Some articles are posted as Images, Please use Computers to go through them for best experience. For phone users, switch to Web Version

Windows Server Video Links

Patch Installation via Command line in Windows Servers - YouTube

Tutorial4 Converting Windows Server Evaluation to Full Version (youtube.com)

Resetting Local Admin Password on Windows Servers (youtube.com)


Active Directory Video Links

Move FSMO Roles via Command Line - YouTube

Active Directory - Lost and Found Conflict - YouTube

Active Directory - Fine Grain Password Policy - YouTube

Restricting Domain Users from Joining Workstations to the Domain (youtube.com)

LAPS Implementation (youtube.com)

Forcefully Demotion of a Domain Controller (youtube.com)


Setting up Practical LABS Video Links

Tutorial 1 Getting Started with LAB Design || Downloading Setups || Vmware Workstation Installation (youtube.com)

Tutorial2 - VM Creation || Windows Server Installation || Sysprep (youtube.com)

Tutorial 3 - Setting up first Windows Server using Generalized template - YouTube

Tutorial 4 Converting Windows Server Evaluation to Full Version (youtube.com)

Tutorial5 Setting up Windows Servers with Basic Postconfiguration (youtube.com)

Tutorial6 Promoting First Domain Controller (youtube.com)

Tutorial7 Using Windows Server as a Router (youtube.com)

Tutorial8 Promoting DC with Higher OS / Upgrading DC to a Higher OS (youtube.com)




No comments:

AD Script - Fetch User Account Password related details

 <#Created By - Abhishek Bansal

Read Note 

Script Usage - Finding UserID password related details such as -

1. Password Expired or not ?

2. If Expired, then on which day it's going to expired ?

3. How many days left before it expires ?

4. Whether UserId is active or not ?

Pre requisite :: Copy all the code into a text file, save it with an extension ".PS1". On the same location create a file named "Input.txt" containing Samaccountname of all the users against which you are looking to get info.

Execution & Outputs :: Once executed Output will be saved in a file named Userdetails_$date.csv for detailed output.#>


$inputuserids = Get-Content ./Input.txt

$date = $(Get-Date -Format "dd_MM_yyy")+".csv"

foreach($userid in $inputuserids)

{

    try{


Get-ADUser -Identity $userid -Properties Displayname,msDS-UserPasswordExpiryTimeComputed,PasswordExpired,Enabled,`

Passwordlastset | Select Displayname,Samaccountname,@{n="AccountStatus";e={if($($_.Enabled) -eq $true){"Active"}else{"Disabled"}}},`

Passwordlastset,PasswordExpired,@{n="ExpiryDate";e={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},`

@{n="DaysLeft";e={(New-TimeSpan -Start $(Get-Date) -End $([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed"))).Days}}`

| Export-Csv ./Userdetails_$date.csv -NoTypeInformation -Append


}

catch

{

$userid | Select-Object -Property @{n="Displayname";e={"NA"}},@{n="Samaccountname";e={$userid}},@{n="AccountStatus";e={"NA"}},@{n="Passwordlastset";e={"NA"}},@{n="PasswordExpired";e={"NA"}},@{n="ExpiryDate";e={"NA"}},@{n="DaysLeft";e={"NA"}}| Export-Csv ./Userdetails_$date.csv -NoTypeInformation -Append


}


}

Sample Output





No comments:

AD Script - Creating new AD Groups

<#Created By - Abhishek Bansal

Script Usage - Creating new AD Groups.

Pre requisites :: Setup a Input.csv file containing details such as Group name, Category, Description, Group type and Path. Once done, Copy all the code into a text file, save it with an extension ".PS1". Once saved, run this script as Administrator.

Execution & Outputs :: Once executed, AD Groups will be created along with an output file named "Logs_date" containing all the results.#>

#Below is the snip of CSV file, (don't change the headers of each columns).













$groupdetails = Import-Csv .\Input.csv

$date = $(Get-Date -Format "dd_MM_yy")+".csv"

foreach($group in $groupdetails)

{

    try

    {

    New-ADGroup -Name $group.Name -GroupScope $group.Scope -GroupCategory $group.Category -Path $group.Path -Description $group.Description -PassThru  | Select Name,@{n=("Status");e={("Created under")}},DistinguishedName | Export-Csv ./Logs_$date -Append -NoTypeInformation

    }

catch

    {

       $group | Select-Object -Property @{n=("Name");e={($group.Name)}},@{n=("Status");e={("already exist under ")}},@{n="DistinguishedName";e={((Get-ADGroup -Identity $group.Name).DistinguishedName)}} | Export-Csv ./Logs_$date -Append -NoTypeInformation

        }

}


Sample Output after Groups creation















No comments:

Powershell Script - Checking SMB1 Feature Status on Windows Servers

$servers = @("DDC01","DMMS01","DMMS02","DDC02","FakeServer","Tempvm4") #Listing all servers in " " quotes. Take input from a file if server count is large.

