PowerShell Script to Query UserAccountControl Flags

One of the services I provide as a Premier Field Engineer is performing health and security assessments in a customer’s environment and providing them a detailed report.  Recently I was performing an Offline Assessment for Active Directory Security for a customer and several accounts were flagged that had some non-standard userAccountControl flags set. The user…

2

How to Query Active Directory to Determine the Schema Version

You can query Active Directory to determine the schema version as shown below.  Replace “dc=domainname” with your information:   dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion   The PowerShell version below does not require any customization: Get-ADObject (get-adrootdse).schemaNamingContext -Property objectVersion   The table below shows Active Directory schema versions. Windows 2000 Server 13 Windows 2003…

5

Sub-Select Query – The Holy Grail of SMS Collections

Learned a cool trick this week for building SMS/SCCM collections that will return a list of computers that “do not have something”.  Building a collection that returns a group computers with a particular file or program on them is easy enough.  You create a query that returns the systems you want and then import the query…

4