Get AD Users by Last Password Change Date
Get-ADUser -Filter * -SearchBase "CN=Users,DC=contoso,DC=com" -ResultPageSize 0 -Property CN, pwdLastSet | Select-Object -Property CN, SamAccountName, @{ n = "PwdLastSetDate"; e = { [datetime]::FromFileTime( $_.pwdLastSet ) } } | Sort-Object -Property PwdLastSetDate
Check sAMAccountName Requirements
Function Check-sAMAccountName { [CmdletBinding()] [OutputType([string])] param( [parameter(Mandatory=$true)] [string]$ScriptParameters ) # exclude the characters " * + , / : ; < = > ? @ [ \ ] | $excludedChars = 34,42,43,44,47,58,59,60,61,62,63,64,91,92,93,124 $StringBuilder = New-Object System.Text.StringBuilder # split name into Char Array and check each character $sAMAccountName.ToCharArray() | ForEach-Object{ try{ # convert char to ascii decimal $ascii = [byte][char]$_ #...
Get AD Users by Last Logon Date
Get-ADUser -Filter * -SearchBase "CN=Users,DC=contoso,DC=com" -ResultPageSize 0 -Property CN, LastLogonTimestamp | Select-Object -Property CN, SamAccountName, @{ n = "LastLogonDate"; e = { [datetime]::FromFileTime( $_.lastLogonTimestamp ) } } | Sort-Object -Property LastLogonDate
Get the AD Groups for a User with 1 Level of Inheritance
# Get the direct group memberships $UserGroups = Get-ADPrincipalGroupMembership $UserName | Select distinguishedName, GroupCategory, GroupScope, name, objectClass, objectGUID, SamAccountName, SID, @{l='Membership';e={'Direct'}}, @{l='Parent';e={$null}} # Get the group membership 1 level down foreach($group in $UserGroups){ $UserGroups += Get-ADPrincipalGroupMembership -Identity $group.distinguishedName | Select distinguishedName, GroupCategory, GroupScope, name, objectClass, objectGUID, SamAccountName, SID, @{l='Membership';e={'Inherit'}}, @{l='Parent';e={$group.distinguishedName}} } # Display results $UserGroups | FT name, GroupCategory, GroupScope,...
Get FSMO Roles
# Get the Domain Level Roles Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator # Get the Forest Level Roles Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
Search for AD User by Partial Name
Get-ADUser -Filter {Name -like '*joe*'}
Search for AD User without AD module
# search based on SamAccountNamer $strFilter = "(SAMAccountName=$username)" $objDomain = New-Object System.DirectoryServices.DirectoryEntry $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.PageSize = 1000 $objSearcher.Filter = $strFilter $objSearcher.SearchScope = "Subtree" # Add additional properties to return here $colProplist = "name","SAMAccountName" foreach ($i in $colPropList){ $foo = $objSearcher.PropertiesToLoad.Add($i) } $colResults = $objSearcher.FindAll() # formation output results [System.Collections.Generic.List[PSObject]] $results = @() foreach ($objResult in...
Test AD User Credentials
Add-Type -AssemblyName System.DirectoryServices.AccountManagement $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain') $DS.ValidateCredentials($UserName, $Password)
My name is Matthew Dowst and I am a father, author, blogger, Microsoft MVP in PowerShell and Azure Hybrid & Migration. And I am an enthusiast of all things PowerShell and DevOps.
Practical Automation with PowerShell
Now available on Amazon and all major book retailers
My name is Matthew Dowst and I am a father, author, blogger, Microsoft MVP in PowerShell and Azure Hybrid & Migration. And I am an enthusiast of all things PowerShell and DevOps.
Practical Automation with PowerShell
Now available on Amazon and all major book retailers
