Windows Server Video Links

Patch Installation via Command line in Windows Servers - YouTube

Tutorial4 Converting Windows Server Evaluation to Full Version (youtube.com)

Resetting Local Admin Password on Windows Servers (youtube.com)

Active Directory Video Links

Move FSMO Roles via Command Line - YouTube

Active Directory - Lost and Found Conflict - YouTube

Active Directory - Fine Grain Password Policy - YouTube

Restricting Domain Users from Joining Workstations to the Domain (youtube.com)

LAPS Implementation (youtube.com)

Forcefully Demotion of a Domain Controller (youtube.com)

Setting up Practical LABS Video Links

Tutorial 1 Getting Started with LAB Design || Downloading Setups || Vmware Workstation Installation (youtube.com)

Tutorial2 - VM Creation || Windows Server Installation || Sysprep (youtube.com)

Tutorial 3 - Setting up first Windows Server using Generalized template - YouTube

Tutorial 4 Converting Windows Server Evaluation to Full Version (youtube.com)

Tutorial5 Setting up Windows Servers with Basic Postconfiguration (youtube.com)

Tutorial6 Promoting First Domain Controller (youtube.com)

Tutorial7 Using Windows Server as a Router (youtube.com)

Tutorial8 Promoting DC with Higher OS / Upgrading DC to a Higher OS (youtube.com)

AD Script - Fetch User Account Password related details

 <#Created By - Abhishek Bansal

Read Note 

Script Usage - Finding UserID password related details such as -

1. Password Expired or not ?

2. If Expired, then on which day it's going to expired ?

3. How many days left before it expires ?

4. Whether UserId is active or not ?

Pre requisite :: Copy all the code into a text file, save it with an extension ".PS1". On the same location create a file named "Input.txt" containing Samaccountname of all the users against which you are looking to get info.

Execution & Outputs :: Once executed Output will be saved in a file named Userdetails_$date.csv for detailed output.#>

$inputuserids = Get-Content ./Input.txt

$date = $(Get-Date -Format "dd_MM_yyy")+".csv"

foreach($userid in $inputuserids)

{

    try{

Get-ADUser -Identity $userid -Properties Displayname,msDS-UserPasswordExpiryTimeComputed,PasswordExpired,Enabled,`

Passwordlastset | Select Displayname,Samaccountname,@{n="AccountStatus";e={if($($_.Enabled) -eq $true){"Active"}else{"Disabled"}}},`

Passwordlastset,PasswordExpired,@{n="ExpiryDate";e={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},`

@{n="DaysLeft";e={(New-TimeSpan -Start $(Get-Date) -End $([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed"))).Days}}`

| Export-Csv ./Userdetails_$date.csv -NoTypeInformation -Append

}

catch

{

$userid | Select-Object -Property @{n="Displayname";e={"NA"}},@{n="Samaccountname";e={$userid}},@{n="AccountStatus";e={"NA"}},@{n="Passwordlastset";e={"NA"}},@{n="PasswordExpired";e={"NA"}},@{n="ExpiryDate";e={"NA"}},@{n="DaysLeft";e={"NA"}}| Export-Csv ./Userdetails_$date.csv -NoTypeInformation -Append

}

}

Sample Output

AD Script - Creating new AD Groups

<#Created By - Abhishek Bansal

Script Usage - Creating new AD Groups.

Pre requisites :: Setup a Input.csv file containing details such as Group name, Category, Description, Group type and Path. Once done, Copy all the code into a text file, save it with an extension ".PS1". Once saved, run this script as Administrator.

Execution & Outputs :: Once executed, AD Groups will be created along with an output file named "Logs_date" containing all the results.#>

#Below is the snip of CSV file, (don't change the headers of each columns).

