Richard Siddaway's Blog

As stated last time the direct reports is a backlink created from the users who have this particular user as a manager Displaying this attribute is straight forward if (-not (Get-Module ActiveDirectory)){ Import-Module ActiveDirectory } $ou = "OU=England,DC=Manticore,DC=org" $manager = "CN=HORNBLOWER Horatio,$ou" "`nMicrosoft" Get-ADUser -Identity $manager -Properties * | select -ExpandProperty directReports "`nAD provider" Get-ItemProperty […]

The organization tab on the user properties can hold a number of items – job title, department, company, manager & direct reports The first four we can set directly. The direct reports attribute is a backlink meaning it is filled with the distinguished names of the users who have  a particular user set as their […]

Continuing our quick look at The ActiveDirectory name space lets have a look at the MSAD_NamingContext  class Get-WmiObject -Namespace root\MicrosoftActiveDirectory -Class MSAD_NamingContext | Format-Table DistinguishedName, IsFullReplica –AutoSize   DistinguishedName                              IsFullReplica —————–                              ————- DC=DomainDnsZones,DC=Manticore,DC=org                   True DC=ForestDnsZones,DC=Manticore,DC=org                   True CN=Schema,CN=Configuration,DC=Manticore,DC=org          True CN=Configuration,DC=Manticore,DC=org                    True DC=Manticore,DC=org                                     True   This is equivalent to the information you see in the root of […]

A lot of the Active Directory related functionality has been removed from WMI but  there is a little bit left in the root\MicrosoftActiveDirectory namespace. This is on a Windows 2008 R2 domain controller – I don’t know if this is available on down level versions of Windows. Get-WmiObject -Namespace root\MicrosoftActiveDirectory -List | where {$_.Name -notlike […]

In AD Users & Computers the user’s properties dialog has a tab for setting address information   if (-not (Get-Module ActiveDirectory)){ Import-Module ActiveDirectory } $ou = "OU=England,DC=Manticore,DC=org" $street = @" 123 Somewhere Place, A big suburb "@ $PObox = "PO 456" $city = "Salisbury" $state = "Wiltshire" $zip = "SY27 5QW" $country = "GB" "`nMicrosoft" […]

The 2012 PowerShell Deep Dive has been announced  – April 29 – May 2 in San Diego. http://blogs.msdn.com/b/powershell/archive/2012/01/27/it-s-time-for-another-powershell-deep-dive.aspx   This time PowerShell is a full track so expect more of your favourite stuff.  Hope to see you there.

On the Account tab of an AD user’s properties there is a button labelled “Logon to …” that can be used to restrict the computers a user can logon onto. The default is that users can log onto any machine. If you want to script the restriction if (-not (Get-Module ActiveDirectory)){ Import-Module ActiveDirectory } $ou […]

  If you’ve used PowerShell for any time you will be away of [int] meaning integer. One common use is in functions to define a parameter’s data type function test1 { param (   [int]$a,   [int]$b ) $a * $b } We can use this function PS> test1 -a 10 -b 6 60 OK […]

By default a user can logon 24/7.  Is this acceptable – should users be able to logon during the night or weekends. AD Users and Computers has a GUI to set the hours users can logon. But we don’t need a GUI we can do this if (-not (Get-Module ActiveDirectory)){ Import-Module ActiveDirectory } $ou = […]

Creating an OU is a fairly common activity. The GUI is quick enough for a single OU but we need PowerShell for bulk creation. Its a straight forward activity if (-not (Get-Module ActiveDirectory)){ Import-Module ActiveDirectory } $ou = "OU=BlogTests,DC=Manticore,DC=org" "`nMicrosoft" $name = "OUM" New-ADOrganizationalUnit -Path $ou -Name $name "`nAD provider" $name = "OUP" New-Item -Path […]