Active Directory

You need to have an Active Directory domain in place. I’m picking up where I left off in my previous blog article Use PowerShell to Create a New Active Directory Forest on Windows 2019 Server Core Installation (no-GUI). The procedure shown in this blog article is for demonstration purposes only. Install the DHCP server feature. Install-WindowsFeature -Name DHCP Add the DHCP scope to the server. Add-DhcpServerv4Scope -Name '192.168.129.x' -StartRange 192.168.129.101 -EndRange 192....

You have a fresh installation of Windows Server 2019 that was installed using the default installation type of server core installation (no-GUI). This server will be the first domain controller in a brand new Active Directory forest. You’ve completed the following configuration prior to attempting to turn this server into a domain controller: Install all the available Windows Updates Set the time zone Set the computer name Set a static IP address Log into the server and launch PowerShell by typing powershell....

I’ve been working with PowerShell since the version 1.0 days and I’m still amazed that I find cmdlets that I didn’t know existed. Back in 2003, I had written some PowerShell code to query group policy for the lockout policy of an Active Directory domain. It used code similar to what’s shown in the following example which requires the GroupPolicy PowerShell module that installs as part of the RSAT (Remote Server Administration Tools)....

How do you control password resets in your environment? I’ve worked for numerous companies where their forgotten password reset process was all over the board. Hopefully you have a process in place that allows you to sleep at night. Even with the best policies and procedures in place, what happens when someone on your help desk staff resets a users password to some default password and forgets to set the account so the password has to be changed at next logon?...

The new PowerShell cmdlets that are part of the SQLServer PowerShell module that’s distributed as part of SSMS (SQL Server Management Studio) 2016 make it super easy to write the output of PowerShell commands to a SQL Server database. The ActiveDirectory PowerShell module that’s part of the RSAT (Remote Server Administration Tools) is also required by the code shown in this blog article. This PowerShell one-liner retrieves a list of Active Directory users who have not logged in within the past 120 days, are enabled, and exist in the Adventure Works OU (Organizational Unit)....

I recently responded to a post in a forum about adding Active Directory users to groups with PowerShell based on information contained in a CSV (Comma Separated Values file format). I thought I would not only share the scenario and solution that I came up with but also elaborate on adding additional functionality that may be desired. In this scenario, you’ve been provided with a CSV file that contains a list of Active Directory users and the groups that they should be a member of as shown in the following image:...

This week I’m sharing a couple of PowerShell functions that are a work in progress to nag those users who seem to never want to change their passwords. I can’t tell you how many times the help desk staff at one of the companies that I provide support for receives a call from a user who is unable to access email or other resources on the intranet. The problem? They have run their password down to the point where they arrive in the morning, log into their computer without issue, and during the day while they’re working their password expires which cuts them off from Intranet resources such as email and websites that require authentication....

A few months ago I created an audition video for Pluralsight on “Demystifying Active Directory User Account Lockouts with PowerShell” and I thought I would share that video with you, the readers of my blog site: You can also find this video on my YouTube channel. µ

I recently ran across something interesting that I thought I would share. The help for the FilterHashTable parameter of Get-WinEvent says that you can filter by UserID using an Active Directory user account’s SID or domain account name: help Get-WinEvent -Parameter filterhashtable Notice that the help also says the data key can be used for unnamed fields in classic event logs. I often hear the question wanting to know what the valid key pairs are for the hash table....

If you’re a frequent reader of the blog articles on this site, then you know that I’ve been working on using Desired State Configuration to build my test lab environment that runs as Hyper-V VM’s on my Windows 8.1 computer. If you would like to know the current state of my test environment, see the previous blog article: Creating a Desired State Configuration Resource for Self Signed Certificates. The certificate created in last week’s blog has been exported and copied to the Windows 8....

In this blog article, I’ll use PowerShell to install Active Directory Certificate Services in my test environment. The domain controller that’s being used is running Windows Server 2012 R2 Server Core Installation (no-GUI). The workstation that I’m using is running Windows 8.1 and it is a member of the same Active Directory domain. Many times when I’m prototyping something on a single remote server, I’ll use one to one remoting so that it’s an interactive session....

I’m a big believer in trying to write my PowerShell code to what the industry considers to be the best practices as most are common sense anyway, although as one person once told me: “Common sense isn’t all that common anymore”. I would hope that even the most diehard best practices person would realize that if you run into a scenario where following best practices causes the results to be skewed, that at least in that scenario it’s worth taking a step back so you can see the bigger picture....