Tag Archives: Windows PowerShell

PowerShell: How to add all users in an OU to a Security Group using Get-ADUser and Add-ADGroupMember

PowerShellI’m currently setting up a new system for a client and wanted to add all users in a specific Organisational Unit (OU) to a specific Security Group.

I’ve written about Get-ADUser a few times before, so by combining that with another PowerShell cmdlet Add-ADGroupMember to add users to a group we should be in business!

In this example we’ll add users in the OU Head Office to the SSLVPN Users Security Group.

Continue reading

PowerShell: Get-ADComputer to retrieve computer last logon date (and disable them) – part 2

PowerShell

In this article we’ll look at using Get-ADComputer and Set-ADComputer to list computer accounts which haven’t logged in for xx days, and then automatically disable them.

In part 1 we looked at how to use Get-ADComputer to list computers by name and sort them by their last logon date with the premise that we can use the information to remove historic computer accounts from the domain.

Now we know the computer accounts we want to work with we will look at modifying the PowerShell command to automatically disable them.

Continue reading

PowerShell: Get-ADComputer to retrieve computer last logon date – part 1

PowerShellI’ve written about Get-ADUser several times already to find out Active Directory user information, but in this post we’ll be using Get-ADComputer to find out the last logon date for the computers in Active Directory.

As computers are retired or fail and are replaced how often do admins remember to remove the computer accounts from Active Directory?

You can use the command we are going to create below to enumerate the last login date for all the computer accounts in your domain, so that you can safely disable and remove them after they have been inactive for a period of time. Continue reading

PowerShell: Get-ADUser to retrieve password last set and expiry information

PowerShell

I’ve written about Get-ADUser before here and here where we used it to create a list of all users and display their homedrive, homedirectory and scriptpath properties.

In this post we’ll look retrieving password information to find out when a user last changed their password and if it is set to never expire. Continue reading

PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 2

PowerShellIn Part 1 we looked at the Get-ADUser command, and used it to create a list of all users and display their homedrive, homedirectory and scriptpath.

In this post we’ll look at refining the results a little.

We’ll look at sorting the results, only returning results for user accounts that have a login script, and export them to CSV, which is much more useful than exporting the results to a text file.
Continue reading

PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1

PowerShellHaving recently taken on a new client with a system that had been neglected somewhat I wanted to find out about the state of their user accounts.

I’d already looked at a couple of users at random and noticed some users had logon scripts while others didn’t, and some users had home drives while others didn’t.

Although the organisation wasn’t large, they had more than enough user accounts that I didn’t want to manually check every one. So i turned to PowerShell’s Get-ADUser command.
Continue reading