ADPoSh: Find and Fix AdminSDHolder Orphans (AdminCount)

What exactly is an AdminSDHolder Orphan?  This occurs when a security principle/object (User, Group, Computer) in Active Directory gets removed from one of the Privileged Built-in Groups (Protected Groups) in Active Directory, whether directly or nested. To understand this more read up on AdminCount, SDProp or AdminSDHolder topics.  In a nutshell every hour a process…

0

AzureADPoSh: Azure AD Applications Password Expirations

  Quick Post, I was recently asked how to find all the Application’s Password Expiration Date in Azure AD.  I’m not going to cover what this is or what this is used for (Integrating applications with Azure Active Directory) but if you open Azure AD and navigate to the Registered Applications and select one of…

0

PoSh: Working with Internal NuGet Repositories

  One thing that seems to interest even the most advance PowerShell user is the concept of having an Internal Repository of scripts for their team to share and have version control over.  I will say for a Sys Admin this has been a very challenging experience in figuring out what to use and I…

0

Active Directory Powershell: Quick tip LastLogonTimeStamp and pwdLastSet

  Here is a quick tip on how to quickly convert properties like LastLogonTimeStamp and pwdLastSet into readable results in your PowerShell Script. The problem, when running commands like get-aduser or get-adcomputer, results of fields are unreadable and require additional formatting in order to read. Example: get-aduser chad -properties lastlogontimestamp,pwdLastSet | select samaccountname, lastlogontimestamp,pwdLastSet There…

4

Powershell – Useful Azure AD queries using the AzureAD Module

  It’s been a while since I have posted and wanted to share some queries I’m using for Azure AD to collect information.  As an Active Directory Admin, I have spent a lot of time with the active directory PowerShell module and I’ve been finding the Microsoft Online and AzureAD PowerShell module’s to be at…

2

Powershell – Get Domain Controllers Scheduled Task

Real quick post for the day. This script is designed to enumerate every Domain Controller in a forest and retrieve all the scheduled task.  Note this script will not work if you run it from Windows 2008 R2 or Windows 7.  You would need to change the script to use get-wmiobject instead.    $default_log =…

0

Powershell – Copy ObjectGuid to MS-DS-ConsistencyGuid

  Not going to go into much detail on why this is needed just wanted to provide a quick and easy solution to automate this task via PowerShell.  If you plan on leveraging this to handle forest migrations and plan to use the MS-DS-ConsistencyGuid as a source anchor in Azure AD make sure to research…

5

Powershell – What Active Directory Sites and Subnets are being used?

Why reinvent the wheel?  The reason I ask this is I ran into an interesting challenge and wanted to share how I solved this issue. Active Directory does very little to provide Domain Admins with the capability to audit the use of sites and or even the subnets that are actually being used.  This can…

3

Active Directory Reporting – Create a password age report

  Security is becoming one of the bigger topics as of late in regards to Active Directory.  While working with other admins I am finding more and more Admins do not know what kind of state user account passwords are in the environment.  Here is a PowerShell script I use to help Admins find out…

1

Chad’s Quick Notes – Installing a Domain Controller with Server 2016 Core

  I will admit with Windows Server 2012 R2 I usually installed the full gui version and then once I had the server the way I wanted it, I would uninstall the gui.  With this no longer being possible with Windows Server 2016 I had to dust off my notes on how to leverage sconfig…

14