$groupdetails = Import-Csv .\Input.csv

$date = $(Get-Date -Format "dd_MM_yy")+".csv"

foreach($group in $groupdetails)

{

    try

    {

    New-ADGroup -Name $group.Name -GroupScope $group.Scope -GroupCategory $group.Category -Path $group.Path -Description $group.Description -PassThru  | Select Name,@{n=("Status");e={("Created under")}},DistinguishedName | Export-Csv ./Logs_$date -Append -NoTypeInformation

    }

catch

    {

       $group | Select-Object -Property @{n=("Name");e={($group.Name)}},@{n=("Status");e={("already exist under ")}},@{n="DistinguishedName";e={((Get-ADGroup -Identity $group.Name).DistinguishedName)}} | Export-Csv ./Logs_$date -Append -NoTypeInformation

        }

}

Sample Output after Groups creation

Powershell Script - Checking SMB1 Feature Status on Windows Servers

$servers = @("DDC01","DMMS01","DMMS02","DDC02","FakeServer","Tempvm4") #Listing all servers in " " quotes. Take input from a file if server count is large.

$date = (Get-Date -Format "dd_MM_yyyy")+".html"

$outputHTML = "<HTML>

<Body><Table border='2'>

<h2> SMB1 Status Report Started at $(Get-Date)</h2>

<TR><Td>Name</Td><Td>Operating System</Td><Td>DistinguishedName</Td>s

<Td>SMB1Status</Td></Tr>"

foreach($server in $servers)

{

$server = $server.trim()

$error.Clear()

try{

$command1 = Get-ADComputer -Identity $server -Properties OperatingSystem,DistinguishedName | Select-Object -Property Name,OperatingSystem,DistinguishedName -ErrorAction Stop 

}

catch{

$command1 = "Error"

}

try{

$command2 = Invoke-Command -ComputerName $server -ScriptBlock{(Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol).State} -ErrorAction Stop

}

catch{

$command2 = "Error"

}

if(($command1 -eq "Error")) 

    {

    $outputHTML += "<TR style='background-color:orange'>"

     $outputHTML += "

    <TD>$($server)</TD>

    <TD>$("NA")</TD>

    <TD>$("NA")</TD>

    <TD>$("Unable to fetch, please check manually")</TD>

    </TR>"

    }

    elseif(($command2 -eq "Error"))

    {

    $outputHTML += "<TR style='background-color:orange'>"

     $outputHTML += "

    <TD>$($server)</TD>

    <TD>$($command1.OperatingSystem)</TD>

    <TD>$($command1.DistinguishedName)</TD>

    <TD>$("Unable to fetch, please check manually")</TD>

    </TR>"

   }

else

    {

    $command3 = $command1 | Select-Object -Property Name,OperatingSystem,DistinguishedName,@{n="SMB1Status";e={$command2}}

        if(($($command3.SMB1Status.Value) -eq "Disabled"))

        {

        $outputHTML += "<TR style='background-color:red'>"

        }

        else

        {

        $outputHTML += "<TR>"

        }

   $outputHTML += "

    <TD>$($command3.Name)</TD>

    <TD>$($command3.OperatingSystem)</TD>

    <TD>$($command3.DistinguishedName)</TD>

    <TD>$($command3.SMB1Status.Value)</TD>

    </TR>"

    }

}

$outputHTML += "</Table></Body></Html>"

$outputHTML += "<h2> SMB1 Status Report Ended at $(Get-Date) </h2>"

$outputHTML | Out-File ./SMB1Status_$date

Sample Output

Windows Script - Profile folder Status check with Active Directory | Cleanup Project

<#Created By Abhishek Bansal

Read Note 

Script Usage :: Checks all the profile folders created under C:\Users for their current status in AD, ie whether they are active or not. Useful in finding out unnecessary profile folder.

Pre requisites :: Copy all the code into a text file, save it with an extension ".PS1". Once saved, run it as Administrator.

