Use PowerShell to generate token bloat report

Today you will find out how to create token bloat report and send it to specified email address. If you are working in large scale environment you may find this useful. Token bloat There is often a situation when some user is complaining that he is unable to access some corporate applications. After short investigation you can find that one of the reason for that might be large number of …

PowerShell one-liner: Find BitLocker key

As you probably know PowerShell is a powerful tool and getting BitLocker key is one of its capabilities. In this article you will find out how to use one-liner script based on ActiveDirectory module to gather BitLocker key information. The easiest way is to use Get-BitLockerVolume command but we need to have BitLocker module installed: Get-ADObject is one of the AD module commands which helps to gets an Active Directory …

PowerShell one-liner: Find AD user based on property

While working in Active Directory based environment you are often dealing with AD user accounts and probably using often Get-ADUser command. In this article I want to present several simple examples how to use it. Normally when we want to display user details we use -Identity : To list names of all available user properties we can use Get-Member command: The case will be a little bit different when we …

PowerShell one-liner: Get AD user groups

Starting from today we will add new series of articles describing one-liner scripts. In this post I would like to show you how to get group names that user is a member of using just one-liner script. Get-ADUser allows you to list all information for Active Directory user account. This command is a part of ActiveDirectory module where you can also see other commands. Check available modules on your PC: …

Test LDAP Connection with PowerShell

In this article you will find out how to test LDAP Connection to your domain controllers. It is very similar to previous post about Test-PortConnection function. In this example we will focus on making an LDAP connection using ADSI. On the beginning of function we need to check if DC name provided as a parameter is valid: Usage: Output: Final script:

ADSI – Searching for an user object in Active Directory

In this article you will learn how to use ADSI searcher. Script finds users based on samaccountnames and gathers their attributes. Instead of using AD cmdlets like Get-ADUser we can use ADSI search method which is much faster – it can be used when we have to query many users: In $SAMNames variable you have to add your AD users samaccountnames and in object part you can specify which attributes …

Get list of Domain Controllers from your domain

Today I would like to show you how to prepare Domain Controllers report using Data Table. To get all DC’s we will use ActiveDirectory module. Basically you can get list of all Domain Controllers from your domain using just two commands: In this example I wanted to show you how to create Data Table and send results to your email in formatted HTML table. Script apart from gathering DC’s properties …

Protect resources from accidental deletion

Today I want to share with you my script which will help protect resources from accidental deletion. In first way script is gathering all domains in Active Directory forest. Next OU and DNS zone objects which are unprotected are pulled out. Final step is setting flag ProtectedFromAccidentalDeletioin for those objects to $True. And this is how you should protect resources from accidental deletion. 🙂 Script: As script is scanning all …

Get members from all groups starting/ending or contains with search phrase

In this article you will find script for getting members from groups based on keyword. If your environment contains thousands of groups it might be difficult to find quickly specific groups and get their direct members. To do this you can use function pasted below. To find group members we can just use Get-ADGroup command: Apart from that script will check also members details like emailaddress and WhenChanged date: Usage: …

Get group membership details using PowerShell

As an administrator you often need to check user group membership. Today I want to show you simple function which will help you to get that information for specific user. On the beginning of function we can check if Active Directory module is installed and validate user name: For checking user group membership we can use the following Get-ADUser commands. Unfortunately they will return just group names: Our function helps …