{"id":2765,"date":"2019-05-01T20:13:21","date_gmt":"2019-05-01T20:13:21","guid":{"rendered":"http:\/\/microsoftgeek.com\/?p=2765"},"modified":"2019-05-01T20:17:13","modified_gmt":"2019-05-01T20:17:13","slug":"must-have-powershell-tool-for-sysadmins","status":"publish","type":"post","link":"https:\/\/microsoftgeek.com\/?p=2765","title":{"rendered":"Must have PowerShell Tool for SysAdmins"},"content":{"rendered":"\n<p>Hey Guys, as a Windows SysAdmin some of your primary tools is Active Directory and PowerShell.  I want to share this tool I found online from Patrick Gruenauer &#8211; Author of  <a href=\"https:\/\/sid-500.com\/\">https:\/\/sid-500.com\/<\/a> <\/p>\n\n\n\n<p>You can download the tool from here:<\/p>\n\n\n\n<p><a href=\"https:\/\/sid-500.com\/2018\/05\/22\/active-directory-domain-services-section-version-1-1\/\">https:\/\/sid-500.com\/2018\/05\/22\/active-directory-domain-services-section-version-1-1\/<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Active Directory Domain Services Section<\/h2>\n\n\n\n<p>What can we do with it? This is the question for this part. I wanna give you a foretaste. Here\u2019s the menu of version 1.1.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/1.png?w=829\" alt=\"1\" class=\"wp-image-34057\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">The Subsections<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1 \u2013 Forest | Domain | Sites Configuration<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/11.png?w=829\" alt=\"1.png\" class=\"wp-image-34058\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">2 \u2013 List Domain Controller<\/h3>\n\n\n\n<p>Note that in this section you are also able to test the connectivity to your Domain Controller.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/2.png?w=829\" alt=\"2.PNG\" class=\"wp-image-34059\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">3 \u2013 Replicate all Domain Controller<\/h3>\n\n\n\n<p>Tired of pressing replicate on all DC\u2019s? You\u2019ve come to the right place.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/3.png?w=829\" alt=\"3.PNG\" class=\"wp-image-34060\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">4 \u2013 Show Default Password Policy<\/h3>\n\n\n\n<p>It\u2019s good to have an eye on your password settings\u2026<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/4.png?w=829\" alt=\"4.PNG\" class=\"wp-image-34061\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">5 \u2013 List Domain Admins<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/5.png?w=829\" alt=\"5.PNG\" class=\"wp-image-34062\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">6 \u2013 List of Active GPOs<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/6.png?w=829\" alt=\"6.PNG\" class=\"wp-image-34063\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">7 \u2013 List all Windows Clients (Client Operating System only)<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/7.png?w=829\" alt=\"7.PNG\" class=\"wp-image-34064\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">8 \u2013 List all Windows Server<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/8.png?w=829\" alt=\"8.PNG\" class=\"wp-image-34065\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">9 \u2013 List all Computers<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/9.png?w=829\" alt=\"9.PNG\" class=\"wp-image-34066\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">10 \u2013 Run SystemInfo on Remote Computer<\/h3>\n\n\n\n<p>You are able to select a scope \u2026<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/10.png?w=829\" alt=\"10.PNG\" class=\"wp-image-34067\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">11 \u2013 Move Computer to OU<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/111.png?w=829\" alt=\"11.PNG\" class=\"wp-image-34068\"\/><\/figure>\n\n\n\n<p>Don\u2019t worry&nbsp;I will intercept wrong entries and save the user\u2026<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/11a.png?w=829\" alt=\"11a.PNG\" class=\"wp-image-34069\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">12 \u2013 List all Groups<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/12.png?w=829\" alt=\"12.PNG\" class=\"wp-image-34070\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">13 \u2013 List Group Memberships<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/13.png?w=829\" alt=\"13.PNG\" class=\"wp-image-34071\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">14 \u2013 List all enabled Users<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/14.png?w=829\" alt=\"14.PNG\" class=\"wp-image-34073\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">15 \u2013 List User Properties<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/15.png?w=829\" alt=\"15.PNG\" class=\"wp-image-34074\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">16 \u2013 User\u2019s last Domain Logon<\/h3>\n\n\n\n<p>The forums are full of questions like \u201cis the LastLogon attribute important, or LastLogonTimestamp or LastLogonDate\u2026, when is it replicated \u2026 why is it so difficult to find the right logon date \u2026\u201d. I don\u2019t care and contact every DC and ask for the LastLogon and take the latest\u2026, surprise, surprise it always shows me the correct latest logon \u2026<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/16.png?w=829\" alt=\"16.PNG\" class=\"wp-image-34075\"\/><\/figure>\n\n\n\n<p>Don\u2019t worry. I will take care if the user has never logged on.