Execution & Outputs :: Output will be displayed in ProfileID_Status.csv #>

$srv = Read-Host "Enter Name or IP address of the Server = "

$Profile = Get-ChildItem "\\$srv\c$\Users" -Exclude "Public","Administrator*",".Net*","MSSQL*","Temp*"   #Mention any other local profile that you want to exclude.

foreach($row in $Profile.Name){

    $row = $row.Trim()

    try{

    Get-ADUser -Properties * $row | Select-Object -Property Displayname,Samaccountname,@{n="Status";e={$_.Enabled}},whenChanged,PasswordExpired,LastLogonDate | Export-Csv ./ProfileID_Status.csv -Append -NoTypeInformation

    }

    catch

    {

    $row | Select-Object -Property @{n="Displayname";e={"NA"}}, @{n="Samaccountname";e={$row}},@{n="Status";e={"ID is either local/disabled or doesn't exist in AD"}}, @{n="whenChanged";e={"NA"}}, @{n="PasswordExpired";e={"NA"}}, @{n="LastLogonDate";e={"NA"}} | Export-Csv ./ProfileID_Status.csv -Append -NoTypeInformation

    }

}

Sample Output

Powershell Script - Exporting GPO Settings in HTML

<#Read Me

Script Usage - Backing/Exporting GPO settings into HTML format.

Script Workflow

1. We can either use a ".txt" file as an Input file containing GPO's which we want to export.

2. Incase, we want to export all the GPO's in the domain, then use "Get-GPO" cmdlet with -All switch.

3. Outputs will be created in GPOname.html 

******************************************************************************#>

#Script 1 - Exporting all the GPO's in the domain.

$gpo = Get-GPO -All

foreach($item in $gpo)

{

$gponame = $item.DisplayName

Get-GPOReport -Name $gponame -ReportType HTML | Out-File ./$gponame.html

}

#Script 2 - Exporting all the GPO's mentioned in 'InputGPOdetails.txt' file.

#Note - Have this file under same folder where Script is kept.

$InputGPOdetails = Get-Content ./InputGPOdetails.txt

foreach($gponame in $InputGPOdetails)

{

Get-GPOReport -Name $gponame -ReportType HTML | Out-File ./$gponame.html

}

Entra ID - Blocking User to use MFA

Entra ID - Troubleshooting Password Hash Sync Issue

Entra ID - Stop Syncing Onprem AD Users to Entra ID using Sync Rule Editor

Windows - Patch Installation via Command Line

Entra ID - Stopped-extension-DLL-exception / no-start-ma Error

Entra ID - Stopped-deletion-threshold-exceeded error while running Azure AD Sync

Powershell Script - Finding Group Membership differences b/w two ID's in AD

 #Created By - Abhishek Bansal
#Use Case - Useful in finding membership differences b/w two ID's. ( Mirroring Group membership)
#Note - This won't do any modification in Group membership. This only fetches the membership, compares them & give us the output in a CSV file.
#Below is the Script, Copy paste it into Powershell ISE & run it directly.

$sourceid = Read-Host "Enter Source ID from which would be used for mirroring = "
$requestorid = Read-Host "Enter requestor ID whicn needs to be mirrored = "

$Sourceid_Data = Get-ADPrincipalGroupMembership -Identity $sourceid | Select SamAccountName,GroupScope,GroupCategory,objectClass
$requestorid_data = Get-ADPrincipalGroupMembership -Identity $requestorid | Select SamAccountName,GroupScope,GroupCategory,objectClass

$counter = 0
$totalcounter = $Sourceid_Data.Count
$percentagecomplete = 0
foreach($Sourceid_entry in $Sourceid_Data)
{
$counter++
$percentagecomplete = ($counter/$totalcounter)*100
Write-Progress -Activity "Comparing values" -Status "$counter checking" -PercentComplete $percentagecomplete
    foreach($Sourceid_entry1 in $requestorid_data)
    {
        if(($Sourceid_entry.SamAccountName -eq $Sourceid_entry1.SamAccountName))
        {
            $flag = 1   
            break
        }  
        else
        {
            $flag = 0
        }
     }
     if($flag -eq 0)
     {
     
