Ricc Babbitt ScriptingPro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # finds kms servers from DNS and checks if the port is open | |
| Resolve-DnsName "_vlmcs._tcp.$([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Name)" -Type all | %{Test-NetConnection -ComputerName $_.NameTarget -Port 1688} |
ScriptingPro
/ from-all-domain-controllers.ps1
Created
July 29, 2023 00:22
AD Queries Against Each Domain Controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # User Attributes - Check if user attributes replicated to all DCs | |
| Get-ADDomainController -Filter * -pv dc | %{get-aduser userid -server $dc.name -Properties * } | select {$dc.name}, LastBadPasswordAttempt,badPwdCount,LockedOut,PasswordLastSet | ft -AutoSize | |
| # Group Members - Check if group members replicated to all DCs | |
| Get-ADDomainController -Filter * -pv dc | %{Get-ADGroup groupname -server $dc.name -Properties members} | select {$dc.name}, {($_.members | Get-ADObject -server $dc.name -Properties samaccountname).samaccountname -join ","} | ft -AutoSize | |
ScriptingPro
/ Active_Directory_Port_Check.ps1
Created
November 16, 2022 22:35
Check if necessary AD Ports are Open using PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TargetDC = “dc1.contoso.com” | |
| Test-NetConnection -ComputerName $TargetDC -Port 88 # Kerberos | |
| Test-NetConnection -ComputerName $TargetDC -Port 135 # RPC | |
| Test-NetConnection -ComputerName $TargetDC -Port 139 # NetBIOS SS | |
| Test-NetConnection -ComputerName $TargetDC -Port 389 # LDAP |
ScriptingPro
/ Validate AD SRV DNS Records.ps1
Last active
February 16, 2024 00:41
Check Active Directory DNS SRV Records
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # validate srv records | |
| $domain = 'contoso.com' | |
| $sites = 'Dallas','Austin','Houston' | |
| foreach($site in $sites){ | |
| @" | |
| _kerberos._udp.$domain | |
| _kpasswd._udp.$domain | |
| _gc._tcp.$domain |
ScriptingPro
/ Compare-RDG-Files.ps1
Created
July 26, 2022 12:19
Compare two Remote Desktop Connection Manager RDG files and find out what's different
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Flatten-RDGFile | |
| { | |
| Param | |
| ( | |
| # Param1 help description | |
| [Parameter(Mandatory=$true)] | |
| [string]$RDGFile | |
| ) |
ScriptingPro
/ LockoutFinder.ps1
Last active
February 16, 2024 00:41
Find the source of AD user's account lockouts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module ActiveDirectory | |
| $samID = "USERIDHERE" | |
| $Host.UI.RawUI.WindowTitle = "Finding lockouts for $samID" #change window title just incase we have multiple running | |
| $DCs = Get-ADDomainController -Filter * | select -ExpandProperty name | |
| # do infinite loop, sleeping for 60 seconds each iteration, and when i find the account locked search for lockout source and log it | |
| do{ |
ScriptingPro
/ Get-Local-Group-Members.ps1
Created
May 25, 2022 16:18
get local group members powershell remote computer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PS C:\Windows\system32> $htVmDatacenters.Values | %{ | |
| Get-WmiObject -ComputerName $_.Replace("`$", '') -Query "SELECT * FROM Win32_GroupUser" | ?{([WMI]$_.GroupComponent).Caption -like "*\Administrators"} | %{ | |
| $PartComponent = $_.PartComponent -replace "^.*\\cimv2:","Class=" -replace '"','' -replace "[\.,]",[environment]::NewLine | ConvertFrom-StringData | |
| [PSCustomObject]@{ | |
| LocalGroup = ([WMI]$_.GroupComponent).Caption | |
| Member = "$($PartComponent.Domain)\$($PartComponent.Name)" | |
| } | |
| } | |
| } |
ScriptingPro
/ Remove_EVERYONE+Inherited.ps1
Last active
February 3, 2020 22:07
Removes Everyone including Inherited Everyone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # run as admin | |
| # USE WITH CAUTION and test for desired results | |
| gci -Recurse -Directory | %{ | |
| $Descriptor = Get-Acl $_.FullName | |
| # first look for inherited access to we can disable inheritance and copy the AuthorizationRuleCollection | |
| $InheritedAccess2Remove = $Descriptor.Access | ?{$_.IdentityReference -eq 'Everyone' -and $_.IsInherited -eq $true} | |
| if($InheritedAccess2Remove){ | |
| $Descriptor.SetAccessRuleProtection($True, $True) | |
| Set-Acl -Path $_.FullName -AclObject $Descriptor | |
| } |
ScriptingPro
/ Remove_EVERYONE.ps1
Last active
February 3, 2020 21:23
Remove Any Explicitly Defined Permissions for EVERYONE Security Principal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this removes only non-inherited "EVERYONE" user recursively from folders | |
| # execute this from the starting directory | |
| gci -Recurse -Directory | %{ | |
| $Descriptor = Get-Acl $_.FullName | |
| $Access2Remove = $Descriptor.Access | ?{$_.IdentityReference -eq 'Everyone' -and $_.IsInherited -eq $false} | |
| if($Access2Remove){ | |
| $Descriptor.RemoveAccessRule($Access2Remove) | |
| Set-Acl -Path $_.FullName -AclObject $Descriptor | |
| } |
ScriptingPro
/ Uninstall BeyondTrust PowerBroker.ps1
Created
October 15, 2019 00:14
Uninstall BeyondTrust PowerBroker from Windows System
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PBIS / Likewise / PowerBroker | |
| # Removes PowerBroker and leftover registry and file remnants | |
| Invoke-Expression 'C:\Windows\SysWOW64\msiexec.exe /x {0972AA62-BF13-4B6E-9AD2-1C290A1AFB65}' | |
| Remove-Item -Path "C:\Program Files\BeyondTrust" -Recurse -Force # get rid of the leftovers | |
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | |
| Get-ChildItem HKCR:\CLSID | ?{$_.Property -contains "(default)"} | Get-ItemProperty -name "(default)" | ?{$_.'(default)' -like "Centeris.Likewise*"} | Remove-Item -Recurse | |
| Get-ChildItem HKCR:\Record -Recurse | ?{$_.Property -contains "Class"} | Get-ItemProperty -name "Class" | ?{$_.Class -like "Centeris.Likewise*"} | %{Remove-Item $_.PSParentPath -Recurse} | |
| Remove-Item "HKCR:\Centeris.Likewise.Auth.FindShellExt.ShellExtensionBridge" -Recurse | |
| Get-ChildItem HKCR:\CLSID -Recurse | ?{$_.Property -contains "Class"} | Get-ItemProperty -name "Class" | ?{$_.Class -like "Centeris.Likewise*"} | %{Get-Item $_.psparentpath | %{remove-item $_.psparentpath -Recurse }} |
NewerOlder