$ou = "OU=Users,DC=mydomain,DC=local"
Get-ADUser -filter * -SearchBase $ou | Where-Object {$_.userprincipalname -like "*domain.com"} | Export-Csv C:\temp\UPN.csv
Wednesday, November 4, 2015
Thursday, October 22, 2015
Active Directory: Bulk Update User UPNs
#Bulk Update UPNs
Import-Module ActiveDirectory
#SPECIFY NEW SUFFIX AND OU TO CHANGE
$newSuffix = '@domain.com'
$ou = "OU=Users,DC=mydomain,DC=local"
#EXECUTE CHANGES
Get-ADUser -Filter * -SearchBase $ou | ForEach-Object {
$newUpn = $_.SamAccountName + $newSuffix
Set-ADUser -ID $_ -UserPrincipalName $newUpn
}
Import-Module ActiveDirectory
#SPECIFY NEW SUFFIX AND OU TO CHANGE
$newSuffix = '@domain.com'
$ou = "OU=Users,DC=mydomain,DC=local"
#EXECUTE CHANGES
Get-ADUser -Filter * -SearchBase $ou | ForEach-Object {
$newUpn = $_.SamAccountName + $newSuffix
Set-ADUser -ID $_ -UserPrincipalName $newUpn
}
Wednesday, October 21, 2015
Find All Windows Servers Not in a Group in Active Directory
Example:
(&(objectCategory=computer)(operatingSystem=*Windows Server*)(!memberof:1.2.840.113556.1.4.1941:=CN=ServerHardening,OU=Groups,DC=mydomain,DC=local))
& = And the following conditions together
objectCategory = is it a user, computer, etc.
operatingSystem = what is found in the computer object operating system tab "name" field
! = Condition is "Not"
memberof = Find members of the group
1.2.840.113556.1.4.1941 = Tells the lookup to recurse the member groups of the super group
You must use the full distinguished name of the group in question.
Of course you can adjust this to specific OS versions or group names or even extend it to include additional references to more groups.
(&(objectCategory=computer)(operatingSystem=*Windows Server*)(!memberof:1.2.840.113556.1.4.1941:=CN=ServerHardening,OU=Groups,DC=mydomain,DC=local))
& = And the following conditions together
objectCategory = is it a user, computer, etc.
operatingSystem = what is found in the computer object operating system tab "name" field
! = Condition is "Not"
memberof = Find members of the group
1.2.840.113556.1.4.1941 = Tells the lookup to recurse the member groups of the super group
You must use the full distinguished name of the group in question.
Of course you can adjust this to specific OS versions or group names or even extend it to include additional references to more groups.
Find Inactive Systems to Clean UP Active Directory
Shows all computers that haven't contacted the domain in 8 weeks or more. You can also use this for user objects. Run in PowerShell with the "sort-object" to sort by the DN which starts with the name of the system so it helps if you have a computer naming convention.
dsquery computer -inactive 8 | sort-object
dsquery computer -inactive 8 | sort-object
Wednesday, September 9, 2015
Get Useful Mailbox Information from Exchange Shell
Just a quick one-liner for exporting usable info about all mailboxes. Be sure to adjust your domain controller (or leave it out if in a single domain environment).
get-mailbox -ResultSize unlimited -DomainController ADC1 | Select-Object DisplayName,PrimarySmtpAddress,ExchangeUserAccountControl,RecipientTypeDetails,ServerName,Database,ProhibitSendQuota,ProhibitSendReceiveQuota,UseDatabaseQuotaDefaults,IssueWarningQuota,MaxSendSize,MaxReceiveSize,DeliverToMailboxAndForward,HiddenFromAddressListsEnabled,WhenChanged | Export-CSV C:\mailboxes.csv
Returns some good info about mailbox size quotas, send/receive limits, mailbox type, forwarding and address book status.
get-mailbox -ResultSize unlimited -DomainController ADC1 | Select-Object DisplayName,PrimarySmtpAddress,ExchangeUserAccountControl,RecipientTypeDetails,ServerName,Database,ProhibitSendQuota,ProhibitSendReceiveQuota,UseDatabaseQuotaDefaults,IssueWarningQuota,MaxSendSize,MaxReceiveSize,DeliverToMailboxAndForward,HiddenFromAddressListsEnabled,WhenChanged | Export-CSV C:\mailboxes.csv
Returns some good info about mailbox size quotas, send/receive limits, mailbox type, forwarding and address book status.
Friday, June 19, 2015
Active Directory: Bulk Update Logon Script
Modification of my bulk update home drive script.
# CHANGE LOGON SCRIPT
Import-Module ActiveDirectory
Get-ADUser -Filter * -SearchBase "OU=Users,DC=contoso,DC=com" | Foreach-Object{
$sam = $_.SamAccountName
Set-ADuser -Identity $_ -ScriptPath "LOGON-NEW.bat"
}
# CHANGE LOGON SCRIPT
Import-Module ActiveDirectory
Get-ADUser -Filter * -SearchBase "OU=Users,DC=contoso,DC=com" | Foreach-Object{
$sam = $_.SamAccountName
Set-ADuser -Identity $_ -ScriptPath "LOGON-NEW.bat"
}
Active Directory: Bulk Update Home Folder Path
Can't take any credit for this one. Just happened to stumble on it in a forum post. Just putting it here for future reference. Added a couple of checks for good measure.
# CHANGE HOME DIRECTORY
$SearchOU="OU=Users,DC=contoso,DC=com"
Import-Module ActiveDirectory
#Search for all users in OU that are not disabled or with blank homedirectory
Get-ADUser -Filter * -SearchBase $SearchOU | where-object {$_.enabled -eq $true -AND $_.homedirectory -ne ""} | Foreach-Object
{
$sam = $_.SamAccountName
Set-ADuser -Identity $_ -HomeDrive "H:" -HomeDirectory \\SERVER02\Users\$sam
}
# CHANGE HOME DIRECTORY
$SearchOU="OU=Users,DC=contoso,DC=com"
Import-Module ActiveDirectory
#Search for all users in OU that are not disabled or with blank homedirectory
Get-ADUser -Filter * -SearchBase $SearchOU | where-object {$_.enabled -eq $true -AND $_.homedirectory -ne ""} | Foreach-Object
{
$sam = $_.SamAccountName
Set-ADuser -Identity $_ -HomeDrive "H:" -HomeDirectory \\SERVER02\Users\$sam
}
Tuesday, March 24, 2015
SBS + DirSync for Office365
Learned today that SBS still doesn't support DirSync. You can install it on a domain controller which didn't used to be the case. So the requirement remains 2008/2012, including DCs. No SBS 2011 (what I was trying in this case).
I haven't seen any information to suggest anyone has gotten it to work. Feel free to share your experience if you have. My assumption is that SBS being a different beast with its extra SQL Express and such just can't do it.
Subscribe to:
Posts (Atom)