DailySysAdmin | For all things IT!
A resource for Sys Admins & IT Pros
To get a user report including all of the groups that each user is a member of use:
Import-module activedirectory Get-AdUser -Filter * -Properties * | select DisplayName, Title, Department, Manager, @{N=’Groups’; E={$($_.Memberof)}} | Export-csv "c:\temp\UsersandGroups.csv" -nti
I recently had to reset a DSRM password as the existing password had been lost. There is absolutely no implications or downside to doing this at all (but there could have been if we needed it and had no access to the DCs).
Continue reading “Reset your DSRM or Directory Services Restore Mode password”
This is a very useful line of code that will list all of the members of a particular Active Directory group and send the output to a .csv file.
Get-ADGroupMember -Identity "Test Group" | export-csv c:\temp\GroupMembers.csv
If you want to find out when user’s passwords will expire and export them to a .csv file then this will help. This simple script will list all of your active users, sort the list and list the expiry dates.
Import-Module ActiveDirectory Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "SamAccountName","msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "SamAccountName", @{Name="Password Expiry Date"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | sort "SamAccountName" | export-csv c:\temp\expire.csv -NoTypeInformation
You can also modify the script so that all you need to do is enter the username and get the expiry date:
Import-Module ActiveDirectory Add-Type -AssemblyName Microsoft.VisualBasic $username = [Microsoft.VisualBasic.Interaction]::InputBox('Enter users SamAccountName', 'SamAccountName') Get-ADUser $username –Properties "SamAccountName","msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "SamAccountName", @{Name="Password Expiry Date"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | sort "SamAccountName" | Out-GridView
If you are running the script from a desktop machine ensure that PowerShell is running as admin and that you have the RSAT tools installed.
For this post I just wanted to note down my thoughts and plan that I recently used to migrate a client from Active Directory 2008 R2 to Active Directory 2016. For this work the servers involved were four Windows 2008 R2 servers which all ran AD, DNS, DHCP and NPS. These roles were being migrated to four Windows 2016 servers. The servers are spread out geographically and are on different networks but are all part of a single AD domain. All of the servers are Global Catalog servers. This is not designed to be low-level guide with all the intricate details but more of an overview (with some useful commands thrown in).
Continue reading “Migrating Active Directory from 2008 R2 to 2016”