To query Active Directory for Windows workstations using PowerShell, you typically use the Get-ADComputer cmdlet, which is a part of the ActiveDirectory module. If you haven’t done so, you need to install the Remote Server Administration Tools (RSAT) to get the ActiveDirectory module. The way to get RSAT depends on your Windows version. For Windows 10, for example, you can… Read More »
Windows Group Policy is a powerful tool that enables administrators to manage and configure settings for users and computers in a network environment. PowerShell, on the other hand, is a command-line shell and scripting language that is built on the .NET framework. By using PowerShell, administrators can interact with Windows Group Policy and automate common tasks. In this… Read More »
Desired State Configuration (DSC) is a configuration management tool that allows you to define and enforce the desired state of your infrastructure using declarative code. DSC is based on PowerShell and can be used to configure Windows and Linux servers, as well as cloud resources. DSC has many benefits, but also some drawbacks. In this blog post, I… Read More »
A password policy is a set of rules and guidelines that dictate how users should create and manage their passwords within an organization. These policies typically include requirements for minimum password length, complexity, and expiration, as well as guidelines for avoiding the use of easily guessable information, such as personal information or common words. The goal of a… Read More »
Group Policy is a feature in Microsoft Windows that allows administrators to set policies for groups of users and computers in an Active Directory environment. It is an essential tool for managing and securing a Windows network.
To track user logins across a Windows Active Directory Domain, you can use the built-in Event Viewer tool. This tool allows you to view and filter event logs on a domain controller. To access the Event Viewer: To enable auditing: Note: This will only track logins on domain-joined computers, not on non-domain joined devices. If there are multiple domain controllers… Read More »
Exports all GPO’s across domains in HTML or XML file.
Search for people who haven’t logged on to a domain in the past 180 days.
This is a very manual task of logging onto each domain controller and copying the file to a central location, and then sifting through the data to remove any duplicate IP addresses etc. This task becomes very time consuming if you have a large number of domain controllers.
Finding machines in Active Directory is pretty easy using the Get-ADComputer commandlet. You can specify what to find by any number of parameters. For example, the most basic use of the commandlet is: Get-ADComputer -Filter * The above code will return all Active Directory computer objects. But lets say you are in the process of upgrading operating systems across the domain, and… Read More »