You can use PowerShell to pretty much get anything you want out of Active Directory. Let’s say you want to see when the last time a user changed their password was. You can use the Get-ADUser commandlet to obtain any attribute for a user in the Active Directory schema. To use Get-ADUser, you’ll need to define a scope. In this example, we’ll do so using the -filter option and filter for everyone, using an *. That could be a lot of data, so we’re also going to look for the property, or attribute of PasswordLastSet using the -Properties option: Get-ADUser –filter * -Properties PasswordLastSet We can then add a little…
-
-
Import And Export Active Directory Objects In Server 2012
The LDIFDE utility exports and imports objects from and to Active Directory using the ldif format, which is kinda’ like csv when it gets really drunk and can’t stay on one line. Luckily, ldif can’t drive. Actually, each attribute/field is on a line (which allows for arrays) and an empty line starts the next record. Which can make for a pretty messy looking file the first time you look at one. The csvde command can be used to export data into the csv format instead. In it’s simplest form the ldifde command can be used to export AD objects just using a -f option to specify the location (the working…
-
Kill Processes In Windows
You always want to stop a process gracefully. However, sometimes it’s just not possible to do so. Sometimes, you have to kill a process. Sometimes you have to end a process or a process tree when you can’t restart them gracefully. To stop a process in Linux and Mac, use the kill command. In Windows, there’s a Powershell cmdlet called Stop-Process that enables you to terminate a process. As with kill, just add the process ID at the end of the command. For example, to stop process 318: Stop-Process 318 Or you can stop based on the name of the process using the -processname option. For example, to kill a…
- Active Directory, cloud, Consulting, iPhone, Kerio, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Microsoft Exchange Server, Network Infrastructure, Windows Server
Dig TTL While Preparing For A Migration
Any time doing a migration of data from one IP to another where that data has a DNS record that points users towards the data, we need to keep the amount of time it takes to repoint the record to a minimum. To see the TTL of a given record, let’s run dig using +trace, +nocmd to turn off showing the version and query options, +noall to turn off display flags, +answer to still show the answer section of my reponse and most importantly for these purposes +ttlid to toggle showing the TTL on. Here, we’ll use these to lookup the TTL for the https://krypted.com/ A record: dig +trace +nocmd…
-
Obtain UPN from PowerShell
A UserPrincipalName (or UPN) is an attribute that contains an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is used for a lot of different tasks, notably for Kerberos/Single Sign-On. As such, there are a lot of scripts that can now key off of a UPN. You can use the Get-ADUser cmdlet to query accounts for the UserPrincipalName attribute. To do so, we’re going to -Filter our results to display everyone (although we could include a username to only get one user) and then define the Search Base (using -SearchBase) to refine where in the query that the search will begin. Use the –Properties parameter…
-
Rename a Windows 2012 Server Using PowerShell
When you are creating a bunch of Server 2012 Virtual Machines (or physical machines for that matter) it is helpful to programmatically change their names. To do so, use the Rename-Computer PowerShell cmdlet followed by the name you want the computer to have, as follows (assuming a name of 2012.krypted.com): Rename-Computer 2012.krypted.com Before you do anything else (e.g. bind to AD) you should then reboot the host, using the Restart-Computer cmdlet: Restart-Computer
-
Setting Up Active Directory In Windows Server 2012
Installing Active Directory services is arguably one of the first things done on many a Windows Server. And for well over a decade you could unbox, update, run dcpromo and be done with much of that. While the wizards are still there, in the case of Windows Server 2012, the process has changed ever-so-slightly. To install a domain controller in Windows Server 2012, start with Server Manager. This new tool is the place where you start many a process in a Windows Server now, and Active Directory is no different. To get started, first open Server Manager. From Server Manager, click on the Manage menu and select Add Roles and…
-
Use Windows Backup To Back Up Windows Server 2012
WIndows Server’s ntbackup tools have become easier and easier to use over time. But there’s no more ntbackup. Well, there’s wbadmin, which is very similar. You can still restore data by downloading ntbackups restore tool at http://support.microsoft.com/?kbid=974674. Windows Backup is now capable of backing up a system with the same ease of use that Apple brought to automated backups with Time Machine and Time Machine Server. In fact, providing access to only a few more options Microsoft’s tools provide access to some pretty nice options, easily configured. To get started, you’ll first need to install the Windows Backup Role. To do so, use the Add Roles and Features Wizard in…
-
Managing DNS In Windows Server 2012
Previously, I covered installing the DNS role in Windows Server 2012. Once installed, managing the role is very similar to how management was done in Windows Server 2003 through 2008 R2. With the exception of how you access the tools. DNS is one of the most important services in Windows Servers, as with most other platforms. So it’s important to configure DNS. To get into the DNS Manager in 2012 Server, first open Server Manager (you might get sick of using this tool in Server 2012, similar to how my Mac Server brethren have gotten tired of it in Lion and Mountain Lion Servers. Then from Server Manager click on…
- Active Directory, Mac OS X, Mac OS X Server, Mac Security, Network Infrastructure, Ubuntu, Unix, VMware, Windows Server, Windows XP, Xsan
List All DNS Records For A Domain
Sometimes you want to move a domain but you don’t have a copy of the zone file in order to recreate records. The easy way to do this is to grab a zone transfer. To do so, dig is your friend: dig -tAXFR mycompany.com Sometimes though (and actually more often than not) a zone transfer is disabled. In that case you’ll need to dig the domain a bit differently. I like to use +nocmd, query for any and list the results (+answer): dig +nocmd https://krypted.com/ any +answer Which results in the following: ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39183 ;; flags: qr rd ra; QUERY: 1,…