I am currently using a powershell script to return last active computers and the respective domain hosts on AD as shown below:
Get-ADComputer -Filter {enabled -eq $true} -properties *|select Name, DNSHostName, OperatingSystem, LastLogonDate
What I want to do next is to list all the computers/servers within the subnet of 255.255.251.0 that use the username "Administrator." How would I go about achieving this through editing my above script?
Related
I have a task to get the number of computers connected to a certain Active Directory, grouped by OS.
I figured out how to find out the name of the OS installed on a certain computer:
Get-ADComputer -Filter * -Properties * | Select-Object -ExpandProperty OperatingSystem
I am having a hard time understanding, how should I group and then count the different kind of operating system in powershell. Also in the testing enviroment I got set up, I only have one computer connected to the AD, so I really don't have room to test out my ideas. I have requested some additional virtual machines to be connected to the AD, but I would like to figure the how until I get those.
As suggested in the comments by #Scepticalist - Group-Object is the tool designed for this specific purpose.
Get-ADComputer -Filter * -Properties OperatingSystem | group-object OperatingSystem | select name,count
All Windows Servers
Get-ADComputer -Filter {operatingsystem -like 'server'} -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address,lastlogondate | Export-Csv c:\temp\WinServers6.csv
All Windows clients
Get-ADComputer -Filter {operatingsystem -notlike 'server'} -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address,lastlogondate | Export-Csv c:\temp\WinClients.csv
All Computers in AD
Get-ADComputer -Filter * -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address
I'm trying to get to:
Remote Sites
MyCity
Computers
and get a list of all the computers.
Here's what I have so far:
Get-ADComputer -Filter * -SearchBase "OU=MyCity,DC=MyDomain,DC=com" |
Select -Property Name, DNSHostName, Enable, LastLogonDate
I have admin rights on a machine connected to AD. But I don't have rights on the Domain Controller.
With PowerShell is it possible to get all authentication delegation settings of an AD account from my admin machine? If possible how?
What I mean as delegation settings is the Delegation tab of the AD account, used for Kerberos authentication. Below is a snapshot of what I am referring about. Currently I could see few services to which the account can present delegated credentials, but not all since I cannot scroll down the list as it is greyed out.
Get-ADObject -Filter {name -eq "yoursamaccountname"} -Properties msDS-AllowedToDelegateTo
Get-ADUser -Filter {SamAccountName -eq "YourAccountSamName"} -Properties msDS-AllowedToDelegateTo | Select-Object -ExpandProperty msDS-AllowedToDelegateTo
It will list all services to which the account can present delegated credentials
The answer from Neroon did not work for me unfortunately, but I come up with a solution for AD user that works in case anyone else is looking for it:
Get-ADUser -filter { SamAccountName -eq "YouAccountSamName" } -Properties TrustedForDelegation | Select SamAccountName, TrustedForDelegation | FT -A
For multiple users:
$users = #('user1', 'user2')
$users | ForEach {Get-ADUser -filter { SamAccountName -eq $_ } -Properties TrustedForDelegation} | Select SamAccountName, TrustedForDelegation | sort -property SamAccountName | FT -A
I am testing powershell with active directory,
have created list of OU in particular domain, but unable to remove all the OU from AD, Want to remove all OU except built in from AD
below is the script i am using, but it is giving access denied-
using administrator id
Get-ADOrganizationalUnit -Filter {Name -notlike "Domain Controllers"} -SearchBase (Get-ADDomain).Distinguishedname -SearchScope OneLevel | Remove-ADOrganizationalUnit -Recursive -Confirm:$false
OU's are protected by default, you have to remove that flag before deleting:
Set-ADObject -ProtectedFromAccidentalDeletion $false
So I have a script with the purpose of scanning devices that start with a certain name, then return results of computers missing a group. My problem is, the device I need it to run from turns out not to be in the same tree. I have seen some commands, but I wanted to be sure I had the syntax right. I will include part of the script for context:
Import-Module ActiveDirectory
$Group = "A-Certain-Group"
$Groupname = (Get-ADGroup $Group).distinguishedName
$Computers = Get-ADComputer -filter "name -like 'Big*'" -Prop MemberOf | Where{$_.MemberOf -notcontains $Groupname}
So let's say I am running it from "company.net", and it needs to perform the above script on "companynet.net" instead. What is the proper method?
The AD cmdlets all have a -server parameter which lets you specify other domains. Just use it to specify the other domain assuming there is a trust.
$Groupname = (Get-ADGroup $Group -Server companynet.net).distinguishedName
$Computers = Get-ADComputer -Server companynet.net -filter "name -like 'Big*'" -Prop MemberOf | Where{$_.MemberOf -notcontains $Groupname}
Note that if you don't have permission to perform actions in the domain you will also need to use the -credential parameter.