Created
July 6, 2021 14:12
-
-
Save diecknet/052737bf190d7b07813a916067d31c9e to your computer and use it in GitHub Desktop.
Windows Server Active Directory - Snippets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######################################################################################## | |
# Add DNS Host A entry with PowerShell | |
# Forward / Host A | |
Add-DnsServerResourceRecordA -Name "test123" -ZoneName "myzone.local" -IPv4Address "10.0.0.1" -ComputerName mydnsserver | |
# Add PTR: | |
Add-DnsServerResourceRecordPtr -ZoneName 00.10.in-addr.arpa -Name 1.0 -PtrDomainName myhost.myzone.local -ComputerName mydnsserver | |
######################################################################################## | |
# Check if the Active Directory Recycle Bin is enabled | |
Get-ADOptionalFeature -Filter 'name -like "Recycle Bin Feature"' | |
# If it's still off, enable it. Change Parameter -Target accordingly | |
Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com' -Scope ForestOrConfigurationSet -Target 'domain.com' | |
######################################################################################## | |
# Get all Organizational Units | |
Get-ADOrganizationalUnit -Filter * -Properties CanonicalName | Select-Object -Property CanonicalName | |
######################################################################################## | |
# List all AD Domain Controllers with Name and IP-Addresses | |
Get-ADDomainController -Filter * | Select Name, ipv4Address, OperatingSystem, site | Sort-Object -Property Name | |
######################################################################################## | |
# List all AD Users that are configured for non expiring passwords | |
Get-ADUser -Properties Name,PasswordNeverExpires -Filter {PasswordNeverExpires -eq $true} | Select Name,SamAccountName,UserPrincipalName,PasswordNeverExpires | |
######################################################################################## | |
# List only enabled Group Members | |
$group="Gruppenname" | |
Get-adgroupmember $group|%{Get-ADUser -Filter {SamAccountName -eq $_.Samaccountname -and Enabled -eq $true}|Select Name,Enabled} | |
######################################################################################## | |
# Quick and Dirty: Export all Group Policy Objects as Backup and HTML Report | |
$gpos=Get-GPO -All | |
foreach($gpo in $gpos) { | |
$text=$gpo.displayname | |
[System.IO.Path]::GetInvalidFileNameChars() | % {$text = $text.replace($_,'.')} | |
Md $text | |
$path="C:\temp\gpo\"+ $text + "\" | |
$html = $path + $text + ".html" | |
Get-GPOReport -guid ($gpo.id) -path $html -reporttype html | |
Backup-GPO -guid ($gpo.id) -path $path | |
} | |
######################################################################################## | |
# Set the Telephone Number of own user object in AD as enduser | |
$user=[system.directoryservices.directoryentry]((([adsisearcher]"Samaccountname=$($env:username)").findone()).Path);$user.put("telephoneNumber","+49 40 123 456 - 78");$user.setInfo(); | |
######################################################################################## | |
## Show all DNS Forwarding Zones on DC-DNS Servers | |
# Normal Forwarder | |
(Get-ADDomainController -filter *).Foreach({$tmp=Get-DnsServerForwarder -ComputerName ($_.Hostname);$listitem=@{($_.Hostname)=($tmp.IPAddress)}; $listitem}) | |
# Conditional Forwarder, not AD integrated | |
(Get-ADDomainController -filter *).Foreach({$tmp=Get-DNSServerZone -ComputerName ($_.Hostname); Get-DnsServerZone|Where {($_.ZoneType -eq "Forwarder") -and ($_.IsDsIntegrated -eq $false)} }) | Select ZoneName,MasterServers | |
# Conditional Forwarder, AD integrated | |
Get-DnsServerZone|Where {($_.ZoneType -eq "Forwarder") -and ($_.IsDsIntegrated -eq $true)} | Select ZoneName,MasterServers,ReplicationScope | |
######################################################################################## | |
# List FSMO | |
NetDOM /query FSMO | |
<# or use GUI | |
1. Click Start, click Run, type dsa.msc, and then click OK. | |
2. Right-click the selected Domain Object in the top left pane, and then click Operations Masters. | |
3. Click the PDC tab to view the server holding the PDC master role. | |
4. Click the Infrastructure tab to view the server holding the Infrastructure master role. | |
5. Click the RID Pool tab to view the server holding the RID master role. | |
#> | |
######################################################################################## | |
## Quick and Dirty AD Replication.bat | |
# Manual sync | |
Repadmin /syncall /APed | |
# meaning: A=All Partitions, P=Push, e=enterprise and cross sites; d=distinguished Names | |
# optionally specify DC name | |
Repadmin /syncall <DCNAME> /APed | |
# replication summary | |
Repadmin /replsummary * | |
# detailed replication info | |
Repadmin /showrepl * | |
######################################################################################## |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment