Alan's Blog

"Yeah. I wrote a script that will do that."

Remove Active Directory Delegations

Posted on February 25th, 2017

Over time, Active Directory delegations tend to accumulate and drift from the standards in the enterprise.  Removing the delegations for a user or group can be slow, especially if you do it manually.  Microsoft has a good article about this process, but none of the methods I found did what I needed.  I wanted a script which could look at all or selected OUs in AD for a delegation, and then delete them all.

Remove-DelegatedOUPermissions.ps1 is an advanced function which can be used to report and remove assigned delegated permissions from OU objects and containers.  You can choose the domain and searchbase, and you can search for full name or partial matches.  For example, if you wanted to report on or delete the delegations for Site1PWAdmins and Site2PWAdmins, you could simply specify “PWAdmins”.  The search is case-insensitive, and you can search for more than one string by separating your search terms with a comma.

This function always creates a log file.  The default name is derived from the domain name, and the default location is the desktop.  The function requires the ActiveDirectory module, but unlike Set-ACL, it can be used to write permissions in another domain.  It supports WhatIf, and a confirmation is required before you commit changes.  Because it is an advanced function, you can use Get-Help for details about use.

Script Text

Tags: , , ,
Filed under Active Directory, Alan's Favorites, Functions, My Best, PowerShell, Scripting, Security, Windows Administration | No Comments »

Adding Terminal Services Information to User Reports

Posted on February 4th, 2017

Add-ADTSInfo.ps1 adds TerminalServicesHomeDrive, TerminalServicesHomeDirectory, TerminalServicesProfilePath and AllowLogon as additional members returned by a query of Active Directory user objects.  As you may know, when looking at a user’s properties in the Active Directory Users and Computers MMC there is a tab for these fields.  However, if you look at the properties of a user object, these items simply aren’t there.  There are a few articles and scripts addressing this problem, and you will find that the only way to get the data is by binding to each individual user object and using the a method like this: $ADSIUser.psbase.InvokeGet(‘TerminalServicesProfilePath’).

My script differs from others in that you can pipe an object containing user objects with any properties, and it will add the fields listed above to your results.  I added sorting of the new resulting so that the property names are in order.  This is an advanced function with comment based help.

Script Text

Tags: , , ,
Filed under Active Directory, Functions, PowerShell, Scripting | No Comments »

Convert-ADValues updated

Posted on January 1st, 2014

I’ve updated one of my favorite and most used PowerShell Scripts, Convert-ADValues.  Read the revised post, here.

Tags: ,
Filed under Active Directory, Alan's Favorites, PowerShell, Windows Administration | No Comments »

Enabling ISE and ActiveDirectory module on Windows 2008 R2 Member Server

Posted on August 23rd, 2013

So, I wrote a pretty cool script and sent it to a co-worker.  I wrote it on a Windows 7 PC with the RSAT tools installed.  My friend tried to run it on a 2008 R2 server with PowerShell 3.0, but the ActiveDirectory module would not load.  I tried to edit the script, but ISE would not load.  After some research, I found a couple of one-liners:

#Installs AD Module and ISE on 2008 R2 server
import-module servermanager
add-WindowsFeature PowerShell-ISE
add-WindowsFeature RSAT-AD-Tools
									

For me the RSAT tools required a reboot.  It is not clear to me whether the ISE also requires a reboot.

Tags: ,
Filed under Active Directory, PowerShell, Windows Administration | No Comments »

Please Note

All the scripts are saved as .txt files. Newer files have a "View Script" button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use "Save Target As". Rename file from Name_ext.txt to Name.ext.

To see a full post after searching, please click on the title.

PowerShell Scripts were written with Version 3 or 4.

https connections are supported.

All new users accounts must be approved, as are comments. Please be patient. It is pretty easy to figure out my email address from the scripts, and you are welcome to contact me that way.

Site Search

Categories

Archives

SQL Site

Bad Behavior has blocked 268 access attempts in the last 7 days.