For the next couple of posts I’ll be looking into AD security and auditing. In this article we’ll look at how to use Get-ADUser to list all recently created accounts.
With the increasing number of cyber attacks, security is at the top of most IT departments agenda. There are many checks you can perform to make sure AD is safe and secure, and that only valid or approved modifications have been made to user accounts. I’ll look at AD auditing in a future post, but this will be a handy snippet of PowerShell to help you identify recently created AD accounts, and a bonus bit of code to identify recently modified accounts!
I’ve written about Get-ADUser several times already to find out Active Directory user information, but in this post we’ll be using Get-ADComputer to find out the last logon date for the computers in Active Directory.
As computers are retired or fail and are replaced how often do admins remember to remove the computer accounts from Active Directory?
You can use the command we are going to create below to enumerate the last login date for all the computer accounts in your domain, so that you can safely disable and remove them after they have been inactive for a period of time. Continue reading →
In Part 1 we looked at the Get-ADUser command, and used it to create a list of all users and display their homedrive, homedirectory and scriptpath.
In this post we’ll look at refining the results a little.
We’ll look at sorting the results, only returning results for user accounts that have a login script, and export them to CSV, which is much more useful than exporting the results to a text file. Continue reading →
Having recently taken on a new client with a system that had been neglected somewhat I wanted to find out about the state of their user accounts.
I’d already looked at a couple of users at random and noticed some users had logon scripts while others didn’t, and some users had home drives while others didn’t.
Although the organisation wasn’t large, they had more than enough user accounts that I didn’t want to manually check every one. So i turned to PowerShell’s Get-ADUser command. Continue reading →
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.