One-Liner: Active Directory Protected Objects

This week I was asked how to get a list of Active Directory protected objects with PowerShell. Protected objects can’t be deleted as they are critical to the health of Active Directory. The easiest way I could think of is to use Get-ADObject with a specific LDAP filter. Get-ADObject -LDAPFilter “(&(objectcategory=*)(systemflags:1.2.840.113556.1.4.803:=2147483648))” Here’s some output. Notice…

1

Prepopulate Passwords to RODCs with PowerShell

Hello! The sun is shining, spring has sprung and it’s nearly the weekend… life is sweet! Today, I’m going to talk about using the AD Replication cmdlets, introduced with Windows Server 2012, to prepopulate passwords to your RODCs. No more repadmin, no more DSA.msc… just pure, unadulterated PowerShell. Today gets better and better! Let’s begin… I…


To and Fro, Back and Forward Links

I seem to have acquired a post sack. It has the initials NP on it… Hmmm, what's inside? This one looks interesting…    "…Dear, Sir, How can I use PowerShell to check that a backlink is populated for an object in AD? Yours, faithfully, Mr Johnny Face…"   Well, Johnny, I just happen to have written a…


One-Liner: Active Directory Schema Version

  Rules rule! What's a directory service without schema?   This week I was asked about the Active Directory schema version for Windows Server 2012 R2.   Here’s how to get hold of it with PowerShell:   Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion     The cmdlet in brackets (Get-ADRootDSE) is executed first. The “.”is used to access…

2