Category: Active Directory

Hi fellow scripters, I’m pretty sure this handy script will help system admins to make a day-to-day AD operation super easy. You can quickly jump into the screenshots to get an overview idea. Note that Powershell module for AD is required for this script.

Things to note:

By running this script, all users/groups in the text file or all child users/groups under the defined OU will be affected. So, make sure you are completely aware of the explanation of parameters you want to do with the script. The suggestion is to test on your non-production systems first.

Continue reading “Powershell Script for Day-to-Day Active Directory Operations”

Sometimes, you will need to give some domain users (may be the desktop support) Network Configuration Operators role or even Local Administrator permissions on specific client machines so that they can fix something with the elevated permissions.  You can do this by simply adding these users into the necessary local security groups on these machines.
Nope! it’s a boring day-to-day task and what if you forget to remove these permissions later ? Continue reading “Lockup Domain User in Specific Computer and Escalate Permissions”

It is the updated version [v2.1] of the script that will create users in nested OU. If you do not know how to use this script, you can see here.
I made some update changes so users ‘Names’ do not need to be unique in domain level but only in each OU. Continue reading “Updated v2.1: Create Users in New AD Domain with Old Users’ Domain Info”

It has been nearly 2 years that I wrote the script to create new AD users with the automatic nested OU creation. The original idea is to create the users from the csv file in which AD users properties are defined. The script now supports extracting the current users and OU information from old domain and use in the new domain. The script will prompt for the new domain name & passwords (optional) to put in the csv file. Continue reading “Create Users in New AD Domain with Old Users’ Domain Info”

Active Directory Recycle Bin is available from Server 2008R2 but it is disabled by default and it is one of the most useful feature for system admins in that he can restore any directory objects (user/computer or system accounts) that he mistakenly deleted.
You need Active Directory Administrative Center Console and forest functional level 2008R2 as a minimum to use this.
For the restore process, you can use GUI or powershell. For permanent deletion, powershell is the way to go. Also, there is tombstone lifetime and deleted object lifetime depending on how long you want to keep the deleted objects. Continue reading “Active Directory Recycle Bin: Restore Deleted Objects or Wipe Off your Bin ?”

Writing a long, quality script can be both a tiresome and interesting task in terms of its look and feel. It’s been quite a while since I last wrote a substantial script, as I’ve mostly been occupied with small utility scripts in my work. Today, I completed a very useful script that joins local users to domain users with automatic profile migration for the current user. This ensures the retention of current local user settings, such as wallpaper, Internet Explorer settings, Power Option Settings, and desktop items, in their new domain environment. Optionally, you can choose not to migrate. Continue reading “Script to Join Active Directory Domain with Local user Profile migration”

One of the daily system admin task is to check the user login history throughout the domain. It becomes quite a tough task if you have to go through thousands of event logs to find the correct security events of users logon from every domain controllers. Though we filter only the Kerberos Authentication Events for TGT (Ticket-Granting-Ticket) Requests, there are so many information in each event regarding to specific users.
So, I am taking some time to put all these Kerberos events together from every domain controller to look for some useful information and then write this handy script to save my difficult days ! Continue reading “Powershell: Find AD Users’ Logon History with their Logged on Computers”