Find out when your Password Expires

Few weeks ago I came across this question “How to find out an account’s password expiration date” in one of our internal mailing-list. This looks like a simple question, but when we tried to find the answer we realized it is not a trivial task. One of my colleagues pointed to this 22-printed page detailed…

26

Redirecting Well Known Containers (CN=Users; CN=Computers etc.)

In this post we will see the Powershell way of redirecting Users and Computers containers (i.e. Powershell equivalent of tools: redirusr.exe and redircmp.exe). By now you might know that you can use Get-ADDomain cmdlet for viewing the well-known containers of a domain, For example:PS C:\Users\Administrator.DSWAMIPAT-W7-V1> Get-ADDomain | select *Container ComputersContainer : CN=Computers,DC=dswamipat-w7-vm1,DC=nttest,DC=microsoft,DC=com DeletedObjectsContainer : CN=Deleted…

8

Active Directory Powershell to manage Sites and Subnets – Part 2 (New-XADSubnet)

In an earlier post “Active Directory Powershell to manage sites – Part 1 (New-XADSite)” Jairo explained in detail about how to create a Site in Active Directory using AD Powershell. In today’s post I am going to discuss about how to create Subnets using AD Powershell. Before going into details of creating a subnet object,…

5

Three Module Extensions (DC Health, Trust Management and Demo Script)

This is a short blog post to highlight a few module extensions that we have been demoing at conferences this year. They show some of the new features in our PowerShell module as well as a few examples extending them. In this update, there are three modules: DemoScript – This is module wrapping Jeffrey Snover’s…

0

Tab completing LDAP attribute names inside Advanced Filters

In my previous post about Advanced filters I showed how to use Powershell variables to represent values inside filters. Example: PS D:\> $JohnSmith = Get-ADUser JohnSmith PS D:\> Get-ADUser -Filter { manager -eq $JohnSmith.DistinguishedName } ## Gets all the user accounts whose manager is JohnSmith What I didn’t tell you was Powershell variables could also…

0

ACTIVE DIRECTORY POWERSHELL TO MANAGE SITES – Part 1 (New-XADSite)

In this opportunity I am going to provide a solution to manage sites in your Active Directory (AD) forest by extending Active Directory PowerShell by implementing functions that allow creation, retrieval, update (moving to a site link, renaming) and deletion of sites. First of all we need to understand what an AD site is made…

7

HOW TO CREATE A FUNCTION TO VALIDATE THE EXISTENCE OF AN AD OBJECT (Test-XADObject)

In this posting I am sharing a simple but useful function that you might need to use in many of your scripts. This is a function that returns true if a given AD object exists provided its identity. The Identity parameter can receive any ADObject identity. This means that it can receive identities that *-ADObject…

2

Working with Certificates in Active Directory Powershell

AD Powershell uses .NET class X509Certificate to represent a certificate. Let’s see how you can manage the certificates for a user. Update User Certificates You can create a X509Certificate (or X509Certificate2) object using the certificate file.PS C:\> $cert1 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate “C:\Certs\Test1.cer”PS C:\> $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate “C:\Certs\Test2.cer” Then assign the certificates to a user account…

2

Error Reporting in Active Directory Powershell

In this blog, I will discuss the Active Directory (AD) PowerShell error reporting. Good error reporting is critical and it saves time to resolve an issue. Let’s start with the basics. In case of error, AD PowerShell cmdlet prints the error details which contain an error message. PS C:\> New-ADUser -Name:”ADPSUser” -SamAccountName:”ADPSUser” -Enabled:$true New-ADUser : The password does not meet the…

2

Extending Active Directory Powershell

Today, I am going to show how we can leverage the power of Powershell V2 and Active Directory Module, and easily write powerful, professional cmdlets (with help message, positional parameters, default prompting, error handling etc.) for AD. Couple of weeks ago, one of my colleagues (Alexander Lash) introduced me to a cool feature in Powershell…

2