Activedirectory

From Piszczynski
Revision as of 14:15, 24 January 2023 by piszczynski>Aleks (→‎Active Directory)

Active Directory

Handy PowerShell script to add AD group members from one group to another:

Add-ADGroupMember -Identity 'New Group' -Members (Get-ADGroupMember -Identity 'Old Group' -Recursive)

Reset password in powershell

  • $pw = Read-Host "password" -AsSecureString
    • Set-ADAccountPassword <username> -Reset -NewPassword $pw

Unlock account

  • Unlock-ADAccount -Identity <user>

Check account is locked/unlocked

  • Get-ADUser -Identity <user> -properties Lockedout | Select Name,LockedOut

Search for adusers using powershell:

Can be used with various options: DistinguishedName, Enabled, GivenName, Name, ObjectClass, Object GUID, SamAccountName, SID, Surname, UserPrincipalName.

  • get-aduser -filter "name -eq '<name of user>'"

See all properties for an active directory user account:

  • Get-ADuser -identity <user> -properties *

Get all groups an AD account is a member of:

  • Get-ADPrincipalGroupMembership <username> | select Name

Find login scripts for all users and export to text file:

  • Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | ft Name, scriptpath, homedrive, homedirectory | out-file C:\temp\logonscriptoutput.txt

Setting up Active directory

Handy basic info for configuring an active directory domain:

https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx

Before creating the domain ensure that all time and date settings on the server to be the primary domain controller are correct.


Re-sync AD Account with Azure AD account after deletion, restore or migration

Issues may occur when accounts have been created incorrectly or have been deleted and restored

You may need to manually re-sync the AD objects between on prem AD and Azure AD

This is done using the ImmutableID.

First get the account in Active Directory and get the immutable ID then convert it to Base64 String:

  • Get-ADUser -Filter "name -eq '<username>'" -Properties objectGUID | Select-Object UserPrincipalName, objectGUID, @{Name = ‘ImmutableID’; Expression = { [system.convert]::ToBase64String(([GUID]$_.objectGUID).ToByteArray()) } } | Export-CSV users.csv

Then set the Immutable ID obtained from the AD account on the Azure account:

  • Set-MsolUser -UserPrincipalName USER@DOMAIN.COM -ImmutableID “ABCdefGHIjklMNO==”

Chek here for Ref: https://www.theictguy.co.uk/ad-connect-and-hard-matching-immutableid/

Retrieved from ‘http://piszczynski.com/index.php?title=Activedirectory&oldid=37
Last modified
This page was last modified on 24 January 2023, at 14:15.