Find, Disable and Move 'Stale' User or Computer Accounts

  Ho! Ho! Ho! A gift from me to you! Well, it's not much of a gift, but it's the gesture that counts! Here's a gift function I wrote recently: Find, Disable and Move 'Stale' Active Directory Accounts   It helps you identify 'stale' user and computer accounts. It also allows you to disable those…


Strict Replication Consistency On New Domain Controllers

Last time out I talked about Content Freshness and likened it to Strict Replication Consistency. This time out… more on Strict Replication Consistency (SRC)… For those folks with forests that have been around since Windows Server 2000, there's a check you can perform with PowerShell to see if your newly created domain controllers will have SRC automatically enabled.  #Create a string for…


Use PowerShell to Check and Configure DFSR Content Freshness

Every morning I have a PoSh shower – I like to feel fresh – but did you know that DFSR servers like to be fresh, too? Now, I'm not advocating showering with your DFSR servers – that would be weird, plus water and hardware isn't a good combination… rather, know that each DFSR server has a setting that's defines a threshold after…


Tidy Up That Pesky Computers Container with PowerShell

Another customer question (they're keeping the PoSh Chap blog in business)! By default, when a computer account is created it gets placed in the Computers container.     Now, experience tells me that some folks aren't good at moving these computers to a production OU and as they're in a container Group Policies won't be applied.  In fact, I've heard…


Scripting Tips and Tricks: Param()

Param() – the next instalment in the exciting Scripting Tips and Tricks series! I'm a tidy person: tidy desk, tidy mind, and all that jazz. I believe in being as thorough and proper in my scripts and functions as possible. To that end, I delight in using PowerShell features such as: #Requires… to ensure certain conditions…


Use PowerShell to Check for High Privilege Group Membership

Here’s my latest ‘Hey, Scripting Guy! Blog’ outing: Use PowerShell to Search Active Directory for High-Privileged Accounts   It’s the second in a four-part series on securing and optimising RODC administration. Here’s the first post: Use PowerShell to Work with RODC Accounts Here’s some more background: Security TechCenter  

Verify Active Directory Group Naming Standards

I love the stuff customers ask me! This week one of the chaps relatively new to PowerShell wanted some code to check for deviations from the organisation's group naming standards. A simple enough task, I thought, one he could accomplish with some pointers from me. My metaphorical gauntlet was thrown…   In the meantime, I'd write a little something myself….

One-Liner: Active Directory Protected Objects

This week I was asked how to get a list of Active Directory protected objects with PowerShell. Protected objects can’t be deleted as they are critical to the health of Active Directory. The easiest way I could think of is to use Get-ADObject with a specific LDAP filter. Get-ADObject -LDAPFilter “(&(objectcategory=*)(systemflags:1.2.840.113556.1.4.803:=2147483648))” Here’s some output. Notice…


Scripting Tips and Tricks: CmdletBinding()

It’s been a little while since we’ve had a Scripting Tips and Tricks post… and, boy, what a topic to return on – CmdletBinding! The last Tips and Tricks post talked about using Write-Verbose in scripts and advanced functions. It’s just one of the features enabled with CmdletBinding. Here’s a snippet of what I had to say last time out:…