Tuesday, June 26, 2012

Just registered our Group in "O'reilly User Group Program".

 

Hi,

I just register our group in "O'reilly's User Group Program"

I hope that they will approve our affiliation soon , so that we all can be benefited  from this program.

I think this is nice initiative taken by "O'reilly" .

Link to register: http://ug.oreilly.com/ 

Thanks

Aman Dhally

Friday, June 15, 2012

Powershell and Active Directory: Find Active Directory users in a particular Organizational Unit whose Script Path is not set or blank using Powershell.

 

Hi,

If we are using "Active Directory" then one this is sure that 98% we are using some login scripts. Sometime while creating users we forget to mentioned to specify the login script in account.

15-06-2012 12-43-37

My task of today is to find all users accounts those have no login script defined in their accounts.

Let's Start.

 Make sure you have "RSAT" installed on you laptop.

Now Import the Active Directory module.

Import-Module ActiveDirectory

30-04-2012 23-21-03 

..

ok, Module is imported,

...

I want to search a particular organizational unit for users. I am not so good in LDAP so i always do a trick to find full path of OU.

Find OU.

I know a user name "Will smith" in located in that Organizational unit on whom i want to search users those have blank LOGIN SCRIPT field.

I run Get-ADUser cmdlet against Will.smith and i choose to show me of DistinguishedName the user. That DistinguishedName name contain full path of that OU

(Get-ADUser will.smith).DistinguishedName

Copy all fields expect CN and saved it to a variable.

15-06-2012 12-44-57 

$ou = "OU=testing,DC=localDC,DC=com"

15-06-2012 12-55-32

We are using  Get-ADUser cmdlet , to the information about active Directory users, in -SearchBase we are telling it to search our  predefined Organizational Unit in $ou variable,   then -Filter * to search for all users , and then -Properties * to show all the properties of the user account , then we are piping the command to  where cmdlet and we are choosing to choose only those users whose SCRIPTPATH is equal to null or blank and after that we are selecting only names using select cmdlet.

Get-ADUser -SearchBase $ou -Filter * -Properties * | where { $_.ScriptPath -eq $null } | select Name

15-06-2012 12-59-34

All Done...Job is secured | once again ...

Thanks!

Aman Dhally

Buy-More-Twitter-Followers   4fb29548b6adc

dance_goofy

Wednesday, June 13, 2012

Powershell and Active Directory: Find all Active Directory users whose CITY property field in blank.

 

Hi,

Me again , yes yes i know , now you are going to ask me ,,"Aman" what is your task for the day",, ok ok telling you..Today my manager told me to find all  active directory users which don't have the CITY field set or those users whose CITY field is blank in there user properties.

I know that Active Directory Module has a Cmdlet to find users which is : Get-ADUser

 

Let's Start.

 Make sure you have "RSAT" installed on you laptop.

Now Import the Active Directory module.

Import-Module ActiveDirectory

30-04-2012 23-21-03 

..

ok, Module is imported,

To find all users in AD we need to user -Filter * and to get there all properties we need to use -Properties * parameters.

Get-ADUser -Filter * -Properties *

13-06-2012 12-02-27

but our target it to find CITY field which is blank., let's use Where-Object cmdlet to do this.

In this command we are asking powershell to Find all users with all of there properties and then then show is only those users whose CITY property is $null or blank.

Get-ADUser -Filter * -Properties * | Where-Object { $_.City -eq $null}

this is showing us huge amount of data.

13-06-2012 12-07-13

Lets just select names of the users only.

Get-ADUser -Filter * -Properties * | Where-Object { $_.City -eq $null} | Select Name

13-06-2012 12-09-21 

Wow !! i have the names of all users whose City filed in blank.. i can export it to CSV files and sent to my Manager :)

Thanks for reading

Thanks!

Aman Dhally

Buy-More-Twitter-Followers   4fb29548b6adc

penguin

Tuesday, June 12, 2012

Powershell and Active Directory: Find all organizational unit containers [OU] in Active Directory using Powershell.

 

Hi,

These days i think i am only and only working with Active Directory.  My Manager give me the task to show him the all Organizational Unit Container , so that we can re-arrange them and remove the OU those are not required any longer.

Seriously i don't know any way to do this. I never heard about it and never tried it before. Why ? my manager needs it ? that the first thought came in my mind, but buddy manager is a manager ;o) , i have to do it what he said.

The again i decide lets explore some Active Directory cmdlets and see if it have something.

In first attempt i found a single cmdlet which is able to do this. That is  Get-ADOrganizationalUnit

Let's Start.

 Make sure you have "RSAT" installed on you laptop.

Now Import the Active Directory module.

Import-Module ActiveDirectory

30-04-2012 23-21-03 

..

ok, Module is imported,

...

First run the to view all OUs run the single cmdlet with -Filter * parameters

Get-ADOrganizationalUnit -Filter *

It is showing us the details of all OUs.

New Delhi Powershell User Group

But i am still not satisfy with the result. let it filter more ,,

Get-ADOrganizationalUnit -Filter * | Select Name

I tried to select Name but the output is not so good. Because we can see Name but for example in below screenshot i have multiple OU container named as Users

12-06-2012 11-35-36

ok...still not happy.

let run another command

Get-ADOrganizationalUnit -Filter *  -properties * | Select CanonicalName

This command will show is a full path of our OUs.

12-06-2012 11-38-05

All Done :)

My Target of the day i achieved. Now can do facebook ;o) ;o)

Thanks for reading

Thanks!

Aman Dhally

Buy-More-Twitter-Followers   4fb29548b6adc

simba

Monday, June 11, 2012

Powershell and Active Directory: Powershell Script to create multiple groups in Active Directory and add predefined users in to it.