 $Sourceid_entry | Select @{n="SamAccountName";e={$Sourceid_entry.SamAccountName}},@{n="GroupScope";e={$Sourceid_entry.GroupScope}},@{n="GroupCategory";e={$Sourceid_entry.GroupCategory}},@{n="objectClass";e={$Sourceid_entry.objectClass}},@{n="distinguishedName";e={$Sourceid_entry.distinguishedName}} | Export-Csv .\Differences_$sourceid.csv -NoTypeInformation -Append
     }
  }

Active Directory - Moving FSMO Roles via Command line

Entra ID - Syncing / Unsyncing an OU from Azure AD Connect

Powershell Script - Removing Members (Users / Groups) from AD Group.

 #Created By - Abhishek Bansal

<#Read Me !! 

1. Script Usage - Removing Members (Users & Groups ) mentioned in Input.txt from AD Group.

2. Incase of Access Denied, run ISE as Administrator & make sure account used should have sufficient rights to remove User id from AD Group.

For using it on any other server, just copy the entire folder, edit .ps1 into PS ISE & run it. #>

$grp = Read-Host "Enter AD Group Name = "

Get-ADGroupMember -Identity $grp | Select Name,Samaccountname | Export-Csv ./BeforeRemoval_Membership_$grp.csv -NoTypeInformation -Append

$users = Get-Content .\Input.txt

$line = 0

$linecount = $users.Count

$percentagecomplete= 0

$filename = "Output_"+(Get-Date -Format "yyyy_MM_dd")+".csv"

foreach($userid in $users)

    {

    $line++

    $percentagecomplete = $line / $linecount * 100

    $error.Clear()

    $userid = $userid.Trim()

   Write-Progress -Activity "Removing Users..." -PercentComplete $percentagecomplete -Status "$line out of $linecount"

    try{

          Remove-ADGroupMember -Identity $grp -Members $userid -Confirm:$false

     $userid | Select-Object -Property @{n="Samaccountname";e={$userid}}, @{n="Status";e={"$userid removed succesfully on $(get-date)" }}  | Export-csv ./$filename -NoTypeInformation -Append

    }

catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]

    {

    $userid | Select-Object -Property @{n="Samaccountname";e={$userid}}, @{n="Status";e={$error.exception.message}} | Export-csv ./$filename -NoTypeInformation -Append

    }

}

Get-ADGroupMember -Identity $grp | Select Name,Samaccountname | Export-Csv ./AfterRemoval_Membership_$grp.csv -NoTypeInformation -Append

Powershell Script - Fetching LAPS Password from AD

 #Created By - Abhishek Bansal 

#Time Stamp - Saturday, April 1, 2023 9:27:17 AM

<#Read Me !! 

1.Script will fetch LAPS Password from AD.

2.Try Catch block is used to filter out non existing computer objects. Refer commnets as "Computer object not found" in the last column.

3.Last column blank means that computer object LAPS password is not there in AD.

For using it on any other server, just copy the entire folder, edit .ps1 into PS ISE & run it. 

#>

$inputdata = Get-Content .\Input.txt

$line = 0 

$linecount = $inputdata.count

$percentagecomplete= 0

$filename = "Output_"+(Get-Date -Format "yyyy_MM_dd")+".csv"

foreach($server in $inputdata)

{

$line++

$percentagecomplete = ($line / $linecount) * 100

$server = $server.trim()

Write-Progress -Activity "Fetching Laps Password.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"

    try{

       Get-ADComputer -Identity $server -Properties * | Select Name,OperatingSystem,CanonicalName,ms-Mcs-AdmPwd  | Export-Csv ./$filename -NoTypeInformation -Append

               }

    catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]

 {

     $server | Select @{n="Name";e={$server}},@{n="OperatingSystem";e={"NA"}},@{n="CanonicalName";e={"NA"}},@{n="ms-Mcs-AdmPwd";e={"Computer object not found"}} | Export-Csv ./$filename -NoTypeInformation -Append

    }

}

Windows Admin Center - Part 2 || Configuring WAC, Adding & Managing Servers

Windows Admin Center - Part 1 Download & Installation

Powershell Script - KB Installation Status on Windows Servers / Clients.

