Get restricted groups from GPO

Today I want to share you my function which will show you how to get restricted groups from GPO. In big Active Directory environments access to servers and workstations are usually managed by AD groups and group policies. Script which I prepared can help administrators to find which restricted groups have an acccess to servers/workstations in specific OU. How script works? Script is checking for all of the GPOs which …

PowerShell one-liner: Find AD user based on property

While working in Active Directory based environment you are often dealing with AD user accounts and probably using often Get-ADUser command. In this article I want to present several simple examples how to use it. Normally when we want to display user details we use -Identity : To list names of all available user properties we can use Get-Member command: The case will be a little bit different when we …

Check when user was added to AD group

Today I will show you script to check when user was added to AD group. Script is using functionality of repadmin tool to check when users were modified inside the group. Showobjmeta displays the replication metadata for a specified object stored in Active Directory, so it can be used not only for group membership checking. You can find other functionalities of this tool on TechNet site. Output from repadmin tool …

How to create your first Powershell GUI Tool

If you ever thought about creating your first PowerShell GUI tool, this article might be helpful for you. In this post you can find how to create simple tool for basic domain controller troubleshooting. At the end our tool should look like this: Below you can see how such GUI Tool is build using “System Windows Forms”. You can use it as a template for other purposes: On the beginning …

Add AD group to local administrators of the server

Today post will help you to understand how add AD group to local administrators. Below script in first way is searching Active Directory for servers with Windows Server OS (this can be filtered deeper with LDAP filter adjustment). Once all computers objects are gathered script create AD group. Name of the AD group uses pattern ADMComputerName. When AD group is created it’s added to local administrators group of the server. …

How to copy groups membership from reference account?

Recently I received task to copy groups membership from reference account. Function which I’ve prepared is not very complicated. To create this I used Active Directory module. In first step function gather memebrship of the reference user and save them in groups array. Once array is completed AD module function Add-ADGroupMember is used (for details check https://technet.microsoft.com/pl-pl/library/ee617210.aspx). Usage: Copy-GroupMemebrship -ReferenceAccount “SANofRefAccount” -ReferenceAccountServer “RefAccountServer” -AccountToChange “SANofAccToCahnge” -DomainAccountToChange “DomainofAccToChange” I hope it …