Flytta medlemmar mellan grupper

Add-ADGroupMember -Identity 'New Group' -Members (Get-ADGroupMember -Identity 'Old Group' -Recursive)

Söka efter inloggningar i säkerhetsloggen

För att hitta inloggningar från Administrator på lokal dator.

Get-WinEvent -LogName Security -FilterXPath "*[System[EventID=4624 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='TargetUserName']='Administrator']]"

För mer info kör | select *

Get-WinEvent -LogName Security -FilterXPath "*[System[EventID=4624 and TimeCreated[timediff(@SystemTime) <= 86400000]] and EventData[Data[@Name='TargetUserName']='Administrator']]" | select *

Hitta E-post och proxy adresser

Funktion
function Get-EmailAddress
{
[CmdletBinding()]
param
(
[Parameter(Mandatory = $True,
ValueFromPipeline = $True,
ValueFromPipelineByPropertyName = $True,
HelpMessage = 'What e-mail address would you like to find?')]
[string[]]$EmailAddress
)

process
{
foreach ($address in $EmailAddress)
{
Get-ADObject -Properties mail, proxyAddresses -Filter "mail -like '*$address*' -or proxyAddresses -like '*$address*'"
}
}
}

http://powershellblogger.com/2015/10/find-any-e-mail-address-or-proxy-address-in-active-directory/

Ta bort felaktig proxy adress
Set-ADUser -Remove @{proxyAddresses="MBX:1"}

Script loginhistorik användare (aktuell säkerhetslogg).

Script för att söka genom säkerhetsloggar efter EventID 4624 och en specifik användare.
Skriver ut resultat till skärm och CSV fil.
Kör lokalt om möjlighet finns (remote tar lååång tid..)
#--------------------------------------------------------
# Script to view loginhistory for a user (Eventid 4624)
# Parameters get-logon -username -computer
#
#-------------------------------------------------------

param (
[string]$Computer = $env:COMPUTERNAME,
[Parameter(Mandatory=$true)][string]$username
)
#Variables
$Scriptpath = Split-Path -Parent $MyInvocation.MyCommand.Path
$Logdate = get-date -format "yyMMdd-hhmmss"
$csvfile = "$scriptpath\Login $username $computer $Logdate.log"
$ErrorActionPreference = "Stop"

# Get Events from Securitylogs with ID 4624 and $username..
# Break if RPC error

Write-Host "Gathering Events, this can take awhile..." -ForegroundColor Green
Try
{
$Events = Get-winevent -computer $Computer -FilterHashtable @{logname='Security';ID="4624"} | where {$_.message -match "Account Name:\s*$username"}
}
catch [System.Diagnostics.Eventing.Reader.EventLogException]
{
write-host "The RPC server on $computer is not available, check firewallsettings" -ForegroundColor Red
break
}

# Parse out the event message data
ForEach ($Event in $Events) {
# Convert the event to XML
$eventXML = [xml]$Event.ToXml()
# Iterate through each one of the XML message properties
For ($i=0; $i -lt $eventXML.Event.EventData.Data.Count; $i++) {
# Append these as object properties
Add-Member -InputObject $Event -MemberType NoteProperty -Force -Name $eventXML.Event.EventData.Data[$i].name -Value $eventXML.Event.EventData.Data[$i].'#text'
}
}

# Write output
$Events | select @{ name = "Computer" ; Expression = {$_.MachineName}}, @{ Name = "Logontime" ; expression = {$_.TimeCreated }},targetdomainname,targetusername,@{ Name= "LogonFromIP" ; Expression = { $_.ipaddress}} | Out-GridView
$Events | select @{ name = "Computer" ; Expression = {$_.MachineName}}, @{ Name = "Logontime" ; expression = {$_.TimeCreated }},targetdomainname,targetusername,@{ Name= "LogonFromIP" ; Expression = { $_.ipaddress}} | Export-Csv -NoTypeInformation -Encoding UTF8 $csvfile

Skriva ut lista på användare och manager

Skapar en lista med användare under ett givet OU där Managers UserprincipalName är utskrivet.

Get-ADUser -filter * -SearchBase "OU=Users,OU=Administration,OU=Organisation1,DC=intra,DC=contoso,DC=com" -searchscop "onelevel" -properties * | Select CanonicalName,GivenName,Surname,Titel,Department,physicalDeliveryOfficeName,@{N='Manager';E={(Get-ADUser $_.Manager).UserPrincipalName}} | Export-Csv -Encoding utf8 -NoClobber -NoTypeInformation filnamne.csv

Verifiera om AD papperskorgen är aktiverat – Aktivera AD papperskorg.

Kontrollera med powershell:
Get-ADOptionalFeature -Filter 'name -like "Recycle Bin Feature"'
Är papperskorgen aktiverad så står det ett värde i EnabledScopes finns det inget värde där så är inte papperskorgen aktiverad.

För att aktivera kör:
Enable-ADOptionalFeature –Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,com=se' –Scope ForestOrConfigurationSet –Target 'domain.com'