Adding a security group to the Local Administrator Group in AD

Having a local administrator of your workstations can come in handy. Sometimes you might need to logon locally to troubleshoot or rejoin a computer to your domain. You can create a group policy that creates a local admin users and sets the local password. Admins make a common mistake when they want to add a … Read more

Lists all users last logon time

As administrators we often want to check which users have not logged in for quite a while, or what accounts recently accessed a system, etc. The following script list all users and their last logon time. With the lastloggeduser.csv we can get fancy with excel to find differences based on age and more.


Get PasswordAge for users in a particular domain

In Office365 if you have more than one domain in a subscription, there are times where you may want to get the password age for users of that domain. In my case to check which users are covered and meeting policy and get the users addressed.

The output will be similar to:

Remove disabled users from Distribution Lists & Security Groups in Active Directory

One of my clients had several disabled users showing up in distribution lists and security groups and this was creating unnecessary noise in email, alerts, etc. I highly encourage all administrators to keep their AD neat and tidy. The following PowerShell script searches for disabled users in Groups and Distribution Groups and removes them:

Read more

Active Directory: Changing passwords for users in bulk using a .csv file

Many accounts in your AD might need a password change. What if you want to do this in bulk ? First, we need to the userlist. Depending on your requirements we need to get a list of users (specifically samaccountname). For random password generation I recommend using as it can generate up 1000 for … Read more