details we use -Identity : To list names of all available user properties we can use Get-Member command: The case will be a little bit different when we …

PowerShell one-liner: Get AD user groups

Starting from today we will add new series of articles describing one-liner scripts. In this post I would like to show you how to get group names that user is a member of using just one-liner script. Get-ADUser allows you to list all information for Active Directory user account. This command is a part of ActiveDirectory module where you can also see other commands. Check available modules on your PC: …

Test LDAP Connection with PowerShell

In this article you will find out how to test LDAP Connection to your domain controllers. It is very similar to previous post about Test-PortConnection function. In this example we will focus on making an LDAP connection using ADSI. On the beginning of function we need to check if DC name provided as a parameter is valid: Usage: Final script:

ADSI – Searching for an user object in Active Directory

In this article you will learn how to use ADSI searcher. Script finds users based on samaccountnames and gathers their attributes. Instead of using AD cmdlets like Get-ADUser we can use ADSI search method which is much faster – it can be used when we have to query many users: In $SAMNames variable you have to add your AD users samaccountnames and in object part you can specify which attributes …

Get list of Domain Controllers from your domain

Today I would like to show you how to prepare Domain Controllers report using Data Table. To get all DC’s we will use ActiveDirectory module. Basically you can get list of all Domain Controllers from your domain using just two commands: In this example I wanted to show you how to create Data Table and send results to your email in formatted HTML table. Script apart from gathering DC’s properties …

Protect resources from accidental deletion

Today I want to share with you my script which will help protect resources from accidental deletion. In first way script is gathering all domains in Active Directory forest. Next OU and DNS zone objects which are unprotected are pulled out. Final step is setting flag ProtectedFromAccidentalDeletioin for those objects to $True. And this is how you should protect resources from accidental deletion. 🙂 Script: As script is scanning all …