Get Inactive Users Report for the past 60 days in a multi domain environment

I had a request recently to provide an inactive user report for the past 60 days. Basically, find out which accounts have not logged in for the past 60 days so action can be taken against them. The request was for a multi domain forest which queries every domain controller and gets the latest lastlogon … Read moreGet Inactive Users Report for the past 60 days in a multi domain environment

Get All DCs in the Entire Forest

Getting a know a new environment for a new client and I a quickly needed information about all domain controllers in the entire forest. Wrote a small little script to provide me all the information I needed:

 

NSLookup still showing IP of demoted Domain Controller

So had an interesting issue today where a Domain Controller (DC) was demoted yet the IP of the demoted DC was still showing up when running nslookup internaldomain.local Demoted DC: MWDC04 / IP: 10.14.111.111 I had done the metadata cleanup and tried many suggestions when googling the subject. To my surprise none of the solutions I … Read moreNSLookup still showing IP of demoted Domain Controller

Speed up Active Directory & DNS replication between Sites

Using the standard GUI Microsoft Management Consoles to make the change to speed up Active Directory replication is not possible. The best result of using administrator consoles will be to increase domain replication between domain controllers to 15 minutes. These large time values were instituted into Active Directory at version 1 because inter-site connections during that era of computing and networking were much lower in bandwidth with the most common being frame-relay or … Read moreSpeed up Active Directory & DNS replication between Sites

The Lazy Way To Do Active Directory Inventory

From time to time admins have to run an inventory of what is running in the AD environment. This is a good practice for audits, inventory, removing decommissioned servers, or any other good reason. The details that are required are like when was computer/ server created, when was it last logged into, what is the … Read moreThe Lazy Way To Do Active Directory Inventory

Lists all users last logon time

As administrators we often want to check which users have not logged in for quite a while, or what accounts recently accessed a system, etc. The following script list all users and their last logon time. With the lastloggeduser.csv we can get fancy with excel to find differences based on age and more.

 

Connecting to a remote domain controller using PowerShell

Covering one of the basic day to day task if you are a Windows Administrator; connecting to the domain controller.  I try to minimize logging onto servers as much as possible.  Your thought should be around connecting to the server remotely and doing the work as needed instead of natively logging on to it. I … Read moreConnecting to a remote domain controller using PowerShell

Set password never to expire for users in a particular domain (Bulk mode)

Let me start by saying that I don’t recommend doing this at all. Password Never Expires is bad security practice, but there are situations that might require it. I had a similar request on how this could be done. Setting it for multiple users:

Setting it for a single user: