Active Directory – Page 4

Update computer group membership without a reboot

Very useful tip found on the internet : how to update a computer group membership without a reboot ? Problem If, like me, you use Group Policies and apply them on computer account using security groups, you notice these GPOs

Find and remove lingering object in a forest

This script generate all the repadmin commands to find lingering object on all domain controllers in an Active Directory forest. You will find below two versions of the script : one using the Microsoft Powershell cmdlet get-adobject (import-module activedirectory), another

Playing with ACL on the Active Directory objects

Understanding the ACL and how to play with it can be useful to delegate permissions or restrict access on a specific AD object, for example. The following script will show you how to set different kind of permissions on an

Update ACL on a Microsoft DNS Active Directory record

I want to share with you today a simple Powershell script to show you how to play with ACL on an Active Directory object. In this example, I will update the ACL of a DNS record on an Active Directory

Get Distribution list members recursively including contact objects

I have written this script to get recursively the members of the distribution lists in a specific OU. It is simple if your Active Directory distribution lists contain user account. You will have problem if your DL includes contact objects

Group policy Admin Templates browser

A kind colleague (thank you Carlos) has shared with me a very nice website. It is a Group policy Admin Templates browser. The interface is clean, clear and very useful if you want to know what is the registry key

Remove group membership from multiple domain

The Powershell cmdlet Remove-ADGroupMember have a problem to remove group membership in this case : user account from Domain1.domain.local group from Domain2.domain.local If you run the command : Remove-ADGroupMember -Identity “CN=GroupName,OU=Groups,DC=Domain2,DC=domain,DC=local” -Members “CN=UserName,OU=Users,DC=Domain1,DC=domain,DC=local” -confirm:$false -server “dc01.Domain1.domain.local” You will have the

Remove all group memberships from a user

This script can remove all group memberships from an Active Directory user, except the “Domain Users” group import-module activedirectory $DistinguishedName = “cn=youruseraccount,ou=users,dc=domain,dc=local” (Get-ADUser $DistinguishedName -Properties MemberOf | Select-Object MemberOf).MemberOf | % { Remove-ADGroupMember -Identity $_ -Members $DistinguishedName -confirm:$false } My

Set a random password to an Active Directory user

This script use the function GET-Temppassword to set a random password to a user account. You can customize this function with your own criteria import-module activedirectory Function GET-Temppassword() { $chars_min = [Char[]]”abcdefghijklmnopqrstuvwxyz” $chars_maj = [Char[]]”ABCDEFGHIJKLMNOPQRSTUVWXYZ” $chars_num = [Char[]]”0123456789″ $x_min =

Change contact email address from CSV

Active Directory Quest Cmdlets are required : available here This script require a csv file (change.csv) that use the following template: contact-distinguishedname ; mailaddress The script read the csv file and change the email addresses of the contacts Script :