Some articles are posted as Images, Please use Computers to go through them for best experience. For phone users, switch to Web Version

Active Directory - Delegating SPN Read/Write Access to a Domain account

 

Windows - Setup an automated task that clear up Older log files automatically.

Powershell command to cleanup logs

Get-ChildItem "C:\UpdateLogs" -File -Recurse | Where-Object { $_.LastWriteTime -lt (Get-Date).AddDays(-5) } | Remove-Item -Force


































Windows Script - Fetching Ownership details, Inheritance status and NTFS Permissions of Root and all it's Subfolders

 <# Created By Abhishek Bansal

Read Note 

Script Usage - Useful in fetching Owners details, Inheritance status, NTFS Permissons of Parent / Root folder & all the sub folders.

Pre requisites :: Copy all the code into a text file, save it with an extension ".PS1".Once saved, run this script as Administrato / from ID that has access to the folders.

Execution & Outputs :: Once executed, there will be multiple Outifle files created which would be -

FolderInheritance.csv - Containing Root folder and subfolders Ownnership details along with inheritance status.

FolderACL.csv - Containing Root folder and subfolders NTFS permissions.

Along with above, Errorlogs.csv can also be produced if there are any errors encountered while executing this script.#>

 


$RootPath = Read-Host "Enter Full Absolute Path of the Root folder = " 

$subfolders = Get-ChildItem -Path "$RootPath" -Filter * -Recurse -Directory | Select * #Listing all the Subfolders inside Root Path.


Get-Acl -Path $RootPath  |  Select-Object -Property @{n="Path";e={$RootPath}},Owner,@{n="Inheritance Blocked";e={$_.AreAccessRulesProtected}} | Export-Csv ./FolderInheritance.csv -NoTypeInformation -Append

(Get-Acl -Path $RootPath).Access | Select @{n="Path";e={$RootPath}},IdentityReference,FileSystemRights,AccessControlType | Export-Csv ./FolderACL.csv -NoTypeInformation -Append


foreach($Subfolder in $subfolders)

    {

    $Subfolderpath = $Subfolder.FullName

    try{

    Get-Acl -Path $Subfolderpath  |  Select-Object -Property @{n="Path";e={$Subfolderpath}},Owner,@{n="Inheritance Blocked";e={$_.AreAccessRulesProtected}} | Export-Csv ./FolderInheritance.csv -NoTypeInformation -Append

    (Get-Acl -Path $Subfolderpath).Access | Select @{n="Path";e={$Subfolderpath}},IdentityReference,FileSystemRights,AccessControlType | Export-Csv ./FolderACL.csv -NoTypeInformation -Append


       }


    catch{

    $Subfolderpath | Select @{n="Path";e={$Subfolderpath}},@{n="Errorinfo";e={"Path Not accessible."}} | Export-Csv ./Errorlogs.csv -NoTypeInformation -Append

    }


 }

AD Script - Fetching User's manager details from Active Directory

 <#Created By - Abhishek Bansal

Read Note

Script Usage :: Fetching User details along with their Manager's name & email ID from AD.

Pre requisites :: Copy all the code into a text file, save it with an extension ".PS1".  A file named Input.txt needs to be created, this file will be containing User Samaccount name. Once saved run it with Admin rights.

Execution & Outputs :: Output_.csv fill will be containing all the results. #>

function getdetails($mgrdn)

{

$mgrdata = Get-ADUser -Properties * -Filter{DistinguishedName -like $mgrdn} | Select Samaccountname,Name,EmailAddress

return $mgrdata

}

$inputuser = Get-Content ./Input.txt

$line = 0 

$linecount = $inputuser.count

$percentagecomplete= 0

$filename = "Output_"+(Get-Date -Format "yyyy_MM_dd")+".csv"

foreach($userid in $inputuser)

{

$line++

$percentagecomplete = ($line / $linecount) * 100

$userid = $userid.trim()

Write-Progress -Activity "Checking Status.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"

[String]$dn = (Get-ADUser -Properties * -Identity $userid).Manager

$managerdetails = getdetails -mgrdn "$dn"

$Error.Clear()

    try

    {

    Get-ADUser -Properties * -Identity $userid | Select Samaccountname,Name,EmailAddress,co,@{n="Manager_Samaccountname";e={$managerdetails.Samaccountname}},@{n="Manger Name";e={$managerdetails.Name}},@{n="Manager Mail";e={$managerdetails.EmailAddress}} `

    | Export-Csv ./$filename -NoTypeInformation -Append

    }

    catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]

    {

    $userid | Select @{n="Samaccountname";e={$userid}},@{n="Name";e={$Error.Exception.Message}},EmailAddress,co,@{n="Manager_Samaccountname";e={}},@{n="Manger Name";e={}},@{n="Manager Mail";e={}} `

    | Export-Csv ./$filename -NoTypeInformation -Append

    }

}

AD Script - Exporting AD Group Membership containing Large count of members

<#Created By - Abhishek Bansal

Read Note 

Script Usage :: Fetching AD Group membership containing large number of members. There are cases where Get-ADGroupMember fails. ( More then 5K /6K ). Script is capable of exporting not only users objects but others too. ( Ex Groups ).

Pre requisites :: Copy all the code into a text file, save it with an extension ".PS1". Once saved run it with Admin rights.

Execution & Outputs :: User need to input AD Group name when prompt & results can be checked in Groupname_Membership.csv file. #>

$group = Read-Host "Enter AD Group Name = "

$dn = Get-ADGroup -Identity $group -Properties * | Select objectClass -ExpandProperty Member

$line = 0 

$linecount = $dn.Count

$percentagecomplete= 0

foreach($row in $dn)

{

$line++

$percentagecomplete = ($line/$linecount)*100

$row = $row.trim()

Write-Progress -Activity "Checking Status.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"

Get-ADObject -Properties * -Filter{DistinguishedName -like $row} | Select Name,Samaccountname,@{n="Member Category";e={$_.ObjectClass}} | Export-Csv ./$group.Membership.csv -NoTypeInformation -Append

}

 

AD Script - Remove Computer Objects from Active Directory

<#Created By - Abhishek Bansal

Script Usage - Deleting Computer Objects mentioned in Input.txt from AD.

Incase of Access Denied, run ISE as Administrator & make sure account used should have sufficient rights to delete a Computer Object.

For using it on any other server, just copy the entire folder, edit .ps1 into PS ISE & run it. 

#>

$servers = Get-Content -Path .\Input.txt

$line = 0

$linecount = $servers.Count

$percentagecomplete= 0

$filename = "Output_"+(Get-Date -Format "yyyy_MM_dd")+".csv"

foreach($server in $servers)

{

$error.Clear()

$server = $server.trim()

$line++

$percentagecomplete = $line / $linecount * 100

Write-Progress -Activity "Removing Computer Objects.." -PercentComplete $percentagecomplete -Status "$line out of $linecount"

    try{

    Remove-ADComputer -Identity $server -Confirm:$false

    $server | Select-Object -Property @{n="Computer Name";e={$server}},@{n="Status";e={("Deleted Succesfully")}} | Export-csv ./$filename -NoTypeInformation -Append

    }

    catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]

      {

    $server | Select-Object -Property @{n="Computer Name";e={$server}},@{n="Status";e={$error.exception.Message}} |  Export-csv ./$filename -NoTypeInformation -Append

      }

}