SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Recently Changed Pages:

View All Pages


View All Tags


LinkedIn




WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Pages with comments

View All Comments

powershellad

PowerShell AD Management

Import ActiveDirectory Module

To import the AD module for powershell issue this command:

import-module activedirectory

Get User Data

To see the full info for an AD account issue this command:

Get-ADUser <accountname> -properties *

Quest AD Management CMDLETs

Quest (part of Dell by the way) also provides some seriously well created commandlets, which can be downloaded here. Just download the “Quest One ActiveRoles Management Shell for Active Directory 32-bit - Zip” file (version 1.6.0) and install (as an administrator).

After installation you can start the shell and use the commandlets.

Connect to Different Domain

By default the domain you authenticate or are installed on will be used. If you want another domain use the service parameter:

get-qadgroup groupname -service dc.domain.local:389

Examples

These are some examples I used in an AD migration project:

Script example:

# Author: Sjoerd Hooft
# Purpose script: This script collects all groups in the new domain that have a groupmember in the old domain
 
$timestamp = Get-Date -format "yyyyMMdd-HH.mm"
$csvfile = "F:\qadgroups-$timestamp.csv"
$myCol = @()
 
ForEach ($adgroup in (Get-QADgroup -SizeLimit 0)){
 
$name = $adgroup.Name
Write-Host "Now processing $name"
 
ForEach ($member in (Get-QADGroupMember $adgroup -SizeLimit 0 | where {$_.Type -eq "group"} | where {$_.DN -match "olddomain"})){
 
$groupinfo = "" | Select ParentName,ParentDN,MemberName,MemberDN
 
$groupinfo.ParentName = $adgroup.Name
$groupinfo.ParentDN = $adgroup.DN
$groupinfo.MemberName = $member.Name
$groupinfo.MemberDN =$member.DN
 
$myCol += $groupinfo
}}
 
$mycol | export-csv -notypeinformation $csvfile

These onliners collect all groups based on grouptype:

get-qadgroup -SizeLimit 0 -Service 'dc.olddomain:389' | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=olddomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=olddomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=olddomain"}| where {$_.groupscope -eq "DomainLocal"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-olddomain-domainlocal.csv"
 
get-qadgroup -SizeLimit 0 -Service 'dc.olddomain:389' | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=olddomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=olddomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=olddomain"}| where {$_.groupscope -eq "global"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-olddomain-global.csv"
 
get-qadgroup -SizeLimit 0 -Service 'dc.olddomain:389' | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=olddomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=olddomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=olddomain"}| where {$_.groupscope -eq "universal"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-olddomain-universal.csv"
 
get-qadgroup -SizeLimit 0 | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=newdomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=newdomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=newdomain"}| where {$_.groupscope -eq "universal"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-newdomain-universal.csv"
You could leave a comment if you were logged in.
powershellad.txt · Last modified: 2021/09/24 00:25 (external edit)