Yet another short one with little context or reason.
A colleague of mine needed a list of all Service Principal Names assigned to all servers on the estate. Searches online brought us to a few potential solutions, most of which included the use of some difficult to use and understand .NET classes which appeared to be limited to only 1000 results.
So that got me thinking, these are just Active Directory attributes so why not use PowerShells very own Get-ADComputer?
The script below will list every single server in Active Directory and all assigned SPN’s, it will then export the list to a CSV.
Continue reading “PowerShell – How-To Retrieve SPN’s for all Servers”
Another short article with little context today.
The PowerShell script below will produce a report showing the Last Logon time of all enabled Active Directory users, it will also connect to Exchange On-Premise and request the last logon date of the mailbox. This can be useful to identify user accounts which are no longer in active use, even in organisations where mailboxes may have been retained once a user left.
There’s also a nifty status update built in that will tell you exactly how far the script has progressed and show an estimated time to completion.
Continue reading “PowerShell – Locate Inactive Users in Active Directory / Exchange On-Prem”
Short one today, the script below will import a CSV from C:\temp\users.csv that contains a ‘User Name’ field and will locate all Active Directory users that match that. Where multiple matches are found it will populate the exported CSV with all matches.
Continue reading “PowerShell – Find Active Directory Users by First and Last Name”
Occasionally you may have to implement something which will improve the security of your organisation but that does introduce a risk. Often the correct way to determine if it will cause issues is to enable logging and then to review those logs.
But what if you don’t have centralised logging?
This article does not replace a fully functional centralised event logging system which I would strongly suggest anybody have, however, it will allow you to retrieve specific logs from all servers in your estate. If your estate is too large then the script can be modified to instead of storing all of the data in the $allEvents variable you could simply append it to an Excel file inside of the for each loop.
Continue reading “PowerShell – How to Retrieve Specific Events From All Servers”
Exchange has a brilliant feature called ‘Email approval’ that can be configured using mail flow rules. This allows emails to configured recipients to be redirected to a user or a mailbox where it must be approved before reaching it’s final destination.
By default, any emails awaiting approval for between 2-7 days will expire and will be automatically rejected and this is entirely dependent on when the system task runs to clear the mailboxes.
Continue reading “Exchange – Extend Email Approval Expiration”
The script below was taken from https://www.lepide.com/how-to/get-an-ntfs-permissions-report-using-powershell.html The script takes a directory path to search from, it will then get a list of all subdirectories, loop through each of them then generate a nice grid view report of all permissions in subdirectories and whether they are inherited. This should generate a report similar to the image below – Continue reading PowerShell – How to Report on NTFS File Inheritance & Permissions
I recently needed to generate a report of all Domain Users which brought up a few interesting issues, the first is that members aren’t actually listed as members of the group which removes the ability to use a lot of the standard PowerShell commands to produce a report on it, plus the group had well over 5000 users which again limits the commands available to … Continue reading PowerShell – Getting all Users in Domain Users Group – 5000+ Users
So as with many companies we’re shifting to a Cloud environment from aging physical systems, as part of this I came across a requirement to migrate our entire On-Premise DNS System which is hosted on a Windows Server into Azure.
I wasn’t about to start migrating a few hundred individual DNS Zones in this case as that doesn’t sound like a whole lot of fun when it’s a seemingly repetitive task that I could instead script up so that’s what I did.
The instructions and code below are meant to get you in the right direction, the script is not necessarily production ready and could be improved greatly, if you take the time to do so please comment with any alterations you make and I’ll include them in this article.
Continue reading “How to Easily Migrate your Entire On-Prem DNS to Azure”
Another small one today, the script below will generate a nice csv export of every single group and it’s active user membership from Active Directory. The next step would likely be to turn it into a nice Pivot Table for reviewing.
It should be fairly straightforward to change it to show all users or all users & computers etc as required.
Continue reading “Active Directory – How to Generate a Group Membership Report”
From time to time you’ve likely been asked to perform some sort of export of users from AAD, a task that’s not made particularly simple via the portal which lacks any sort of export option.
Luckily, with PowerShell this is made quite simple.
Continue reading “PowerShell – Exporting a List of Azure AD Users”