Alan's Blog

"Yeah. I wrote a script that will do that."

Create an AD Drive for Specified Domain

Posted on April 16th, 2017

When you load the Active Directory Module, you get, by default, an Active Directory PSDrive for the current domain.   You can avoid the drive from loading by setting $Env:ADPS_LoadDefaultDrive = 0. When writing scripts to export and import AD delegations, connecting to this remote drive became important to me. Here is an example of the code I used:

Tags: , ,
Filed under Active Directory, Functions, PowerShell, Scripting | No Comments »

Get All GPOs Linked to an OU

Posted on March 1st, 2017

Get-AllGPOsLinkedToOU.ps1 returns a unique list of all GPO’s linked to an OU. You can also run a onelevel or subtree search to get a unique list of linked OUs at or below the selected OU. You are prompted for the domain, and navigate to desired OU.
Script Text

Tags: ,
Filed under Active Directory, Group Policy Objects, PowerShell, Windows Administration | No Comments »

Reset GPO Cache

Posted on March 1st, 2017

This script deletes the locally stored copies of GPOs and forces a GPUPdate on a computer. Reset-GPOCache.ps1 works by a remote connection to the registry provider to get the path to the Group Policy\History folder, then deletes the files beneath that path. This ensures a fresh application of group polices.

Script Text

Tags: ,
Filed under Active Directory, Group Policy Objects, PowerShell, Windows Administration | No Comments »

Get Resultant Set of Polices (RSOP) with User Selection

Posted on March 1st, 2017

The Get-GPResultantSetOfPolicy cmdlet in the GroupPolicy module of PowerShell has a parameter for a user name.  Often I have no idea who has logged onto the computer.  Get-RSOP.ps1 uses WMI to give you a pick list of users on the remote computer and then passes that to the user parameter of Get-GPResultantSetOfPolicy.

Script Text

Tags: ,
Filed under Active Directory, Group Policy Objects, PowerShell, Scripting, Windows Administration | No Comments »

Remove Active Directory Delegations

Posted on February 25th, 2017

Over time, Active Directory delegations tend to accumulate and drift from the standards in the enterprise.  Removing the delegations for a user or group can be slow, especially if you do it manually.  Microsoft has a good article about this process, but none of the methods I found did what I needed.  I wanted a script which could look at all or selected OUs in AD for a delegation, and then delete them all.

Remove-DelegatedOUPermissions.ps1 is an advanced function which can be used to report and remove assigned delegated permissions from OU objects and containers.  You can choose the domain and searchbase, and you can search for full name or partial matches.  For example, if you wanted to report on or delete the delegations for Site1PWAdmins and Site2PWAdmins, you could simply specify “PWAdmins”.  The search is case-insensitive, and you can search for more than one string by separating your search terms with a comma.

This function always creates a log file.  The default name is derived from the domain name, and the default location is the desktop.  The function requires the ActiveDirectory module, but unlike Set-ACL, it can be used to write permissions in another domain.  It supports WhatIf, and a confirmation is required before you commit changes.  Because it is an advanced function, you can use Get-Help for details about use.

Script Text

Tags: , , ,
Filed under Active Directory, Alan's Favorites, Functions, My Best, PowerShell, Scripting, Security, Windows Administration | No Comments »

Adding Terminal Services Information to User Reports

Posted on February 4th, 2017

Add-ADTSInfo.ps1 adds TerminalServicesHomeDrive, TerminalServicesHomeDirectory, TerminalServicesProfilePath and AllowLogon as additional members returned by a query of Active Directory user objects.  As you may know, when looking at a user’s properties in the Active Directory Users and Computers MMC there is a tab for these fields.  However, if you look at the properties of a user object, these items simply aren’t there.  There are a few articles and scripts addressing this problem, and you will find that the only way to get the data is by binding to each individual user object and using the a method like this: $ADSIUser.psbase.InvokeGet(‘TerminalServicesProfilePath’).

My script differs from others in that you can pipe an object containing user objects with any properties, and it will add the fields listed above to your results.  I added sorting of the new resulting so that the property names are in order.  This is an advanced function with comment based help.

Script Text

Tags: , , ,
Filed under Active Directory, Functions, PowerShell, Scripting | No Comments »

Get the NetBIOS AD Domain Name from the FQDN

Posted on January 30th, 2017

I hate using NameTranslate, because it is a COM object, and because the output is often really hard to get into a clean, trimmed string.  The netBIOS name isn’t a part of the AD domain object, but I suspected that the information could be gotten using a LDAP query.  My searching lead me to a post on StackFlow.  It wasn’t PowerShell, but it did give me an interesting hint.  The filter’s objectcategory was “CrossRef”.  I used this to port the code to PowerShell:

This query is quick, and avoids the formatting problems with NameTranslate.  There is a large table of LDAP queries on TechNet, but this one isn’t in the list.

Tags: , ,
Filed under Active Directory, Functions, PowerShell, Scriptlets, Windows Administration | No Comments »

Convert System.DirectoryServices.SearchResult to a PSObject

Posted on December 25th, 2016

The ADSI accelerator is fast, and built into PowerShell, unlike the Active Directory Module.  When use it, or the ADSISearcher, you have results which look like this [Image from previous Microsoft URL]:

FindAll Results

Getting the properties out to a file can be tricky.  I wrote two little functions to make this easier:

Get-AllDNSServersInForest.ps1, demonstrates how to use these functions.  It uses the ADSI accelerator to create the ADSI Searcher, then  sends a list of all DNS servers in the forest to Out-Gridview, by using the query “(servicePrincipalName=DNS*)”
Script Text

Tags: , ,
Filed under Active Directory, Functions, PowerShell, Scripting | No Comments »

Test Replication – A PowerShell Wrapper for RepAdmin

Posted on December 10th, 2016

Repadmin is a standard tool in an AD admin’s toolbox, and “showrepl” displays the status of replication in your domain. The results of this command are quite verbose, and can make your eyes glaze over in late night troubleshooting.  A number of people have noticed that you can pipe RepAdmin CSV output to the ConvertFrom-CSV cmdlet in PowerShell. I wanted a little more than what others had done. The script below is my effort.  It (naturally) requires repadmin and the Out-Gridview cmdlet.

Tags: , ,
Filed under Active Directory, PowerShell, Scripting, Windows Administration | No Comments »

Remove DNS Host Record and PTR with PowerShell

Posted on December 10th, 2016

You have been asked, “Please remove the host record for these 15 computers, plus their associated PTR records”.  It isn’t a difficult task, but it can be time consuming, especially if you have a large DNS database.  The in-addr.arpa bit can be annoying to do over and over again.  When I first decided to automate this task, I went looking to see who had done something similar before, and found https://rcmtech.wordpress.com/2014/02/26/get-and-delete-dns-a-and-ptr-records-via-powershell/.  My code, Remove-DNSRecord.ps1,  is based on his, and extends it by searching all zones, and by creating an advanced function.  The script relies on the PowerShell DNSServer Module, which is available on Server 2008 and later.
Script Text

Tags: , ,
Filed under Active Directory, Windows Administration | No Comments »

Please Note

All the scripts are saved as .txt files. Newer files have a "View Script" button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use "Save Target As". Rename file from Name_ext.txt to Name.ext.

To see a full post after searching, please click on the title.

PowerShell Scripts were written with Version 3 or 4.

https connections are supported.

All new users accounts must be approved, as are comments. Please be patient. It is pretty easy to figure out my email address from the scripts, and you are welcome to contact me that way.

Site Search

Categories

Archives

SQL Site

Bad Behavior has blocked 169 access attempts in the last 7 days.