# Get ACL Permissions for a specific OU (Get-ACL "AD:$((Get-ADOrganizationalUnit -Identity 'OU=Computers,DC=Test,DC=LOCAL').distinguishedname)").access | Select IdentityReference,AccessControlType,ActiveDirectoryRights.IsInherited #Other examples available from https://www.easy365manager.com/how-to-document-ou-delegation/ https://shellgeek.com/get-ad-ou-permissions-report/
Query Active Directory – Security Script
PowerShell script to query active directory : Identify Accounts with Password expiring is disabled Identify Accounts have not logged on for 30 or 90 days and accounts have never logged…
Import Reg Key To Remote Computer
Challenge : Import reg key settings to a remote compute Requires WinRM to be running Execute as Administrator **This script worked when tested on a Window 2021 server to a…
Azure – Update Management
How to maintain the patch status of your Windows and Linux machines "You can use Update Management in Azure Automation to manage operating system updates for your Windows and Linux…
Ping sweep script test
POWERSHELL import-CSV "" | foreach { $result = Test-Connection -ComputerName $_.Name -Count 1 -Quiet $_.name, $result -join ',' | out-file "c:\scripts\PingSweep\computer_results.txt" -Append } COMMAND /BATCH SCRIPT Create list of computers…
If Not Exists – Batch Script
Create a batch file to check a text file is in the location specified, else run a task. #This batch file checks to see if a text file is…
Files Older Than 3 Months Combined Total File Size
A requirement to identify the total file size of all files not used in the last 3 months. This was the solution #Run as administrator #You need to have permission…
Task : Output A List Of Home Drive Paths Configured In Active Directory
#DSQuery dsquery user -name "*" -limit 0 | dsget user -samid -hmdir -hmdrv -profile >c:\temp\usersV2.txt #PowerShell # More flexibility # Includes the state of the computer account (Enable or…
Get a list of active users which have logged on to the domain in the last 7 days
# Get a list of users which have logged on to the domain in the last 7 days $Date = (Get-Date).AddDays(-7) Get-ADUser -Filter {LastLogonDate -gt $Date} | Select distinguishedName
PowerShell Script to find all AD users who have the “cannot change password” box checked in a specific OU
# script to find all AD users who have the "cannot change password" box checked in a specific OU # Windows Server 2016 # Powershell Get-ADUser -Filter * -Properties CannotChangePassword…