Practical PowerShell Security: Enable Auditing and Logging with DSC

PowerShell Security Almost two years ago Lee Holmes released his famous PowerShell ♥ the Blue Team whitepaper. This is required reading for anyone who works with PowerShell at all in their job or who is concerned about the security of PowerShell in their environment. I outlined a number of PowerShell security-related resources in this previous…


Forensics: Automating Active Directory Account Lockout Search with PowerShell (an example of deep XML filtering of event logs across multiple servers in parallel)

Overview Today we learn how to efficiently filter event log queries, going beyond simple event ID filtering into the specific values of the XML message data. Then we will run this filter against multiple servers in parallel for faster data collection. This posts meets the following objectives: Add some efficiencies to my previous popular post…


PSHSummit: Managing PowerShell in the Enterprise Using Group Policy

PowerShell Summit North America 2015 Do you want to meet other people enthused about PowerShell? Do you wish you had access to experts who could answer all of your PowerShell questions… in person? Yes? The PowerShell Summit is your opportunity hosted in the United States and Europe each year. I highly recommend that you follow…


Forensics: Audit Group Policy Links and Changes with PowerShell

Honorary Scripting Guy I would like to thank Ed and Teresa Wilson, the Microsoft Scripting Guy and the Scripting Wife, for bestowing upon me the title of Honorary Scripting Guy. This was a humbling surprise. It has been a joy to share my scripting passion with the community, and I will continue to do so….


Forensics: Monitor Active Directory Privileged Groups with PowerShell

Someone just now added Jimmy to the Domain Admins group! How do I know? Because I used PowerShell to check. Let me show you how. Some of the best customers that I visit get email pages when high value group memberships change. Obviously this is strongly encouraged for IT shops of any size. Of course…


Microsoft Virtual Academy: Using PowerShell for Active Directory

Welcome! Today’s post includes demo scripts and links from the Microsoft Virtual Academy series: Using PowerShell for Active Directory. Go watch the videos here. We had a great time creating this for you, and I hope you will share it with anyone needing to ramp up their AD PowerShell skills. I really enjoyed working with PowerShell…


Oh Snap! Active Directory Attribute Recovery With PowerShell

The Problem Have you ever had to repopulate a batch of corrupted attributes for a large set of Active Directory objects? (Think Exchange or Lync, for example.) The Active Directory Recycle Bin is great for recovering deleted objects, but it will not help with corrupted objects. Authoritative restore is the textbook option, but there is…


Back To The Future: Working with date data types in Active Directory PowerShell

Crazy Dates Set your watch for January 1, 1601, Marty.  Today we’re working with crazy dates in Active Directory PowerShell. If you have ever tried to script out Active Directory reports that included date fields, then you have likely run into this challenge.  There are “real” dates, and then “those” dates.  You know… the ones…


PowerShell Active Directory Schema Report

Last year I published a script on the Hey Scripting Guy blog to review the AD schema.  This comes in handy when you want a report on the history of schema changes in your forest and the related OIDs.  The script lives on the TechNet Script Gallery, and I keep it updated with new product…