Find out when your Password Expires

Few weeks ago I came across this question “How to find out an account’s password expiration date” in one of our internal mailing-list. This looks like a simple question, but when we tried to find the answer we realized it is not a trivial task. One of my colleagues pointed to this 22-printed page detailed…


Adding/removing members from another forest or domain to groups in Active Directory

Adding/removing members belonging to the same domain from a group is very simple using AD Powershell cmdlets. All you have to do is pass an identifier (either samAccountName, distinguishedName, securityIdentifier or GUID) of the member and group to one of the membership cmdlets: · Add-ADGroupMember · Remove-ADGroupMember · Add-ADPrincipalGroupMembership · Remove-ADPrincipalGroupMembership Example: C:\PS> Add-ADGroupMember SvcAccPSOGroup…


Redirecting Well Known Containers (CN=Users; CN=Computers etc.)

In this post we will see the Powershell way of redirecting Users and Computers containers (i.e. Powershell equivalent of tools: redirusr.exe and redircmp.exe). By now you might know that you can use Get-ADDomain cmdlet for viewing the well-known containers of a domain, For example:PS C:\Users\Administrator.DSWAMIPAT-W7-V1> Get-ADDomain | select *Container ComputersContainer : CN=Computers,DC=dswamipat-w7-vm1,DC=nttest,DC=microsoft,DC=com DeletedObjectsContainer : CN=Deleted…


How to find extended rights that apply to a schema class object

Recently, I came across this question (how to find extended rights that apply to a schema class) in our internal mailing lists. Extended rights are special permissions that denote a special task or function. These rights apply to one or more object classes and can be found stamped in the security descriptor of an object….


Active Directory Powershell to manage Sites and Subnets – Part 3 (Getting Site and Subnets)

Hello folks! Here are few Active Directory Powershell script snippets that you will find useful while writing scripts. They deal with fetching sites, subnets and servers. Most of the snippets are simple and self-explanatory and can be simply copy-pasted in your existing script.## Get a specified Active Directory Site. $siteName = “Default-First-Site-Name” $configNCDN = (Get-ADRootDSE).ConfigurationNamingContext…