PowerShell to Add a Workstation to a User’s Log On To Property

It’s easy enough to use ADUC or ADAC to┬áchange the list of computers that a user account is authorized to logon to, but sometimes (like, whenever possible!) you need to use PowerShell. Let’s start by seeing what workstations the user is allowed to logon to now… PS C:\> Get-ADUser jay.test -Properties LogonWorkstations | Format-List Name, LogonWorkstations Name : Jay Test LogonWorkstations : testpc This tells […]

Read Me Leave comment

3 Steps to Get Control of Your Local Admin Account Passwords

A few years ago, Microsoft removed the ability to store passwords in Group Policy Objects using the cPassword method that Active Directory domain administrators had been using for over a decade because it was too easy to extract the password from the GPO files on the domain controller. LAPS provides a way to securely set and retrieve a random password for local administrator accounts on […]

Read Me Leave comment

Troubleshooting a Recurring Account Lockout

If you haven’t had to deal with a mysterious, recurring account lockout, then you haven’t been on the job very long. Almost all Active Directory installations include a Group Policy Object specifying basic account security options such as password length and account lockout thresholds. These settings are essential for adequate data security, but they can become a real pain when a user keeps getting locked […]

Read Me 2 Comments

Two Ways to Add Multiple Users or Contacts to a Distribution Group

Say you just created a large number of new Mail Contacts or you just created a new Distribution Group and you need to add the new contacts or a large number of users to the new group. There are multiple ways to do this. I’ll show you two of them that are useful in two different scenarios. Method One: If all of the objects are […]

Read Me Leave comment

PowerShell Script for Automating Personnel Changes

I just finished coding a PowerShell script designed to automate changes to Active Directory, Exchange, and Lync accounts based on input from a human resources database. With resources continually getting thinner, I’m hoping this allows the help desk to focus on more important tasks, like the software, hardware, and training issues of┬áthousands of end users. As I’ve pointed out elsewhere, I’m not a programmer; I’m […]

Read Me 1 Comment

Adding an Employee ID Number to Active Directory

The Active Directory database contains two fields that can be used to store an employee ID number: EmployeeID EmployeeNumber Neither field is used for anything currently, and neither one shows up in Active Directory Users & Computers or Active Directory Administrative Center by default. ADUC can be modified to display one or both of the two available fields (See here for example), but I don’t […]

Read Me Leave comment

Assign the value of ObjectGUID to a string variable in Powershell

The ObjectGUID property of an AD object is weird. I tried using -Expand and foreach{$_.ObjectGUID} to extract the value, but neither did quite what I expected. Here’s how I was able to get the value of that property into a string variable that I could then use for something useful. $uGuid = (Get-ADUser <username> | Select -Expand ObjectGUID).toString() The value of $uGuid will be the […]

Read Me Leave comment