Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Windows Server Active Directory - Snippets
########################################################################################
# Add DNS Host A entry with PowerShell
# Forward / Host A
Add-DnsServerResourceRecordA -Name "test123" -ZoneName "myzone.local" -IPv4Address "10.0.0.1" -ComputerName mydnsserver
# Add PTR:
Add-DnsServerResourceRecordPtr -ZoneName 00.10.in-addr.arpa -Name 1.0 -PtrDomainName myhost.myzone.local -ComputerName mydnsserver
########################################################################################
# Check if the Active Directory Recycle Bin is enabled
Get-ADOptionalFeature -Filter 'name -like "Recycle Bin Feature"'
# If it's still off, enable it. Change Parameter -Target accordingly
Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com' -Scope ForestOrConfigurationSet -Target 'domain.com'
########################################################################################
# Get all Organizational Units
Get-ADOrganizationalUnit -Filter * -Properties CanonicalName | Select-Object -Property CanonicalName
########################################################################################
# List all AD Domain Controllers with Name and IP-Addresses
Get-ADDomainController -Filter * | Select Name, ipv4Address, OperatingSystem, site | Sort-Object -Property Name
########################################################################################
# List all AD Users that are configured for non expiring passwords
Get-ADUser -Properties Name,PasswordNeverExpires -Filter {PasswordNeverExpires -eq $true} | Select Name,SamAccountName,UserPrincipalName,PasswordNeverExpires
########################################################################################
# List only enabled Group Members
$group="Gruppenname"
Get-adgroupmember $group|%{Get-ADUser -Filter {SamAccountName -eq $_.Samaccountname -and Enabled -eq $true}|Select Name,Enabled}
########################################################################################
# Quick and Dirty: Export all Group Policy Objects as Backup and HTML Report
$gpos=Get-GPO -All
foreach($gpo in $gpos) {
$text=$gpo.displayname
[System.IO.Path]::GetInvalidFileNameChars() | % {$text = $text.replace($_,'.')}
Md $text
$path="C:\temp\gpo\"+ $text + "\"
$html = $path + $text + ".html"
Get-GPOReport -guid ($gpo.id) -path $html -reporttype html
Backup-GPO -guid ($gpo.id) -path $path
}
########################################################################################
# Set the Telephone Number of own user object in AD as enduser
$user=[system.directoryservices.directoryentry]((([adsisearcher]"Samaccountname=$($env:username)").findone()).Path);$user.put("telephoneNumber","+49 40 123 456 - 78");$user.setInfo();
########################################################################################
## Show all DNS Forwarding Zones on DC-DNS Servers
# Normal Forwarder
(Get-ADDomainController -filter *).Foreach({$tmp=Get-DnsServerForwarder -ComputerName ($_.Hostname);$listitem=@{($_.Hostname)=($tmp.IPAddress)}; $listitem})
# Conditional Forwarder, not AD integrated
(Get-ADDomainController -filter *).Foreach({$tmp=Get-DNSServerZone -ComputerName ($_.Hostname); Get-DnsServerZone|Where {($_.ZoneType -eq "Forwarder") -and ($_.IsDsIntegrated -eq $false)} }) | Select ZoneName,MasterServers
# Conditional Forwarder, AD integrated
Get-DnsServerZone|Where {($_.ZoneType -eq "Forwarder") -and ($_.IsDsIntegrated -eq $true)} | Select ZoneName,MasterServers,ReplicationScope
########################################################################################
# List FSMO
NetDOM /query FSMO
<# or use GUI
1. Click Start, click Run, type dsa.msc, and then click OK.
2. Right-click the selected Domain Object in the top left pane, and then click Operations Masters.
3. Click the PDC tab to view the server holding the PDC master role.
4. Click the Infrastructure tab to view the server holding the Infrastructure master role.
5. Click the RID Pool tab to view the server holding the RID master role.
#>
########################################################################################
## Quick and Dirty AD Replication.bat
# Manual sync
Repadmin /syncall /APed
# meaning: A=All Partitions, P=Push, e=enterprise and cross sites; d=distinguished Names
# optionally specify DC name
Repadmin /syncall <DCNAME> /APed
# replication summary
Repadmin /replsummary *
# detailed replication info
Repadmin /showrepl *
########################################################################################
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment