If you are in a large environment, you may be deploying group policies to multiple domains. How can you track the deployment status of the deployment? With Get-GPOdeploymentStatus.ps1, you can enter the name of the GPO, then have all domains queried to discover if it has been installed, who installed it, when it was last…
Get Security Set on AD Object
It’s been a while, gentle reader, since my last post. It isn’t that I haven’t been writing code, but rather that much of what I write is for internal use only. Recently I was asked to write a PowerShell script to show the advanced security for any AD object, without relying on the ActiveDirectory module….
A Fast Secure Password Generator
This PowerShell one-line generates a reasonably secure password from the characters in the system’s Path. Here I am replacing the space character with the tilde ~ for additional complexity. Get-Enumerator returns each character of the path individually. You can set the password length as the value for the count parameter. $pw = [array](($env:Path).Replace(‘ ‘,’~’).getenumerator() |…
Get Active Directory Forest Domain Controllers
Like the other script posted today, this was written to help out the networking team with a simple inventory of DCs in a large Active Directory forest. It queries all domains in the forest, creating a CSV file with the Domain, DC name, IP Address, OS, AD Site and Roles. It can optionally ping the…
Get Sites and Subnets in AD Forest
The script below was written so the networking staff would be able to always have a current list of the AD Sites and Subnets, without relying on the Active Directory Module. <# Get-ADSubnets.ps1 Alan Kaplan 1/24/20 Get list of AD Subnets in Forest Does not rely on AD module or admin rights #> #Default logfile…
Tips for Implementing Group Managed Service Accounts in an AD Forest
TLDR: Group Managed Service Accounts (gMSAs) are limited to the domain in which they are created. gMSAs are not reported by Get-ADUser. Managed Service Accounts (MSAs) were introduced in Server 2008 R2 to allow for system managed password changes of service accounts. Group Managed Service Accounts were introduced in Server 2012 as an improvement to…
PowerShell and Process Owners
If you are running as an administrator, it is easy to get the owner associated with a process using PowerShell: Get-Process -IncludeUserName. Get-Process gets information from System.Diagnostics.Process, not WMI. But you can get similar information from WMI, even if you aren’t an administrator. We had a little debate about this in our last Charlotte PowerShell…
Get WMI Namespaces with PowerShell
Here is a quick way to get a list of WMI namespaces on a computer using PowerShell. Notice that this requires that you run it as an administrator. #Requires -RunAsAdministrator Function Get-WMINamespaceEnum ($NS) { Write-Output $ns Get-CimInstance “__Namespace” -Namespace $NS -ErrorAction SilentlyContinue | ForEach-Object { Get-WMINamespaceEnum “$ns\$($_.name)” } } #Example Get-WMINamespaceEnum ‘root’ | Sort-Object The…
Two Column WPF Form to Select Items or Properties
Many of my scripts are written for other people to do Active Directory reporting. One of my goals in supporting them is to give them as much flexibility in the data returned with the minimum amount of custom coding required. Convert-ADValues (which I will update soon), outputs friendly dates and expanded information for certificates,…
Find the AD Site from an IP Address
“What AD site is this IP address in?” If you are in a small single forest single Active Directory domain, the answer is easy. If you have multiple forests or many domains, you may find yourself running to a spreadsheet to get the answer. My teammate Ryan suggested using NLTest: nltest /dsaddresstosite:192.168.1.10, which gives you…