Active Directory: Bulk Update User UPNs

#Bulk Update UPNs

Import-Module ActiveDirectory

#SPECIFY NEW SUFFIX AND OU TO CHANGE
$newSuffix = '@domain.com'
$ou = "OU=Users,DC=mydomain,DC=local"

#EXECUTE CHANGES
Get-ADUser -Filter * -SearchBase $ou | ForEach-Object {
$newUpn = $_.SamAccountName + $newSuffix
Set-ADUser -ID $_ -UserPrincipalName $newUpn
}

Find All Windows Servers Not in a Group in Active Directory

Example:
(&(objectCategory=computer)(operatingSystem=*Windows Server*)(!memberof:1.2.840.113556.1.4.1941:=CN=ServerHardening,OU=Groups,DC=mydomain,DC=local))

& = And the following conditions together
objectCategory = is it a user, computer, etc.
operatingSystem = what is found in the computer object operating system tab "name" field
! = Condition is "Not"
memberof = Find members of the group
1.2.840.113556.1.4.1941 = Tells the lookup to recurse the member groups of the super group

You must use the full distinguished name of the group in question.

Of course you can adjust this to specific OS versions or group names or even extend it to include additional references to more groups.

Find Inactive Systems to Clean UP Active Directory

Shows all computers that haven't contacted the domain in 8 weeks or more. You can also use this for user objects. Run in PowerShell with the "sort-object" to sort by the DN which starts with the name of the system so it helps if you have a computer naming convention.

dsquery computer -inactive 8 | sort-object