Use PowerShell to Install a DHCP Server on a Windows Server 2019 (Server Core) Active Directory Domain Controller

You need to have an Active Directory domain in place. I’m picking up where I left off in my previous blog article Use PowerShell to Create a New Active Directory Forest on Windows 2019 Server Core Installation (no-GUI). The procedure shown in this blog article is for demonstration purposes only. Install the DHCP server feature. Install-WindowsFeature -Name DHCP Add the DHCP scope to the server. Add-DhcpServerv4Scope -Name '192.168.129.x' -StartRange 192.168.129.101 -EndRange 192....

December 6, 2018 · 1 min · 161 words · Mike F. Robbins

Use PowerShell to Create a New Active Directory Forest on Windows 2019 Server Core Installation (no-GUI)

You have a fresh installation of Windows Server 2019 that was installed using the default installation type of server core installation (no-GUI). This server will be the first domain controller in a brand new Active Directory forest. You’ve completed the following configuration prior to attempting to turn this server into a domain controller: Install all the available Windows Updates Set the time zone Set the computer name Set a static IP address Log into the server and launch PowerShell by typing powershell....

November 29, 2018 · 2 min · 334 words · Mike F. Robbins

Determine the Default Password Policy for an Active Directory Domain with PowerShell

I’ve been working with PowerShell since the version 1.0 days and I’m still amazed that I find cmdlets that I didn’t know existed. Back in 2003, I had written some PowerShell code to query group policy for the lockout policy of an Active Directory domain. It used code similar to what’s shown in the following example which requires the GroupPolicy PowerShell module that installs as part of the RSAT (Remote Server Administration Tools)....

April 20, 2017 · 2 min · 283 words · Mike F. Robbins

Test Active Directory User Accounts for a Default Password with PowerShell

How do you control password resets in your environment? I’ve worked for numerous companies where their forgotten password reset process was all over the board. Hopefully you have a process in place that allows you to sleep at night. Even with the best policies and procedures in place, what happens when someone on your help desk staff resets a users password to some default password and forgets to set the account so the password has to be changed at next logon?...

April 13, 2017 · 3 min · 636 words · Mike F. Robbins

PowerShell One-Liner to Disable Active Directory Accounts and Log the Results to a SQL Server Database

The new PowerShell cmdlets that are part of the SQLServer PowerShell module that’s distributed as part of SSMS (SQL Server Management Studio) 2016 make it super easy to write the output of PowerShell commands to a SQL Server database. The ActiveDirectory PowerShell module that’s part of the RSAT (Remote Server Administration Tools) is also required by the code shown in this blog article. This PowerShell one-liner retrieves a list of Active Directory users who have not logged in within the past 120 days, are enabled, and exist in the Adventure Works OU (Organizational Unit)....

February 16, 2017 · 2 min · 322 words · Mike F. Robbins

Use PowerShell to Add Active Directory Users to Specific Groups based on a CSV file

I recently responded to a post in a forum about adding Active Directory users to groups with PowerShell based on information contained in a CSV (Comma Separated Values file format). I thought I would not only share the scenario and solution that I came up with but also elaborate on adding additional functionality that may be desired. In this scenario, you’ve been provided with a CSV file that contains a list of Active Directory users and the groups that they should be a member of as shown in the following image:...

February 25, 2016 · 4 min · 640 words · Mike F. Robbins

Building logic into PowerShell functions to nag users before their Active Directory password expires

This week I’m sharing a couple of PowerShell functions that are a work in progress to nag those users who seem to never want to change their passwords. I can’t tell you how many times the help desk staff at one of the companies that I provide support for receives a call from a user who is unable to access email or other resources on the intranet. The problem? They have run their password down to the point where they arrive in the morning, log into their computer without issue, and during the day while they’re working their password expires which cuts them off from Intranet resources such as email and websites that require authentication....

January 7, 2016 · 4 min · 772 words · Mike F. Robbins

Video: Demystifying Active Directory User Account Lockouts with PowerShell

A few months ago I created an audition video for Pluralsight on “Demystifying Active Directory User Account Lockouts with PowerShell” and I thought I would share that video with you, the readers of my blog site: You can also find this video on my YouTube channel. µ

December 31, 2015 · 1 min · 47 words · Mike F. Robbins

PowerShell: Filter by User when Querying the Security Event Log with Get-WinEvent and the FilterHashTable Parameter

I recently ran across something interesting that I thought I would share. The help for the FilterHashTable parameter of Get-WinEvent says that you can filter by UserID using an Active Directory user account’s SID or domain account name: help Get-WinEvent -Parameter filterhashtable Notice that the help also says the data key can be used for unnamed fields in classic event logs. I often hear the question wanting to know what the valid key pairs are for the hash table....

October 1, 2015 · 2 min · 395 words · Mike F. Robbins

Using PowerShell Desired State Configuration to build the first domain controller in your Active Directory forest

If you’re a frequent reader of the blog articles on this site, then you know that I’ve been working on using Desired State Configuration to build my test lab environment that runs as Hyper-V VM’s on my Windows 8.1 computer. If you would like to know the current state of my test environment, see the previous blog article: Creating a Desired State Configuration Resource for Self Signed Certificates. The certificate created in last week’s blog has been exported and copied to the Windows 8....

February 12, 2015 · 4 min · 665 words · Mike F. Robbins

Use PowerShell to Install Active Directory Certificate Services

In this blog article, I’ll use PowerShell to install Active Directory Certificate Services in my test environment. The domain controller that’s being used is running Windows Server 2012 R2 Server Core Installation (no-GUI). The workstation that I’m using is running Windows 8.1 and it is a member of the same Active Directory domain. Many times when I’m prototyping something on a single remote server, I’ll use one to one remoting so that it’s an interactive session....

November 20, 2014 · 2 min · 364 words · Mike F. Robbins

PowerShell: When Best Practices and Accurate Results Collide

I’m a big believer in trying to write my PowerShell code to what the industry considers to be the best practices as most are common sense anyway, although as one person once told me: “Common sense isn’t all that common anymore”. I would hope that even the most diehard best practices person would realize that if you run into a scenario where following best practices causes the results to be skewed, that at least in that scenario it’s worth taking a step back so you can see the bigger picture....

November 6, 2014 · 3 min · 498 words · Mike F. Robbins