HI,

Sometime a need arrives when you need to create a few Active Directory groups and add the same members to all the groups.

Today i need to create 20 Group and need to add same users to all the groups. To create 20 Group manually and then add users to it one by one is a hectic job for me .

So again i thought let do it with PowerShell.

To achieve my goal i wrote a simple Powershell script. Make sure before running the script Make sure you have "RSAT" installed and imported the "Active Directory" Module.

You can download the script from : http://gallery.technet.microsoft.com/scriptcenter/Create-Multiple-Groups-in-4118c589

Screenshots
In testing OU i have only one Group Now.

11-06-2012 16-19-22

Run the script now and it ask you for Domain Administrator username and password.

11-06-2012 16-20-59

Ok...Script is finished with some Messages :)

11-06-2012 16-31-39

lets check our OU  and it has 4 New Groups.

11-06-2012 16-33-02

Lets Check inside the groups.

11-06-2012 16-33-15 11-06-2012 16-33-28 11-06-2012 16-33-46 11-06-2012 16-34-00 

All is well and done as per our requirements.

You can download the script from : http://gallery.technet.microsoft.com/scriptcenter/Create-Multiple-Groups-in-4118c589

Thanks!
Aman Dhally
Buy-More-Twitter-Followers   4fb29548b6adc
avatar-207

Powershell and Active Directory: Find inactive Computer Accounts in Active Directory using Powershell.

 

HI,

As you know my IT manager always keep me busy. These days we are cleaning our Active Directory. My Today's "Target of the Day" is to find all in-active computer accounts.

first i start thinking how to do it ? to use some filter in "Active Directory Computer and users" or i need to do something else. After few minutes of thinking i thoughts, why not try Powershell. :)

Let's Start.

 Make sure you have "RSAT" installed on you laptop.

Now Import the Active Directory module.

Import-Module ActiveDirectory

30-04-2012 23-21-03 

..

ok, Module is imported,

we are going to use the Active Directory module cmdlet "Get-ADComputer"

"Get-ADComputer" has a property of Enabled which either is "false" or "True", the true means computer account is "enabled" and false means "Computer account is "disabled"

To find all the properties of a single computer account , use the below command.

Get-ADComputer R92DA6V -Properties *

11-06-2012 14-05-15

Ok..not lets find all disabled/in-active computer accounts.

we are going to -filter to to find all inactive account and in Filter we are defining that show all computer who has the value of $false in the property Enabled.

Get-ADComputer -Filter "Enabled -eq '$false'"

11-06-2012 14-05-39

all done ..but lets filter the output to show  us only names.

Get-ADComputer -Filter "Enabled -eq '$false'" | Select Name

11-06-2012 13-56-39

Ahh !! now it's look better...

Now i have the name of all inactive computer accounts in my AD.

Thanks for reading.

Thanks!

Aman Dhally

Buy-More-Twitter-Followers   4fb29548b6adc

Rabbit_Wants_beer

Thursday, June 7, 2012

Powershell and Active Directory: Add domain users to a group using powershell.

 

Hi,

Yesterday i shows you how to create a user group in "Active Directory". Now lets today add members to that user group using powershell.

Lets Start.

 Make sure you have "RSAT" installed on you laptop.

Now Import the Active Directory module.

Import-Module ActiveDirectory

30-04-2012 23-21-03 

..

ok, Module is imported,,

we are going to use Add-ADGroupMember cmdlet.

so we have a user group name as "Singers" which currently have no members.

07-06-2012 13-48-43

i am am planning to add "Michal Jackson" and "Rickey Martin" to the group.

07-06-2012 13-56-49

the command is below. Add-ADGroupMember and then Name of the Group and after that {SamName} name of the users delimitated by comma. and you can also provide -Server name if you want.

Add-ADGroupMember Singers Ricky.martin,Michael.jackson -Server "LocalDC"

07-06-2012 14-12-46

our command run successfully now lets check the Group see if our users are added to it..

07-06-2012 14-10-44

Bingo !! All DOne ...

Thanks for reading.

Thanks

Aman Dhally

Buy-More-Twitter-Followers   4fb29548b6adc

madagascar_penguin

Wednesday, June 6, 2012

Powershell and Active Directory: Create a new group in Active Directory using Powershell.

 

Hi,

Yesterday one of my users asked me to create a few user group for him. Normally to create a new group i open "DSA.MSC" or "Active Directory users and computers" and create a desired group. This time i thought i would create a new group using PowerShell.

To create a new group in Active Directory make sure you have RSAT installed.

Lets Start.

 Make sure you have "RSAT" installed on you laptop.

Now Import the Active Directory module.

Import-Module ActiveDirectory

30-04-2012 23-21-03 

..

ok, Module is imported,,

we are going to use "New-ADGroup" cmdlet.

I want a group Name to be  "Singers", i my OU "Testing", the Group category in my case is "Security" and the Group Scope is "Global". I choose a -Server parameter because my main DC in located outside of Delhi and then using -Credential we are providing domain administrator username and password becasue you need administrator privileges to create a group in Active Directory.

The command should be like below.

New-ADGroup -Path "OU=testing,DC=localdc,DC=com" -Name "Singers" -GroupCategory Security -GroupScope Global -Server "local-dc" -Credential localdomain\administrator

After run the Command it is asking for Domain Administrator Credentials. Provide them.

06-06-2012 12-07-24 

Ok. Command run successfully without errors.

06-06-2012 12-08-24 

Let's check out OU "testing" and see if this group is created there.

Bingo.. all Done :)

06-06-2012 12-08-46 

 

Thanks for reading.

Thanks

Aman Dhally

Buy-More-Twitter-Followers

spiderman_jump