The security for user account objects in an OU may drift over time. User accounts moved within the domain will retain delegations previously made, and user accounts created after schema extensions won’t have the same security as user accounts created earlier in time. Reset-UserAccountACLs.ps1 resets the security (ACLs) for user accounts within an OU to…
Report GPOs with Script References
How quickly can you answer this question: Which Group Policies reference batch files, vbscripts, or PowerShells? What is the best way to get the information and present it into a spreadsheet? I did it by searching SysVol for the script.ini and psscript.ini files, then reading the contents for the script path, command line and parameters. …
Using Workflows to Multithread AD Queries
I am frequently called on for Active Directory reports for all domains in the forest. This code shows you how to use a workflow to easily do this, adding the domain data into the results: WorkFlow Run-wfADQuery { param([string[]]$Domains,[string]$filter) ForEach -parallel ($Domain in $Domains){ InLineScript { $userList =get-aduser -filter $using:filter -server $using:Domain @(Foreach ($user in…
Launch the Group Policy Editor Outside the MMC
It is annoying that there isn’t a command line for the Group Policy Editor. To edit a GPO you must 1) open the Group Policy Management Console, 2) Open the list of Group Policies, 3) select the GPO you want to edit then 4) launch the editor – I right click and select ‘edit’. A…
Delete User Profiles Interactively with PowerShell
Last week, one of my administrators was complaining at how involved it was to remove a profile on a remote user’s computer. A little over two years ago, I wrote Delete Inactive Profiles, as a substitute for DelProf for post Windows XP OS. That script is an advanced function, and was designed to remove stale…
Getting GPO GUID, Name from Active Directory
You don’t have to rely on the Group Policy Module to resolve the display name of a GPO from the GUID, or the GUID from the display name. Here are two short functions that will get that information from Active Directory. The first will return the GPO displayname attribute from a GUID. The GUID (sometimes…
Undelete-ADObject
Undelete-ADObject.ps1 is a GUI form based script for undeleting user, computer, group, print queue, and contacts from Active Directory. You can display all of the objects of the selected type, or search by the name. I use this script frequently. It has a test mode, plus logging.
Sort Clipboard Text with PowerShell
Sort-ClipText.ps1 reads the text in your clipboard, sorts it, and creates a new sorted item in your clipboard. Note that the split statement is a regular expression. The pipe character represents the logical OR. I also used splitstringoptions to remove the empty lines after sorting. (Get-ClipBoardText).tostring().Split(“`r`n|`r|`n”,[System.StringSplitOptions]::RemoveEmptyEntries)
Export to Textbox with Out-TextBox
Out-TextBox.ps1 is an advanced function which outputs object to a resizable text box for display. Not much more I can say about it, except that you can copy the text in the box.
Get-ADSystemInfo – Wrapping the ADSystemInfo ComObject
When I was writing in vbscript, I often used the ADSystemInfo ComObject. It is a quick and easy way to get these properties: Current user’s distinguished name, Current computer’s distinguished name, the site name, the Domain short (NetBIOS) Name, the domain DNSName, the forest DNSName, the PDC Role Owner, the Schema Role Owner, and whether…