Ran into a situation at a client location where in Active Directory, the security permissions applied to an OU were not getting inherited permissions on to the objects. Basically, security inheritance was broken.This causes a problem when the administrative accounts or groups needing to modify an attribute on the AD object throw errors, or are […]
Many a times there comes a request that a user complains that an account is getting locked out for no apparent reason and it’s hard to pinpoint where it is getting locked out from. I was trying to find out why a user account is getting locked out and where but needed to go through […]
Getting a know a new environment for a new client and I a quickly needed information about all domain controllers in the entire forest. Wrote a small little script to provide me all the information I needed:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
Import-Module ActiveDirectory function Get-AllDCsInForest{ [CmdletBinding()] param( [string]$ReferenceDomain = $env:USERDOMAIN ) $ForestObj = Get-ADForest -Server $ReferenceDomain foreach($Domain in $ForestObj.Domains) { Get-ADDomainController -Filter * -Server $Domain | select Domain,HostName,Site, IPv4Address, OperatingSystem, OperatingSystemVersion } } Get-AllDCsInForest| Export-Csv -Path C:\Scripts\AllDcs.txt -NoTypeInformation |
Single Domain Controller: To find out the current schema version by inspecting the objectVersion property of CN=Schema,CN=Configuration, For example, to find out the current schema version, use a tool like ADSIEDIT or dsquery, e.g.: CMD:
|
1 |
dsquery * CN=Schema,CN=Configuration, -scope base –attr objectVersion |
PowerShell:
|
1 |
Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion |
Multiple Domain Controllers: During a schema update or just as a pre-check it is important to find […]
Recently, I wanted to know what the tombstone lifetime was in my environment and decided to find this using PowerShell. There are a number of ways I could do this but dong it through PowerShell would be much easier. For those of you that are new to the attribute, a good explanation of it is: […]
Working on a project where on some servers the DHCP assigned addresses needs to be converted to static. Since there is always more than one…I needed to script it. Here is a quick way to do it via PowerShell.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
#SwitchIPtoStatic.ps1 #Get All the adapters that are on the Server $adapters = gwmi -cl win32_networkadapterconfiguration | ? {($_.ipaddress) -and $_.dhcpEnabled -eq 'True' } foreach ($adapter in $adapters) { # Get original settings $ipAddress = $adapter.IPAddress $subnetMask = $adapter.IPSubnet $dnsServers = $adapter.DNSServerSearchOrder $defaultGateway = $adapter.DefaultIPGateway # Set to static and set dns and gateway: $adapter.EnableStatic($ipAddress,$subnetMask) $adapter.SetDNSServerSearchOrder($dnsServers) $adapter.SetGateways($defaultGateway) } |
Hope this helps!
If you want to replicate all Domain Controllers, then you have to start replication on each of them separately. This may take a while. To save time there is an easier way to force replication on all Domain Controllers of all Active Directory Sites. Log on to one of your Domain Controllers. Start Windows PowerShell […]
Prepare for 2019 Oracle has announced that, effective January 2019, Java SE 8 public updates will no longer be available for “Business, Commercial or Production use” without a commercial license. End of Public Updates for Oracle JDK 8 Is Oracle Java still free? The current version of Java – Java SE 9 as well as Java […]
Working on a security project and I needed a reference guide as to what cipher suites are supported on what OS. So I have documented a list of the default cipher suites and their preferred order for every Windows Server version. These were gathered from fully patched operating systems.
If you want to find out how many domain/ enterprise admins are active/inactive in domain you can use the following PowerShell command to figure out: Get the list of domain admins and check if they are enabled.
|
1 |
Get-ADGroupMember -Identity "Domain Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Select Name, Enabled |
Get the list of enterprise admins and check if they are enabled.
|
1 |
Get-ADGroupMember -Identity "Enterprise Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Select Name, Enabled |
