Assign the value of ObjectGUID to a string variable in Powershell

The ObjectGUID property of an AD object is weird. I tried using -Expand and foreach{$_.ObjectGUID} to extract the value, but neither did quite what I expected. Here’s how I was able to get the value of that property into a string variable that I could then use for something useful. $uGuid = (Get-ADUser <username> | Select -Expand ObjectGUID).toString() The value of $uGuid will be the […]

Read Me Leave comment

Who has access to do what where?

If you manage Active Directory in a large organization, chances are good there are a number of cooks in the kitchen. Every now and then it’s good to review who has access to do what. I’m sure there are any number of great tools out there to give you this kind of information (feel free to link them in the comments), here’s a cmdlet to […]

Read Me Leave comment

GPO to Set Local Admin Group Membership Not Applied

I use Group Policy Objects to manage the local Administrators groups in various departments/Organizational Unites in my Active Directory domain. I recently encountered a problem in which the policy was not applying to the computers in a single OU. I verified that the settings in the GPO were correct and that “Authenticated Users” had “apply” permission. I removed the entries from “Local Users and Groups” […]

Read Me Leave comment

Get a Quick Count of Users in Each OU

You never know when you need odd little tidbits of information out of Active Directory. Here’s a quick script you can run using the Active Directory Module for PowerShell to get a count of users in each of your OUs. Just replace “ou=Employees,dc=domain,dc=com” with the CN path to OU you use for all user accounts.   $BaseOU = “ou=Employees,dc=domain,dc=com” $DNs = (Get-ADOrganizationalUnit -Filter * –SearchBase […]

Read Me 4 Comments

Get a list of your Group Policy Objects using PowerShell

I use this cmdlet for periodic auditing of Group Policies: Get-GPO -All | select DisplayName, ID, Description, CreationTime, ModificationTime | Export-Csv c:\temp\GPOs.csv -NoTypeInformation This produces a CSV file with the following information: Default Domain Policy xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Created with AD installation 9/1/2009 15:31 12/12/2012 19:05 Another Group Policy xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Description for GPO 2 10/3/2009 17:45 10/4/2009 9:23 Policy Three xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Description for GPO 3 4/16/2010 20:01 […]

Read Me 2 Comments

Directory object not found error with Get-ADUser (and other cmdlets)

Say you want a spreadsheet of all users in the default Users OU. Easy. You open the Active Directory Module for Windows PowerShell and enter this cmdlet: Get-ADUser -Filter * -SearchBase “OU=Users,DC=domain,DC=com” -Properties “Description” | fl Name, SamAccountName, Enabled, Description And you get this error: Get-ADUser : Directory object not found At line:1 char:1 + Get-ADUser -SearchBase “OU=Users,DC=domain,DC=com” -Filter * -Properties  … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     […]

Read Me 10 Comments

PowerShell Script to Retrieve Basic User Stats

This is a quick and dirty PowerShell script to retrieve the user statistics that I need most frequently. It works great for my help desk too. # Filename : get_status.ps1 # Purpose : Queries basic account status info. # # Requires the following applications to be installed: # Quest ActiveRoles AD Management Snapin # # Modified : 2013.03.05 Jay Carper; Created # Param([string]$Username) # If […]

Read Me Leave comment