All the scripts are saved as .txt files. Newer files have a "View Script" button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use "Save Target As". Rename file from Name_ext.txt to Name.ext.
To see a full post after searching, please click on the title.
PowerShell Scripts were written with Version 3 or 4.
https connections are supported.
All new users accounts must be approved, as are comments. Please be patient. It is pretty easy to figure out my email address from the scripts, and you are welcome to contact me that way.
Top Posts & Pages
- Delete Inactive User Profiles with PowerShell
- Getting GPO GUID, Name from Active Directory
- Delete a List of Computer Accounts from Active Directory
- Scriptomatic on Windows 7 Solved
- Export DNS Server Records with PowerShell
- Convert data from Get-ADUser and Get-ADComputer for Export-CSV
- Programatically Uninstall Outlook Patch KB2412171
- Who Joined Computer Account to AD Domain
- Export PowerShell script output to Text with Out-Notepad
- LDAP Ping
Category Archives: Active Directory
You don’t have to rely on the Group Policy Module to resolve the display name of a GPO from the GUID, or the GUID from the display name. Here are two short functions that will get that information from Active … Continue reading
Undelete-ADObject.ps1 is a GUI form based script for undeleting user, computer, group, print queue, and contacts from Active Directory. You can display all of the objects of the selected type, or search by the name. I use this script frequently. … Continue reading
There are some delegations of permissions within Active Directory which cannot be made without extra effort. Some properties are flagged as hidden in a file called Dssec.dat, in %windir%\System32 on computers with the Active Directory Users and Computers (ADUC) MMC. … Continue reading
Clearing the GPO cache on a computer may be the only way to fix a persistent problem. Doing this involves deleting files, registry entries, and rebuilding the security database. Clear-GPOCache.ps1 works by creating a custom batch file on the remote … Continue reading
This snippet can be used for easier date formatting when using an LDAP date filter with PowerShell. This demonstrates how to get users created within the previous 30 days using LDAP:
$MaxDays = 30
$StartDate = (Get-date).AddDays(-$MaxDays)
#Set to begin at midnight
$ldapStart = $StartDate.GetDateTimeFormats().ToString().Replace("-",'')+'000000.0Z'
$LDAPFilter = "(WhenCreated>=$ldapStart)"
Get-aduser -LDAPFilter $ldapfilter -properties whencreated
There are a lot of ways to get the OU of the current computer, but most don’t work if you are outside your home domain. This code does, without requiring AD cmdlets:
#My Computername works anywhere in forest
$strFilter = "(&(objectCategory=Computer)(Name=$env:computername))"
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.Filter = $strFilter
$searchRootName = [system.directoryservices.activedirectory.forest]::GetCurrentForest().Name.ToString()
$SearchRoot = "GC://"+$SearchRootName
$objSearcher.SearchRoot = $SearchRoot
$objPath = $objSearcher.FindOne()
$dn = ($objPath.GetDirectoryEntry()).Path
$MyPCOU = $dn.Substring($dn.IndexOf("OU"),$dn.Length-$dn.IndexOf("OU"))
Update: 9/23/2017: You can also get this … Continue reading
When you load the Active Directory Module, you get, by default, an Active Directory PSDrive for the current domain. You can avoid the drive from loading by setting $Env:ADPS_LoadDefaultDrive = 0. When writing scripts to export and import AD delegations, connecting to … Continue reading
Get-AllGPOsLinkedToOU.ps1 returns a unique list of all GPO’s linked to an OU. You can also run a onelevel or subtree search to get a unique list of linked OUs at or below the selected OU. You are prompted for the … Continue reading
This script deletes the locally stored copies of GPOs and forces a GPUPdate on a computer. Reset-GPOCache.ps1 works by a remote connection to the registry provider to get the path to the Group Policy\History folder, then deletes the files beneath … Continue reading
The Get-GPResultantSetOfPolicy cmdlet in the GroupPolicy module of PowerShell has a parameter for a user name. Often I have no idea who has logged onto the computer. Get-RSOP.ps1 uses WMI to give you a pick list of users on the … Continue reading