One-Liner: Use PowerShell to Verify Domain Controller Location

It’s generally a bad thing if a domain controller isn’t in the domain controllers OU. For example, the default domain controllers policy may not be applied. Here’s a cheeky one-liner to check you’re good:   Get-ADDomainController -Filter * | ForEach-Object { if ($_.ComputerObjectDN -notmatch “CN=$($_.Name),OU=Domain COntrollers,$($_.DefaultPartition)”) { Write-Output “$($_.Name) computer object DN set to $($_.ComputerObjectDN)” }…

1

PowerShell and _MSDCS Recovery

Oh, no! Someone's blatted the _MSDCS zone from DNS! The _MSDCS zone hosts the domain controller locator DNS resource records for all the domain controllers in an Active Directory forest – it's a key part of how clients find domain controller services. This unfortunate deletion has been replicated to all domain controllers. What to do?   Call your friendly, neighbourhood PowerShell!…

0

One-Liner: Domain Controller Patch Levels

Before performing work against your Active Directoy, it's prudent to complete a few checks, e.g. is replication healthy, are my FSMOs up, do I have up-to-date, verified backups etc? Here's a one-liner to give you a view of whether your patch levels are consistent: Get-ADDomainController -Filter * | ForEach-Object { $HotFixes = (Get-HotFix -ComputerName $_.Name).Count Write-Host "$($_.Name): $($_.OperatingSystem)…

6

Use PowerShell to Start Domain Controller Garbage Collection

Garbage Collection runs every 12 hours on a domain controller. So, what is it, and, more importantly, how can we kick it off with PowerShell? What is it?Garbage collection identifies tombstones and recycled-objects that have been kept for at least the tombstone lifetime and then removes them. On a happy DC, there should not be a…

0

Scripting Tips and Tricks: Param()

Param() – the next instalment in the exciting Scripting Tips and Tricks series! I'm a tidy person: tidy desk, tidy mind, and all that jazz. I believe in being as thorough and proper in my scripts and functions as possible. To that end, I delight in using PowerShell features such as: #Requires… to ensure certain conditions…

1

One-Liner: Change Account Lockout Threshold

What's the optimal Account Lockout Threshold value? A question that continues to generate a lot of debate! If an account lockout threshold is set, the latest guidance, issued with Windows Server 2012 R2, suggests a value of 10. Visit this post for more information: Configuring Account Lockout   After the new guidance was released, I wanted to quickly and efficiently…

1

Managing Azure VMs with PS Remoting

I'm a BIG fan of Microsoft Azure. I'm also a BIG fan of dystopian novels. What have the two got in common? Nothing, AFAIK, although I'm sure some tenuous links could be found by the hard-of-sleeping… Blimey, I'm off topic already… so, Microsoft Azure… I'm an even BIGGER fan of remotely managing my Azure VMs from my laptop…

0

Tracing the Source of Account Lockouts

As an Active Directory administrator, you have no doubt experienced re-occurring account lockouts. Back in the day, you would need the investigative powers of a Mr Sherlock Holmes to get to the bottom of these little mysteries! Then, the Account Lockout Tools made the process somewhat easier. Now, though, we have the magnificence of PowerShell… From Windows Server 2008 onwards,…

21

One-Liner: Specific GPO and DC Information from a Forest

Man, I love PowerShell one-liners. The efficiency, the elegance, the challenge! Here's one to give me a list of the domain names in a forest, the number of group policies per domain and the number of domain controllers per domain.   (Get-ADForest).Domains | ForEach-Object {"Domain Name`: $_"; "Number of GPOs`: $((Get-GPO -All -Domain $_ ).count)";…

1

Prepopulate Passwords to RODCs with PowerShell

Hello! The sun is shining, spring has sprung and it’s nearly the weekend… life is sweet! Today, I’m going to talk about using the AD Replication cmdlets, introduced with Windows Server 2012, to prepopulate passwords to your RODCs. No more repadmin, no more DSA.msc… just pure, unadulterated PowerShell. Today gets better and better! Let’s begin… I…

0