piszczynski>Aleks |
piszczynski>Aleks No edit summary |
||
| Line 41: | Line 41: | ||
Before creating the domain ensure that all time and date settings on the server to be the primary domain controller are correct. | Before creating the domain ensure that all time and date settings on the server to be the primary domain controller are correct. | ||
---- | ---- | ||
== Re-sync AD Account with Azure AD account after deletion, restore or migration == | |||
Issues may occur when accounts have been created incorrectly or have been deleted and restored | |||
You may need to manually re-sync the AD objects between on prem AD and Azure AD | |||
This is done using the ImmutableID. | |||
First get the account in Active Directory and get the immutable ID then convert it to Base64 String: | |||
*Get-ADUser -Filter "name -eq '<username>'" -Properties objectGUID | Select-Object UserPrincipalName, objectGUID, @{Name = ‘ImmutableID’; Expression = { [system.convert]::ToBase64String(([GUID]$_.objectGUID).ToByteArray()) } } | Export-CSV users.csv | |||
Then set the Immutable ID obtained from the AD account on the Azure account: | |||
*Set-MsolUser -UserPrincipalName USER@DOMAIN.COM -ImmutableID “ABCdefGHIjklMNO==” | |||
Chek here for Ref: https://www.theictguy.co.uk/ad-connect-and-hard-matching-immutableid/ | |||
Revision as of 16:29, 29 September 2022
Active Directory
Handy PowerShell script to add AD group members from one group to another:
Add-ADGroupMember -Identity 'New Group' -Members (Get-ADGroupMember -Identity 'Old Group' -Recursive)
Reset password in powershell
- $pw = Read-Host "password" -AsSecureString
- Set-ADAccountPassword <username> -Reset -NewPassword $pw
Unlock account
- Unlock-ADAccount -Identity <user>
Check account is locked/unlocked
- Get-ADUser -Identity <user> -properties Lockedout | Select Name,LockedOut
Search for adusers using powershell:
Can be used with various options: DistinguishedName, Enabled, GivenName, Name, ObjectClass, Object GUID, SamAccountName, SID, Surname, UserPrincipalName.
- get-aduser -filter "name -eq '<name of user>'"
See all properties for an active directory user account:
- Get-ADuser -identity <user> -properties *
Find login scripts for all users and export to text file:
- Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | ft Name, scriptpath, homedrive, homedirectory | out-file C:\temp\logonscriptoutput.txt
Setting up Active directory
Handy basic info for configuring an active directory domain:
Before creating the domain ensure that all time and date settings on the server to be the primary domain controller are correct.
Re-sync AD Account with Azure AD account after deletion, restore or migration
Issues may occur when accounts have been created incorrectly or have been deleted and restored
You may need to manually re-sync the AD objects between on prem AD and Azure AD
This is done using the ImmutableID.
First get the account in Active Directory and get the immutable ID then convert it to Base64 String:
- Get-ADUser -Filter "name -eq '<username>'" -Properties objectGUID | Select-Object UserPrincipalName, objectGUID, @{Name = ‘ImmutableID’; Expression = { [system.convert]::ToBase64String(([GUID]$_.objectGUID).ToByteArray()) } } | Export-CSV users.csv
Then set the Immutable ID obtained from the AD account on the Azure account:
- Set-MsolUser -UserPrincipalName USER@DOMAIN.COM -ImmutableID “ABCdefGHIjklMNO==”
Chek here for Ref: https://www.theictguy.co.uk/ad-connect-and-hard-matching-immutableid/