One-Liner: Use PowerShell to Verify Domain Controller Location

It’s generally a bad thing if a domain controller isn’t in the domain controllers OU. For example, the default domain controllers policy may not be applied. Here’s a cheeky one-liner to check you’re good:   Get-ADDomainController -Filter * | ForEach-Object { if ($_.ComputerObjectDN -notmatch “CN=$($_.Name),OU=Domain COntrollers,$($_.DefaultPartition)”) { Write-Output “$($_.Name) computer object DN set to $($_.ComputerObjectDN)” }…

1

PowerShell and _MSDCS Recovery

Oh, no! Someone's blatted the _MSDCS zone from DNS! The _MSDCS zone hosts the domain controller locator DNS resource records for all the domain controllers in an Active Directory forest – it's a key part of how clients find domain controller services. This unfortunate deletion has been replicated to all domain controllers. What to do?   Call your friendly, neighbourhood PowerShell!…

0

One-Liner: Domain Controller Patch Levels

Before performing work against your Active Directoy, it's prudent to complete a few checks, e.g. is replication healthy, are my FSMOs up, do I have up-to-date, verified backups etc? Here's a one-liner to give you a view of whether your patch levels are consistent: Get-ADDomainController -Filter * | ForEach-Object { $HotFixes = (Get-HotFix -ComputerName $_.Name).Count Write-Host "$($_.Name): $($_.OperatingSystem)…

6

Use PowerShell to Start Domain Controller Garbage Collection

Garbage Collection runs every 12 hours on a domain controller. So, what is it, and, more importantly, how can we kick it off with PowerShell? What is it?Garbage collection identifies tombstones and recycled-objects that have been kept for at least the tombstone lifetime and then removes them. On a happy DC, there should not be a…

0

Scripting Tips and Tricks: Param()

Param() – the next instalment in the exciting Scripting Tips and Tricks series! I'm a tidy person: tidy desk, tidy mind, and all that jazz. I believe in being as thorough and proper in my scripts and functions as possible. To that end, I delight in using PowerShell features such as: #Requires… to ensure certain conditions…

1

Managing Azure VMs with PS Remoting

I'm a BIG fan of Microsoft Azure. I'm also a BIG fan of dystopian novels. What have the two got in common? Nothing, AFAIK, although I'm sure some tenuous links could be found by the hard-of-sleeping… Blimey, I'm off topic already… so, Microsoft Azure… I'm an even BIGGER fan of remotely managing my Azure VMs from my laptop…

0

One-Liner: Specific GPO and DC Information from a Forest

Man, I love PowerShell one-liners. The efficiency, the elegance, the challenge! Here's one to give me a list of the domain names in a forest, the number of group policies per domain and the number of domain controllers per domain.   (Get-ADForest).Domains | ForEach-Object {"Domain Name`: $_"; "Number of GPOs`: $((Get-GPO -All -Domain $_ ).count)";…

1

Prepopulate Passwords to RODCs with PowerShell

Hello! The sun is shining, spring has sprung and it’s nearly the weekend… life is sweet! Today, I’m going to talk about using the AD Replication cmdlets, introduced with Windows Server 2012, to prepopulate passwords to your RODCs. No more repadmin, no more DSA.msc… just pure, unadulterated PowerShell. Today gets better and better! Let’s begin… I…

0