 #Created By - Abhishek Bansal
<#Read Me !! 
1. Script will check if a KB mention in Input.csv against a Server name is installed or not.
2. Input.csv file header heading should not be changed. If planning to change, then changes are required in script also.
3. Once executed, Output.csv can be referred for the results.
To use this, copy the below code, have Input.csv on the same location with MachineName,KBID heading.
KBID - will be containing KBNo.
Machine Name -Server name against check is required.
#>

$checkdata = Import-Csv .\Input.csv
$line = 0 
$linecount = $checkdata.count
$percentagecomplete= 0 
    foreach($srv in $checkdata)
    {
    $percentagecomplete = ($line / $linecount) * 100
       $KB = $srv.KBID
       $error.Clear()
       Write-Progress -Activity "Checking Status.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"
        try{
            if(($output = Get-HotFix -ComputerName $srv.'MachineName' -Id $KB).HotfixID -eq $KB) 
            {
            $srv |  Select @{n="MachineName";e={$srv.MachineName}},@{n="HotFixID";e={$KB}},@{n="InstalledOn";e={$output.InstalledOn}}  | Export-Csv ./Output.csv -Append -NoTypeInformation
            }
            
            else
            {
           $srv |  Select @{n="MachineName";e={$srv.MachineName}},@{n="HotFixID";e={$KB}},@{n="InstalledOn";e={"Not Installed"}} | Export-Csv ./Output.csv -Append -NoTypeInformation
            }
            }
            catch 
            {
           
            $srv | Select @{n="MachineName";e={$srv.MachineName}},@{n="HotFixID";e={$KB}},@{n="InstalledOn";e={$error.exception.Message}}  | Export-Csv ./Output.csv -Append -NoTypeInformation
             
            }
            $line++
    }
  

Powershell Script - Listing Empty GPOs

  #Created By - Abhishek Bansal

<#Read Me !! 

1. Script Usage - Finding Empty GPOs in the domain environment.

Script Logic -  Logic revolves around GPO Template & GPO Container user & computer version. So if  a policy is created but it's not configured with any setting or it's never been edited, then the Sysvol & AD Version for both the container & template are 0.

Below Snap for reference -

2. Refer EmptyGPos.csv for the output & below is the code. #>

import-module grouppolicy

$gpos = Get-GPO -All

foreach ($gpo in $gpos)

{

    if (($gpo.Computer.DSVersion -eq 0 -and $gpo.User.DSVersion -eq 0) -and ($gpo.Computer.SysvolVersion -eq 0 -and $gpo.User.SysvolVersion -eq 0))

    {

         $gpo | Select @{n="GPO Name";e={$_.Displayname}},DomainName,Owner,@{n="GUID";e={$_.ID}},GPoStatus,CreationTime,ModificationTime | Export-Csv ./EmptyGPO.csv -NoTypeInformation -Append

    }

}

Powershell Script - Fetching AD Group Details

 #Created By - Abhishek Bansal
<#Read Me !! 
1. Script Usage - Fetching AD Group details such as Description, Group Type, Name, Category etc for all the Groups mentioned in Input.txt
2. Refer Groupinfo.csv for the details.
3. Refer Errorlogs.csv for any error logs.