$date = (Get-Date -Format "dd_MM_yyyy")+".html"

$outputHTML = "<HTML>

<Body><Table border='2'>

<h2> SMB1 Status Report Started at $(Get-Date)</h2>

<TR><Td>Name</Td><Td>Operating System</Td><Td>DistinguishedName</Td>s

<Td>SMB1Status</Td></Tr>"


foreach($server in $servers)

{

$server = $server.trim()

$error.Clear()

try{

$command1 = Get-ADComputer -Identity $server -Properties OperatingSystem,DistinguishedName | Select-Object -Property Name,OperatingSystem,DistinguishedName -ErrorAction Stop 

}

catch{

$command1 = "Error"

}

try{

$command2 = Invoke-Command -ComputerName $server -ScriptBlock{(Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol).State} -ErrorAction Stop

}


catch{

$command2 = "Error"

}

if(($command1 -eq "Error")) 

    {

    $outputHTML += "<TR style='background-color:orange'>"

     $outputHTML += "

    <TD>$($server)</TD>

    <TD>$("NA")</TD>

    <TD>$("NA")</TD>

    <TD>$("Unable to fetch, please check manually")</TD>

    </TR>"

    }

    elseif(($command2 -eq "Error"))

    {

    $outputHTML += "<TR style='background-color:orange'>"

     $outputHTML += "

    <TD>$($server)</TD>

    <TD>$($command1.OperatingSystem)</TD>

    <TD>$($command1.DistinguishedName)</TD>

    <TD>$("Unable to fetch, please check manually")</TD>

    </TR>"

   }

else

    {

    $command3 = $command1 | Select-Object -Property Name,OperatingSystem,DistinguishedName,@{n="SMB1Status";e={$command2}}

        if(($($command3.SMB1Status.Value) -eq "Disabled"))

        {

        $outputHTML += "<TR style='background-color:red'>"

        }

        else

        {

        $outputHTML += "<TR>"

        }


   $outputHTML += "

    <TD>$($command3.Name)</TD>

    <TD>$($command3.OperatingSystem)</TD>

    <TD>$($command3.DistinguishedName)</TD>

    <TD>$($command3.SMB1Status.Value)</TD>

    </TR>"

    }

}


$outputHTML += "</Table></Body></Html>"

$outputHTML += "<h2> SMB1 Status Report Ended at $(Get-Date) </h2>"

$outputHTML | Out-File ./SMB1Status_$date



Sample Output






No comments:

Windows Script - Profile folder Status check with Active Directory | Cleanup Project

<#Created By Abhishek Bansal

Read Note 

Script Usage :: Checks all the profile folders created under C:\Users for their current status in AD, ie whether they are active or not. Useful in finding out unnecessary profile folder.

Pre requisites :: Copy all the code into a text file, save it with an extension ".PS1". Once saved, run it as Administrator.

Execution & Outputs :: Output will be displayed in ProfileID_Status.csv #>


$srv = Read-Host "Enter Name or IP address of the Server = "

$Profile = Get-ChildItem "\\$srv\c$\Users" -Exclude "Public","Administrator*",".Net*","MSSQL*","Temp*"   #Mention any other local profile that you want to exclude.

foreach($row in $Profile.Name){

    $row = $row.Trim()

    try{

    Get-ADUser -Properties * $row | Select-Object -Property Displayname,Samaccountname,@{n="Status";e={$_.Enabled}},whenChanged,PasswordExpired,LastLogonDate | Export-Csv ./ProfileID_Status.csv -Append -NoTypeInformation

    }

    catch

    {

    $row | Select-Object -Property @{n="Displayname";e={"NA"}}, @{n="Samaccountname";e={$row}},@{n="Status";e={"ID is either local/disabled or doesn't exist in AD"}}, @{n="whenChanged";e={"NA"}}, @{n="PasswordExpired";e={"NA"}}, @{n="LastLogonDate";e={"NA"}} | Export-Csv ./ProfileID_Status.csv -Append -NoTypeInformation

    }

}


Sample Output



No comments:

Powershell Script - Exporting GPO Settings in HTML

<#Read Me

Script Usage - Backing/Exporting GPO settings into HTML format.

Script Workflow

1. We can either use a ".txt" file as an Input file containing GPO's which we want to export.

2. Incase, we want to export all the GPO's in the domain, then use "Get-GPO" cmdlet with -All switch.

3. Outputs will be created in GPOname.html 

******************************************************************************#>


#Script 1 - Exporting all the GPO's in the domain.

$gpo = Get-GPO -All

foreach($item in $gpo)

{

$gponame = $item.DisplayName

Get-GPOReport -Name $gponame -ReportType HTML | Out-File ./$gponame.html

}


#Script 2 - Exporting all the GPO's mentioned in 'InputGPOdetails.txt' file.

#Note - Have this file under same folder where Script is kept.


$InputGPOdetails = Get-Content ./InputGPOdetails.txt

foreach($gponame in $InputGPOdetails)

{

Get-GPOReport -Name $gponame -ReportType HTML | Out-File ./$gponame.html

}

No comments:

Entra ID - Blocking User to use MFA



No comments:

Entra ID - Troubleshooting Password Hash Sync Issue



No comments:

Entra ID - Stop Syncing Onprem AD Users to Entra ID using Sync Rule Editor



No comments:

Windows - Patch Installation via Command Line



No comments:
Subscribe to: Posts (Atom)