I am setting up a bunch of computers, and for this i am using powershell.
To setup admin accounts, i have used the net command, but as I get some pc's with danish OS and some with english the commands differ slightly.
Danish version:
net localgroup Administratorer username /add
english version:
net localgroup Administrators username /add
This means i need two versions of the script. is it possible to take another aproach? perhaps using some ID to identify the admin group? like writing 3334 instead of administator
The builtin Administrators group may indeed have different names depending on the installation language, but the group's security identifier is always the same:
S-1-5-32-544
To find the local name, use WMI:
$AdminGroupName = (Get-WmiObject -Class Win32_Group -Filter 'LocalAccount = True AND SID = "S-1-5-32-544"').Name
Now you can do:
net localgroup $AdminGroupName username /add
One solution could be to leverage the .NET framework (via Powershell) to retrieve the localized name of the administrators group. I find it better than hardcoding the SID of the administrators group, even though it never changes.
$adminGroupSid = [System.Security.Principal.SecurityIdentifier]::new([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid,$null)
$adminGroupName = $adminGroupSid.Translate([System.Security.Principal.NTAccount]).ToString()
$adminsName = ($adminGroupName -split "\\")[1]
From then on, you can either use $adminsName when calling net localgroup
net localgroup $adminsname /add <user>
in case you want to run it as a package in SCCM without content folder
%windir%\Sysnative\windowsPowershell\V1.0\powershell -command "$an='AdminUser';$ap='password'; net user /add $an $ap; $agn = (gwmi -Class Win32_Group -Filter 'LocalAccount=True AND SID="""S-1-5-32-544"""').Name;net localgroup $agn $an /add"
Related
I need a script to remove local admin users that get created when they set up their devices. I use the command net localgroup administrators AzureAD\NameOfUser /delete.
How can I have a wildcard in place of "NameOfUser"? There is only one user in that group that starts with AzureAD\ so a wild card for any amount of characters would work for me. I tried AzureAD\* that doesn't seem to be accepted.
As stated in comments you can probably use
(net localgroup administrators) -like 'AzureAD\*' | ForEach-Object { net localgroup administrators $_ /DELETE }
Essentially you are taking the response of net localgroup administrators, filtering for only lines that start with "AzureAD" using -like and then running net local group administrators <object_name> /DELETE for each matching object
I've search around on the internet for a way to query Active Directory for a user via powershell (or cmd) without installing RSAT tools but nothing has worked. My script needs to query AD to confirm that the user exists before moving on to the next step. The computer is on the domain and Ideally, i don't want my script to download and install RSAT tools on the client workstation.
I was able to get the following code to work. However, I have to be logged in as a domain user. Ideally, I would like this to work from a local admin user on a workstation that is bound to AD.
$search = [adsisearcher]"(&(ObjectCategory=Person)(ObjectClass=*)(cn=*))"
$users = $search.FindAll()
foreach($user in $users)
{
$CN = $user.Properties['CN']
$DisplayName = $user.Properties['DisplayName']
$SamAccountName = $user.Properties['SamAccountName']
"CN is $CN"
"Display Name is $DisplayName"
"SamAccountName is $SamAccountName"
}
You can you the [ADSI] type accelerator or you can .Net class like below. Replace druffin with the username in AD. For an example of a username run $env:USERNAME
$adsiNET = New-Object system.directoryservices.directorysearcher "name=druffin"
$adsiNET.FindOne()
Need some help here.
I need to get the local user list of a remote computer and what group they belong to using PowerShell script.
I tried:
Get-LocalUser
Get-LocalGroup
Get-LocalGroupMember
Also:
gwmi win32_UserAccount
gwmi win32_group
but it is very slow and pulling the information more than requirement which consumes time.
I would like the output formatted something like below:
User Memberof
------ --------------------
abc12 Administrators
efg23 remote desktop users
hij45 Administrators,Backup Operators,users
xyz56 remote desktop users,Backup Operators
Thanks in Advance,
Cheers.
I use ADSI and it's pretty quick.
$RemoteComputerName = 'RemoteComputer'
$LocalGroup = 'Remote Desktop Users'
$ADSI = [ADSI]("WinNT://$RemoteComputerName,Computer")
$Group = $ADSI.PSBase.Children.Find($LocalGroup,'Group')
$Group.PSBase.Invoke('Members').Foreach{ $_.GetType().InvokeMember('Name','GetProperty',$null,$_,$null) }
I'm interested in a PowerShell script working example that ONLY asks for an Active Directory UserName and Domain and new Password as input parameters:
...and, forces this change as (fast as possible) to replicate with the entire forest.
The purpose of this script is to let Exchange, SkypeforBusiness (and other systems) to recognize this password change across the forest; so, these systems don't keep prompting the logged in user for the new password immediately after the password change sent to a single DC (even, after the user logs off and logs back in again successfully to their workstation using their new password). Maybe, forcing replication to the just the bridgehead servers in the user's site / domain is good enough?
I know how to change a user's password with the below 3 lines in an AD Domain. However, I'm not sure how to replicate that change across the entire forest ASAP.
$Domain = "DomainName"
$UserID = "BillKP"
$newpwd = "pass123"
$DC = Get-ADDomain $Domain | select -ExpandProperty InfrastructureMaster
Set-ADAccountPassword $UserID -NewPassword $newpwd -Reset -Server $DC
I found the below example for Sync-ADObject. However, I'm not sure how to use it with the above script (presuming my intentions mentioned above).
PS: I don't want to lock up the PowerShell console when forcing replication of this user's new password to the forest.
Get-ADDomainController -filter * | ForEach {Sync-ADObject -object "CN=James, OU=BusinessUsers, DC=Test, DC=Local" -source NKAD1 -destination $_.hostname}
Thanks in advance!
So I need to clear a user's run dialog history which I can do perfectly fine with "reg delete HKEY_CURRENT_USER\Software\Windows etc..." from an elevated powershell window on the logged in user's machine, but what I'm looking to do is that same command but from a SYSTEM powershell process. I have already used psexec to create a powershell window which runs as SYSTEM, but because you can't just use HKEY_CURRENT_USER as SYSTEM with the same results, I am finding it quite difficult. If I could just run that command but as username\Administrator then I wouldn't have this problem.
Also to note, if I can somehow grab the username of the logged on user (from SYSTEM still) in one line in plain text (with no other output in sight), then I can store the username in a variable and convert that to an SID and use HKEY_USERS instead.
P.S. Don't ask why I'm running powershell as SYSTEM, I know what I'm doing :D
you can use get-process under the system context powershell and filter where explorer.exe process is running, get the account it is running under then use to convert to SID and go through the registry.
something like this assuming only 1 explorer.exe process is running which is the norm on windows client OS.
$proc = Get-CimInstance Win32_Process -Filter "name = 'explorer.exe'"
$owner = Invoke-CimMethod -InputObject $proc -MethodName GetOwner
$username = $owner.user
$username will contain the user, $owner will also contain domain and a few other things.
to convert to sid
$objUser = New-Object System.Security.Principal.NTAccount($owner.Domain, $owner.User)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value