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/14a.png?w=829\" alt=\"14a.PNG\" class=\"wp-image-34076\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">17 \u2013 Show currently logged on User<\/h3>\n\n\n\n<p>This is a live query. The target host will be contacted with the quser command.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/17.png?w=829\" alt=\"17.PNG\" class=\"wp-image-34077\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">18 \u2013 Send Messages to users desktop<\/h3>\n\n\n\n<p>Cool, ha? One of my favorites \u2026 Make your choice to send it to all Windows Server \u2026<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/18.png?w=829\" alt=\"18.PNG\" class=\"wp-image-34078\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">19 \u2013 Find orphaned User or Computer Accounts<\/h3>\n\n\n\n<p>Who forgot to remove the computer or user account? You have to provide the computer or user account and a timespan.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/19.png?w=829\" alt=\"19.PNG\" class=\"wp-image-34079\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">20 \u2013 Configure Time-based-Group-Membership<\/h3>\n\n\n\n<p>This only works in a Windows Server 2016 Forest Mode. Don\u2019t worry, the tool will first check the Forest Mode and if the feature is enabled. Provide User, Group and Timespan in days.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/20.png?w=829\" alt=\"20.PNG\" class=\"wp-image-34080\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">21 \u2013 Onboarding | Create New AD User (from existing)<\/h3>\n\n\n\n<p>Do you dream of creating a user based on an existing in a few seconds \u2026 to have more time for other tasks? Here we go.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/21.png?w=829\" alt=\"21.PNG\" class=\"wp-image-34081\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">22 \u2013 Offboarding | Disable AD User<\/h3>\n\n\n\n<p>When an employee leaves the company, he should be deactivated.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/22.png?w=829\" alt=\"22.PNG\" class=\"wp-image-34082\"\/><\/figure>\n\n\n\n<p>Ok, that\u2019s it for now.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">PowerShell Web Access<\/h2>\n\n\n\n<p>You are also able to run this in PowerShell Web Access:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/pswa.png?w=829\" alt=\"pswa.PNG\" class=\"wp-image-34083\"\/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Script<\/h2>\n\n\n\n<p>I have decided not to present the entire code here. Too many lines of code. You can download the script here, it\u2019s a psm1 file, a PowerShell script module file:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/patrick6649.files.wordpress.com\/2018\/05\/ad_1-11.zip\">Download: Active Directory Domain Services Section (v.1.1)<\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisites and Notes:<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Tested in an Active Directory environment with\u00a0<strong>Windows Server 2012\/2016<\/strong>\u00a0Domain Controllers and\u00a0<strong>Windows 7\/8\/10<\/strong>\u00a0clients<\/li><li><strong>WinRm<\/strong>\u00a0must be\u00a0<strong>enabled on all Client computers<\/strong>\u00a0(WinRm is enabled on Windows Server 2012\/2016 by default) manually (winrm qc) or by GPO.<\/li><li>Run the tool on a\u00a0<strong>Domain Controller\u00a0<\/strong>(You may run into troubles with RSAT)<\/li><li>0 and Enter (instead of Enter only) to go back to the main menu is due to the possible integration of PowerShell Web Access where pressing Enter only will not work<\/li><\/ul>\n\n\n\n<p>After downloading create a folder \u201cAD\u201d in C:\\Program Files\\Windows PowerShell\\Modules and save the AD.psm1 file there.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/03\/unbenannt60.png?w=829\" alt=\"Unbenannt.PNG\" class=\"wp-image-33844\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/03\/unbenannt68.png?w=829\" alt=\"Unbenannt.PNG\" class=\"wp-image-33961\"\/><\/figure>\n\n\n\n<p>It should be then available every time you start PowerShell and run the command ad.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/patrick6649.files.wordpress.com\/2018\/03\/unbenannt59.png?w=829\" alt=\"Unbenannt.PNG\" class=\"wp-image-33843\"\/><\/figure>\n\n\n\n<p>Or as mentioned in PowerShell Web Access.<\/p>\n\n\n\n<p>Have fun with it!&nbsp;I am very grateful for ideas for further functions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hey Guys, as a Windows SysAdmin some of your primary tools is Active Directory and PowerShell. I want to share this tool I found online from Patrick Gruenauer &#8211; Author of https:\/\/sid-500.com\/ You can download the tool from here: https:\/\/sid-500.com\/2018\/05\/22\/active-directory-domain-services-section-version-1-1\/ Active Directory Domain Services Section What can we do with it? This is the question [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42,59],"tags":[],"class_list":["post-2765","post","type-post","status-publish","format-standard","hentry","category-ad","category-powershell"],"_links":{"self":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2765"}],"version-history":[{"count":5,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2765\/revisions"}],"predecessor-version":[{"id":2771,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2765\/revisions\/2771"}],"wp:attachment":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}