Add-ADGroupMember -Identity 'New Group' -Members (Get-ADGroupMember -Identity 'Old Group' -Recursive)
Category Archives: AD
Söka efter inloggningar i säkerhetsloggen
För att hitta inloggningar från Administrator på lokal dator.
Get-WinEvent -LogName Security -FilterXPath "*[System[EventID=4624 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='TargetUserName']='Administrator']]"
För mer info kör | select *
Get-WinEvent -LogName Security -FilterXPath "*[System[EventID=4624 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='TargetUserName']='Administrator']]" | select *
Hitta E-post och proxy adresser
Funktion
function Get-EmailAddress
{
[CmdletBinding()]
param
(
[Parameter(Mandatory = $True,
ValueFromPipeline = $True,
ValueFromPipelineByPropertyName = $True,
HelpMessage = 'What e-mail address would you like to find?')]
[string[]]$EmailAddress
)
process
{
foreach ($address in $EmailAddress)
{
Get-ADObject -Properties mail, proxyAddresses -Filter "mail -like '*$address*' -or proxyAddresses -like '*$address*'"
}
}
}
http://powershellblogger.com/2015/10/find-any-e-mail-address-or-proxy-address-in-active-directory/
Ta bort felaktig proxy adress
Set-ADUser -Remove @{proxyAddresses="MBX:1"}
Script loginhistorik användare (aktuell säkerhetslogg).
Script för att söka genom säkerhetsloggar efter EventID 4624 och en specifik användare.
Skriver ut resultat till skärm och CSV fil.
Kör lokalt om möjlighet finns (remote tar lååång tid..)
#--------------------------------------------------------
# Script to view loginhistory for a user (Eventid 4624)
# Parameters get-logon -username -computer
#
#-------------------------------------------------------
param (
[string]$Computer = $env:COMPUTERNAME,
[Parameter(Mandatory=$true)][string]$username
)
#Variables
$Scriptpath = Split-Path -Parent $MyInvocation.MyCommand.Path
$Logdate = get-date -format "yyMMdd-hhmmss"
$csvfile = "$scriptpath\Login $username $computer $Logdate.log"
$ErrorActionPreference = "Stop"
# Get Events from Securitylogs with ID 4624 and $username..
# Break if RPC error
Write-Host "Gathering Events, this can take awhile..." -ForegroundColor Green
Try
{
$Events = Get-winevent -computer $Computer -FilterHashtable @{logname='Security';ID="4624"} | where {$_.message -match "Account Name:\s*$username"}
}
catch [System.Diagnostics.Eventing.Reader.EventLogException]
{
write-host "The RPC server on $computer is not available, check firewallsettings" -ForegroundColor Red
break
}
# Parse out the event message data
ForEach ($Event in $Events) {
# Convert the event to XML
$eventXML = [xml]$Event.ToXml()
# Iterate through each one of the XML message properties
For ($i=0; $i -lt $eventXML.Event.EventData.Data.Count; $i++) {
# Append these as object properties
Add-Member -InputObject $Event -MemberType NoteProperty -Force -Name $eventXML.Event.EventData.Data[$i].name -Value $eventXML.Event.EventData.Data[$i].'#text'
}
}
# Write output
$Events | select @{ name = "Computer" ; Expression = {$_.MachineName}}, @{ Name = "Logontime" ; expression = {$_.TimeCreated }},targetdomainname,targetusername,@{ Name= "LogonFromIP" ; Expression = { $_.ipaddress}} | Out-GridView
$Events | select @{ name = "Computer" ; Expression = {$_.MachineName}}, @{ Name = "Logontime" ; expression = {$_.TimeCreated }},targetdomainname,targetusername,@{ Name= "LogonFromIP" ; Expression = { $_.ipaddress}} | Export-Csv -NoTypeInformation -Encoding UTF8 $csvfile
Skriva ut lista på användare och manager
Skapar en lista med användare under ett givet OU där Managers UserprincipalName är utskrivet.
Get-ADUser -filter * -SearchBase "OU=Users,OU=Administration,OU=Organisation1,DC=intra,DC=contoso,DC=com" -searchscop "onelevel" -properties * | Select CanonicalName,GivenName,Surname,Titel,Department,physicalDeliveryOfficeName,@{N='Manager';E={(Get-ADUser $_.Manager).UserPrincipalName}} | Export-Csv -Encoding utf8 -NoClobber -NoTypeInformation filnamne.csv
Verifiera om AD papperskorgen är aktiverat – Aktivera AD papperskorg.
Kontrollera med powershell:
Get-ADOptionalFeature -Filter 'name -like "Recycle Bin Feature"'
Är papperskorgen aktiverad så står det ett värde i EnabledScopes finns det inget värde där så är inte papperskorgen aktiverad.
För att aktivera kör:
Enable-ADOptionalFeature –Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,com=se' –Scope ForestOrConfigurationSet –Target 'domain.com'
Fixa korrupta WDS databaser
ESENTUTL /p databasnamn
https://technet.microsoft.com/en-us/library/hh875546(v=ws.11).aspx
Problem med GPO efter MS16-072
http://rickardnobel.se/ms16-072-breaks-group-policy/
https://blogs.technet.microsoft.com/poshchap/2016/06/16/ms16-072-known-issue-use-powershell-to-check-gpos/
https://blogs.technet.microsoft.com/askds/2016/06/22/deploying-group-policy-security-update-ms16-072-kb3163622/
https://gallery.technet.microsoft.com/Powershell-script-to-cc281476
Lista hemkatalog och inloggningsscript
Skapa en CSV fil med inloggningsnamn, inloggningsscript och home.
Get-ADUser -filter * -searchbase "ou=business Units,DC=domain,DC=net" -Properties scriptpath,homedirectory,homedrive | select Name, Scriptpath, Homedrive, Homedirectory | Export-Csv C:\temp\users.txt -Encoding utf8
AD-connect
Manuell Sync
Start-ADSyncSyncCycle -PolicyType Delta (vanlig)
Start-ADSyncSyncCycle -PolicyType Initial (full)
Kontrollera Sync
Get-ADSyncScheduler
Inaktivera och aktivera Sync
Set-ADSyncScheduler -SyncCycleEnabled $False (inaktivera)
Set-ADSyncScheduler -SyncCycleEnabled $True (aktivera)
Filtrering
angsknarren 