This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# finds kms servers from DNS and checks if the port is open | |
Resolve-DnsName "_vlmcs._tcp.$([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Name)" -Type all | %{Test-NetConnection -ComputerName $_.NameTarget -Port 1688} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# User Attributes - Check if user attributes replicated to all DCs | |
Get-ADDomainController -Filter * -pv dc | %{get-aduser userid -server $dc.name -Properties * } | select {$dc.name}, LastBadPasswordAttempt,badPwdCount,LockedOut,PasswordLastSet | ft -AutoSize | |
# Group Members - Check if group members replicated to all DCs | |
Get-ADDomainController -Filter * -pv dc | %{Get-ADGroup groupname -server $dc.name -Properties members} | select {$dc.name}, {($_.members | Get-ADObject -server $dc.name -Properties samaccountname).samaccountname -join ","} | ft -AutoSize | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$TargetDC = “dc1.contoso.com” | |
Test-NetConnection -ComputerName $TargetDC -Port 88 # Kerberos | |
Test-NetConnection -ComputerName $TargetDC -Port 135 # RPC | |
Test-NetConnection -ComputerName $TargetDC -Port 139 # NetBIOS SS | |
Test-NetConnection -ComputerName $TargetDC -Port 389 # LDAP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# validate srv records | |
$domain = 'contoso.com' | |
$sites = 'Dallas','Austin','Houston' | |
foreach($site in $sites){ | |
@" | |
_kerberos._udp.$domain | |
_kpasswd._udp.$domain | |
_gc._tcp.$domain |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Flatten-RDGFile | |
{ | |
Param | |
( | |
# Param1 help description | |
[Parameter(Mandatory=$true)] | |
[string]$RDGFile | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module ActiveDirectory | |
$samID = "USERIDHERE" | |
$Host.UI.RawUI.WindowTitle = "Finding lockouts for $samID" #change window title just incase we have multiple running | |
$DCs = Get-ADDomainController -Filter * | select -ExpandProperty name | |
# do infinite loop, sleeping for 60 seconds each iteration, and when i find the account locked search for lockout source and log it | |
do{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PS C:\Windows\system32> $htVmDatacenters.Values | %{ | |
Get-WmiObject -ComputerName $_.Replace("`$", '') -Query "SELECT * FROM Win32_GroupUser" | ?{([WMI]$_.GroupComponent).Caption -like "*\Administrators"} | %{ | |
$PartComponent = $_.PartComponent -replace "^.*\\cimv2:","Class=" -replace '"','' -replace "[\.,]",[environment]::NewLine | ConvertFrom-StringData | |
[PSCustomObject]@{ | |
LocalGroup = ([WMI]$_.GroupComponent).Caption | |
Member = "$($PartComponent.Domain)\$($PartComponent.Name)" | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# run as admin | |
# USE WITH CAUTION and test for desired results | |
gci -Recurse -Directory | %{ | |
$Descriptor = Get-Acl $_.FullName | |
# first look for inherited access to we can disable inheritance and copy the AuthorizationRuleCollection | |
$InheritedAccess2Remove = $Descriptor.Access | ?{$_.IdentityReference -eq 'Everyone' -and $_.IsInherited -eq $true} | |
if($InheritedAccess2Remove){ | |
$Descriptor.SetAccessRuleProtection($True, $True) | |
Set-Acl -Path $_.FullName -AclObject $Descriptor | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this removes only non-inherited "EVERYONE" user recursively from folders | |
# execute this from the starting directory | |
gci -Recurse -Directory | %{ | |
$Descriptor = Get-Acl $_.FullName | |
$Access2Remove = $Descriptor.Access | ?{$_.IdentityReference -eq 'Everyone' -and $_.IsInherited -eq $false} | |
if($Access2Remove){ | |
$Descriptor.RemoveAccessRule($Access2Remove) | |
Set-Acl -Path $_.FullName -AclObject $Descriptor | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PBIS / Likewise / PowerBroker | |
# Removes PowerBroker and leftover registry and file remnants | |
Invoke-Expression 'C:\Windows\SysWOW64\msiexec.exe /x {0972AA62-BF13-4B6E-9AD2-1C290A1AFB65}' | |
Remove-Item -Path "C:\Program Files\BeyondTrust" -Recurse -Force # get rid of the leftovers | |
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | |
Get-ChildItem HKCR:\CLSID | ?{$_.Property -contains "(default)"} | Get-ItemProperty -name "(default)" | ?{$_.'(default)' -like "Centeris.Likewise*"} | Remove-Item -Recurse | |
Get-ChildItem HKCR:\Record -Recurse | ?{$_.Property -contains "Class"} | Get-ItemProperty -name "Class" | ?{$_.Class -like "Centeris.Likewise*"} | %{Remove-Item $_.PSParentPath -Recurse} | |
Remove-Item "HKCR:\Centeris.Likewise.Auth.FindShellExt.ShellExtensionBridge" -Recurse | |
Get-ChildItem HKCR:\CLSID -Recurse | ?{$_.Property -contains "Class"} | Get-ItemProperty -name "Class" | ?{$_.Class -like "Centeris.Likewise*"} | %{Get-Item $_.psparentpath | %{remove-item $_.psparentpath -Recurse }} |
NewerOlder