The security for user account objects in an OU may drift over time. User accounts moved within the domain will retain delegations previously made, and user accounts created after schema extensions won’t have the same security as user accounts created earlier in time. Reset-UserAccountACLs.ps1 resets the security (ACLs) for user accounts within an OU to…
Tag: ActiveDirectory
Export and Import Delegated OU Permissions with PowerShell
There are some delegations of permissions within Active Directory which cannot be made without extra effort. Some properties are flagged as hidden in a file called Dssec.dat, in %windir%\System32 on computers with the Active Directory Users and Computers (ADUC) MMC. Dssec.dat is a hidden text file that can be viewed and modified with Notepad. When…
Remove Active Directory Delegations
Over time, Active Directory delegations tend to accumulate and drift from the standards in the enterprise. Removing the delegations for a user or group can be slow, especially if you do it manually. Microsoft has a good article about this process, but none of the methods I found did what I needed. I wanted a script which…
Adding Terminal Services Information to User Reports
Add-ADTSInfo.ps1 adds TerminalServicesHomeDrive, TerminalServicesHomeDirectory, TerminalServicesProfilePath and AllowLogon as additional members returned by a query of Active Directory user objects. As you may know, when looking at a user’s properties in the Active Directory Users and Computers MMC there is a tab for these fields. However, if you look at the properties of a user object, these…
Convert-ADValues updated
I’ve updated one of my favorite and most used PowerShell Scripts, Convert-ADValues. Read the revised post, here.
Enabling ISE and ActiveDirectory module on Windows 2008 R2 Member Server
So, I wrote a pretty cool script and sent it to a co-worker. I wrote it on a Windows 7 PC with the RSAT tools installed. My friend tried to run it on a 2008 R2 server with PowerShell 3.0, but the ActiveDirectory module would not load. I tried to edit the script, but ISE…