Posts tagged with Active Directory

Copying AD User Group Permissions with PowerShell

June 6th, 2017 by and tagged , , ,

One of the tasks that I’m often asked to perform as an Active Directory domain administrator is to assign a user the same set of permissions as an existing user. This is something you can do fairly easily in the GUI (Active Directory Users and Computers, dsa.msc) when you’re first creating the user, but which […]

Posted in Active Directory, IT Admin, PowerShell, Security | No Comments »

PowerShell: Rename an Active Directory User

March 11th, 2017 by and tagged , , ,

This came up at work the other day. Another admin had attempted to rename an AD User account and it had only partially gotten renamed — the SAM Account, Name and Display name were all correct, but the old user name was still showing up in a couple of places, including the login screen. The […]

Posted in Active Directory, PowerShell | 2 Comments »

Configuring Windows Server 2016 core as a DHCP Server with PowerShell

February 15th, 2017 by and tagged , , , , ,

As I mentioned last time, I’m setting up a new domain controller and DHCP server for my internal domain on Windows Server 2016 Core, and I’m exclusively using PowerShell to do it. For both the DHCP Server and AD DS roles, we need to configure a fixed IP address on the server, so let’s do […]

Posted in Active Directory, DHCP, Hyper-V, Networking, PowerShell, Windows Server 2016, Windows Server Core | No Comments »

PowerShell: Sending password expiration notices via GMail – Part 3

December 20th, 2016 by and tagged , , , , , ,

In Part 1 of this series, I showed you how to identify users whose password was about to expire. Then in Part 2 of the series, I took that list of users and sent email to them using gmail-hosted company email. This third part of the series pulls all that together into a single script, […]

Posted in Active Directory, Network Administration, PowerShell, PSCredential, Security | No Comments »

PowerShell: Sending password expiration notices via GMail – Part 2

December 20th, 2016 by and tagged , ,

In the first part of this trio of posts, I showed a way to identify users whose password was about to expire. Which is useful, but now you need to notify them. If your company email is in GMail, there’s a few gotchas you’ll need to watch out for, but I’ll show you how to […]

Posted in Active Directory, Network Administration, PowerShell | No Comments »

PowerShell: Sending password expiration notices via GMail – Part 1

December 13th, 2016 by and tagged , , , ,

In a perfect world, users would never forget their password, and never forget to change it before the expiration date. But we don’t live in that perfect world. I covered how to unlock AD accounts earlier in this post, but now I’d like to talk about how to first find the users whose accounts are […]

Posted in Active Directory, Network Administration, PowerShell | No Comments »

Importing users into Active Directory

October 27th, 2016 by and tagged , , , ,

When you need to create a single user in Active Directory Domain Services (AD DS), the tendency is to just “do it” in the GUI – either Active Directory Users and Computers (ADUC) or Active Directory Administrative Center (ADAC). But if you’ve got 25 users to add, or even 5 users to add, that’s just […]

Posted in Active Directory, Network Administration, PowerShell | No Comments »

Starting a PowerShell window as a Domain Admin

September 26th, 2016 by and tagged , , ,

If you run as a limited user on your own desktop, as you should, it’s useful to keep a separate PowerShell window open as the Domain Administrator. I give that window a nice dark red background so I know instantly that I’m in a powerful window and to be appropriately careful. But how can I […]

Posted in Active Directory, Annoyances, Network Administration, PowerShell | No Comments »

Active Directory — Unlocking a User Account with PowerShell

September 9th, 2016 by and tagged , , , , , ,

As any SysAdmin knows, users periodically lock themselves out of their accounts, usually because they forgot a password or somehow mistyped it too many times. And after all, if it failed once, why not keep trying it? Unlocking that account is NOT something you do with Set-ADUser, unfortunately, because the PowerShell ActiveDirectory module has a […]

Posted in Active Directory, PowerShell, PSCredential | No Comments »

Promoting a new domain controller

May 14th, 2016 by and tagged , , , ,

I’ve been working with Windows Server 2016 CTP5 recently, and because I installed it without the Desktop Experience (what we used to call a Server Core installation), I’m having to do everything in Windows PowerShell. No complaints, I enjoy it, but it does force me to think about things a bit sometimes. One of the […]

Posted in Active Directory, Network Administration, PowerShell, Windows Server, Windows Server Core | Comments Off on Promoting a new domain controller