For using it, directly copy the entire code, save it in .ps1 extension and have a Input.txt file on the same location containing AD Group names#>

$group = Get-Content .\Input.txt
Write-Host -ForegroundColor Green "Total count of Groups input = $($group.count)"
$line = 0
$linecount = $group.count
$pct = 0
foreach($groupname in $group)
{
$error.Clear()
    $line++
    $pct = $line/$linecount * 100
     Write-Progress -Activity "Checking AD Group information.." -PercentComplete $pct -Status "$line of $linecount"
     try{
    Get-ADGroup -Identity $groupname -Properties * | Select SamAccountName,Description,Info,GroupScope,GroupCategory,CanonicalName | Export-Csv ./Groupinfo.csv -NoTypeInformation -Append
    }
    catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
    {
    $groupname | Select-Object -Property @{n="Samaccountname";e={$groupname}},@{n="Status";e={$error.exception.Message}} | Export-Csv ./Errorlogs.csv -NoTypeInformation -Append
    }
}

Powershell Script - Fetching User details along with their Manager details from AD.

 #Created By - Abhishek Bansal

<#Read Me !! 

1. Script Usage - Fetching User details along with User Manager name & email ID from AD.

2. User Sammacount name needs to be provided in Input.txt

3. Try Catch block is used to filter out Users not found in AD. Use Name columns to filter the output.

4. Refer Output.csv for final results.

For using it, directly copy the entire code, save it in .ps1 extension and have a Input.txt file on the same location.

#>

function getdetails($mgrdn)

{

$mgrdata = Get-ADUser -Properties * -Filter{DistinguishedName -like $mgrdn} | Select Samaccountname,Name,EmailAddress

return $mgrdata

}

$inputuser = Get-Content ./Input.txt

$line = 0 

$linecount = $inputuser.count

$percentagecomplete= 0

foreach($userid in $inputuser)

{

$line++

$percentagecomplete = ($line / $linecount) * 100

$userid = $userid.trim()

Write-Progress -Activity "Checking Status.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"

[String]$dn = (Get-ADUser -Properties * -Identity $userid).Manager

$managerdetails = getdetails -mgrdn "$dn"

$Error.Clear()

try

    {

    Get-ADUser -Properties * -Identity $userid | Select Samaccountname,Name,EmailAddress,co,@{n="Manager_Samaccountname";e={$managerdetails.Samaccountname}},@{n="Manger Name";e={$managerdetails.Name}},@{n="Manager Mail";e={$managerdetails.EmailAddress}}  | Export-Csv ./Output.csv -NoTypeInformation -Append

  }

    catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]

    {

    $userid | Select @{n="Samaccountname";e={$userid}},@{n="Name";e={$Error.Exception.Message}},EmailAddress,co,@{n="Manager_Samaccountname";e={}},@{n="Manger Name";e={}},@{n="Manager Mail";e={}} | Export-Csv ./Output.csv -NoTypeInformation -Append

    }

}

Powershell Script - Export AD Group Membership containing large members

#Created By - Abhishek Bansal

<#Read Me !! 
1. Script Usage - Useful if members of AD Group are large in number. There are cases where Get-ADGroupMember fails when we have lots of members. ( More then 5K /6K )
2. Script is capable of exporting not only users objects but others too. ( Ex Groups ).
3. User need to input AD Group name when prompt & results can be checked in Groupname_Membership.csv file.

For using it, just copy the below code, run it
#>

$group = Read-Host "Enter AD Group Name"
$dn = Get-ADGroup -Identity $group -Properties * | Select objectClass -ExpandProperty Member

$line = 0 
$linecount = $dn.Count
$percentagecomplete= 0

foreach($row in $dn)
{
$line++
$percentagecomplete = ($line/$linecount)*100
$row = $row.trim()

Write-Progress -Activity "Checking Status.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"

Get-ADObject -Properties * -Filter{DistinguishedName -like $row} | Select Name,Samaccountname,@{n="Member Category";e={$_.ObjectClass}} | Export-Csv ./$group.Membership.csv -NoTypeInformation -Append

}

Windows - .Net 3.5 Installation Error. Source File not found

Windows - What are Logical Ports ?

DNS - Setting up Conditional Forwarders

DNS - Difference in Conditional Forwarders & Forwarders

Active Directory - Lost and Found in AD