One-Liner: Targeted Remote Group Policy Updates

Windows 2012 added one additional cmdlet to the PowerShell GroupPolicy module – Invoke-GPUpdate When used in conjunction with the ActiveDirectory PowerShell cmdlets we can easily target remote group policy updates. Here's a one-liner to run a Group Policy update on all Windows Server 2012 systems in a domain: Get-ADComputer -Filter {OperatingSystem -like 'Windows Server 2012*'} | ForEach-Object {Invoke-GPUpdate…

2

Using PowerShell to create a BPA Problem Report

In Microsoft Global Business Support we have a number of proactive health and risk assessments available to Microsoft Premier Support customers. These invaluable, technology-specific assessments are known as RAP as a Service (RaaS). If you don't have access to a Microsoft Premier Support contract you can still proactively assess your environment yourself, but in much less detail and without access to a Microsoft accredited Jedi or…

1

Active Directory Bulk User Modification

An old favourite! This is what automation is all about: making the tedious and the long-winded incredibly easy, and, dare I say, joyous! Your HR department gives you a dump of user names with email addresses and phone numbers to be updated in Active Directory. The dump is in the form of a CSV file and looks…

8

'Retire' Active Directory Non-LVR Group Members

Here's my latest 'Hey, Scripting Guy! Blog' outing. I talk about using the AD Replication cmdlets to easily find and remediate Non-LVR group members… Remediate Active Directory Members that Don't Support LVR   I've really geeked-out in this one, with references to one of my favourite films, Blade Runner – The Final Cut! Speaking of geeking-out… PoSh Chap:…


Prepopulate Passwords to RODCs with PowerShell

Hello! The sun is shining, spring has sprung and it’s nearly the weekend… life is sweet! Today, I’m going to talk about using the AD Replication cmdlets, introduced with Windows Server 2012, to prepopulate passwords to your RODCs. No more repadmin, no more DSA.msc… just pure, unadulterated PowerShell. Today gets better and better! Let’s begin… I…


To and Fro, Back and Forward Links

I seem to have acquired a post sack. It has the initials NP on it… Hmmm, what's inside? This one looks interesting…    "…Dear, Sir, How can I use PowerShell to check that a backlink is populated for an object in AD? Yours, faithfully, Mr Johnny Face…"   Well, Johnny, I just happen to have written a…


One-Liner: Active Directory Schema Version

  Rules rule! What's a directory service without schema?   This week I was asked about the Active Directory schema version for Windows Server 2012 R2.   Here’s how to get hold of it with PowerShell:   Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion     The cmdlet in brackets (Get-ADRootDSE) is executed first. The “.”is used to access…

2

PowerShell and Executable Output (with Boats)

What floats your boat? For me, it’s usually a body of water, but I also like being asked stuff about PowerShell. Here’s one such question: “How come in a forest with two domains each with two (2008R2) domain controllers I get the following results with PowerShell? (nltest /dclist:MyDomain)           – gives me the list of domain controllers for the…

4

One-Liner: Get a List of AD Users Password Expiry Dates

All good things come to an end. Rivers run their course, curtains fall and… passwords expire. We have epilogues, codas and an Active Directory constructed attribute named msDS-UserPasswordExpiryTimeComputed.  How can we use that attribute to get a list of enabled Active Directory accounts and their password expiry times?   Get-ADUser -filter {Enabled -eq $True -and…

48