Category Archives: Active Directory administration with PowerShell

Setting Security permissions on an AD group

We saw how to create an AD security group here http://msmvps.com/blogs/richardsiddaway/archive/2011/06/28/creating-ad-security-groups.aspx   This is how we can give a user full control of that group function set-groupsecurity { [CmdletBinding()] param ( [string]$name ) $dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() $root = $dom.GetDirectoryEntry() $search … Continue reading

Posted in Active Directory, Active Directory administration with PowerShell, PowerShell and Active Directory | 1 Comment

Creating AD security groups

Continuing my AD excursion for a while. I saw a forum post about creating AD groups and came up with this function function new-securitygroup { [CmdletBinding()] param ( [string]$name, [string]$ou, [parameter(ParameterSetName=”U”)] [switch]$universal, [parameter(ParameterSetName=”G”)] [switch]$global, [parameter(ParameterSetName=”DL”)] [switch]$domainlocal ) $rootdse = [ADSI]”” … Continue reading

Posted in Active Directory, Active Directory administration with PowerShell, PowerShell and Active Directory | Leave a comment

Force user to change password

I’ve always liked scripting against Active Directory as it has one of the potentially richest environments fro automation.  Normally I use the Quest or Microsoft cmdlets but every now and then its fun to back to using ADSI. I came … Continue reading

Posted in Active Directory administration with PowerShell, PowerShell and Active Directory | Leave a comment

Time Skew

I was reading a study guide for my next exam and something in that triggered some thoughts about Time skew between computers in an Active Directory domain.  AD uses Kerberos for authentication and Kerberos requires that the times on the … Continue reading

Posted in Active Directory administration with PowerShell | Leave a comment

Searching AD by Script vs cmdlet

In a previous post  http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!601.entry I showed searching for a particular user and having a filter on for membership of a particular group   $user = Get-QADGroupMember -Identity ‘SomeGroupName’ | where {$_.Name -like "*UserName"}    If you wanted to do that … Continue reading

Posted in Active Directory administration with PowerShell | 3 Comments

AD Test Users

When working with Active Directory there is sometimes a need to generate a number of test users.  A question on the Win IT Pro forum was asking for a script to generate 1500 test users.  All I had was an old … Continue reading

Posted in Active Directory administration with PowerShell | Leave a comment

GPExpert Scripting Toolkit for PowerShell

SDM Software have announced that their GPExpert Scripting Toolkit for PowerShell is now available.  This toolkit allows you to automate the setting of values in GPOs!!   if you work with GPOs and PowerShell well worth a look http://www.sdmsoftware.com/products2.php

Posted in Active Directory administration with PowerShell | Leave a comment