PowerShell Active Directory Delegation - Part 3 Scenario This is the last part of the series PowerShell Active Directory Delegation. In the previous parts, we have discussed how we can have Active Directory delegation, so we will give access to the administrators without the need of providing them domain admin permissions. This time we have not added any extra functionality in the script. The purpose of this post is to see the difference provide you with the updated code that is more flexible. The is not much to say in this post, as not many changes have been applied, except from the code optimization and some visual changes. Let see below the changes that have been performed. Changes ACEs lists The main change that has been done is that a list object is created to include all ACEs that we have to add in the ACL for the current organizational unit. Each ACE is added in the list object and then we use a for each loop to add those ACEs in the ACL, so we will be able to apply it. … [Read more...]
In this section you will find PowerShell scripts that I wrote in order to perform my day to day tasks. Some of the scripts are used to automate procedures, monitor part of a system or the data. Some of the scripts that I wrote ensure the data is correct in the system and fix any problems. On each of my scripts I will try to explain what they are doing and the reason I wrote a specific script.
My scripts are not only related to Windows and servers. The scripts that I write are also related to Active Directory, Microsoft Exchange On-Premise, Exchange Online, Office365 and Azure.
I hope you will find them useful.
Scenario: PowerShell Active Directory Delegation – Part 2 In Part 1 of this series we have discussed about getting the information from Active Directory. We have created our arrays to keep the information that we will need. We created We have also seen sample of the lists, that we can create, to process them later and apply delegation on each Organizational Unit. In this part we will go though the Access Control List in Active Directory and how we will perform our changes to accomplish the delegation in Active Directory. Also, we will see a sample of the attributes that we will provide to local IT administrators. Active Directory Access Control List In order to be able to modify the access control list, we need first to retrieve the current list so we will be able to add our delegated access and not to disturb and lose the current setup that we already have. So we need to use the below command to get the current access control list of a specific organizational unit. $acl = … [Read more...]
Scenario: User Not Syncing to Office 365. Are you using AD Connect to synchronize your users in Azure AD? Every time there is a change on a user, AD Connect will synchronize the changes based on the cycle that you have configured. Some times there are errors that you receive and need to fix them in order for the users to be synchronized correctly. In this post we will look only into a specific synchronization issue. When you have multiple domains, sometimes their is a need to change the domain of user from company1.com to company2.com. When there is such a change, some times you may receive the below error: Unable to update this object in Azure Active Directory, because the attribute [FederatedUser.UserPrincipalName], is not valid. Update the value in your local directory services. The message can be misleading. It tells you to update the value in your local directory, but actually the specific value has by changed on purpose. The aim is to replicate the change in Azure … [Read more...]
Scenario: PowerShell Active Directory Delegation. I wrote this script long ago and I use it when there are changes in Active Directory to apply delegation on the new Organizational Units. I thought that you might find it interesting, so I decided to write this post. We will go through the script and by the end of the series, you will be able to understand what the script is doing. We will divide the script smaller parts and discuss them accordingly. General Permissions Microsoft provide us with the ability to perform delegation in Active Directory, through Active Directory User and Computers. Have you ever tried to apply delegation using the GUI? I have tried to do it and it was a nightmare. As you will see later on, the delegation that I had to apply was really detailed and deep that default roles provide by Microsoft were not applicable. To better understand what we are trying to do with this script, we will set our requirements down. First of all we will create our groups … [Read more...]
Scenario: How to get remote system information – Part 2 For those who have not read Part of the series, we have discussed about creating UI with PowerShell and getting information from local and remote computer systems. In Part 2 we are going to discuss about some changes that have been applied on the script and the reason behind of those changes. The changes on the script have been done to increase the functionality, stability and be able to retrieve more information from the systems. As you will be able to see in the synopsis of the script the below changes have been done. Added Fan information Added Battery Information Added Portable Battery Information Added Network Settings Information Added ping connection test of remote system Added Remote Desktop connection to the remote system Warning for the use of Win32_Product class Added option for Win32Reg_AddRemovePrograms class. Added visibility to Taskbar Added Help information Lets check … [Read more...]
Scenario: Create new OU in AD using PowerShell This time we will see a very simple script that performs changes in Active Directory. The script allows you to perform one single task, which is to create a new Organizational Unit in Active Directory. Although this can be done with just a single command, the reason behind this script is a little bit different. You might find that there was no need to write this script and that it is not useful, but you can consider it only for educational purposes or as a concept to perform other tasks. The logic behind the writing of the script was that none of the IT Administrators will be under Domain Admins Group at any time. So some changes, that might need Domain Admin permissions, IT Administrator they are able to add themselves in Domain Admins group and perform the changes. After that the IT Administrator need to remove himself from the Group. So based on this, the below script has been created. In general, the below script adds the IT … [Read more...]
Scenario: How to get remote system information with PowerShell - Part 1. This time we will go through a new script that allows us to get system information and not only from remote systems. This post is the first part from a series of posts that will follow. The script can run on PCs, laptops, physical and virtual servers. Read the post to find out what is needed so you will be able to run the script smoothly. The script will help you to understand and work with retrieving information from remote systems. We will go through the information later on what we can retrieve with this version and how it works. To help you understand what we are doing and what is needed we will go through some background information. Please note that this is not the only way to do it but at least one way to do it. This is a simple way to do it. It can be done with various ways using also a combination of other languages. Graphical User Interface (GUI) In this script we are working with Windows … [Read more...]
Scenario: PowerShell hardware Inventory Script. Have you ever wanted to have an inventory without the hassle of going to each finding the information needed to fill the information for your inventory? It is important to keep your inventory up to date. Every time there is a change you will need to update also your inventory. As much information you have in your inventory the easiest will be when you will need this information. I came up with the below script just for a basic inventory with information to be taken automatically. In general the script will connect to all computers in the network and gather the information needed. Lets see in more detail The first part of the script is only the description and help information of the script that can be retrieved by using Get-Help command. Then, the script starts doing the actual work. An empty array list is created that we will fill it through the process. After the array will be created the script will connect to Active … [Read more...]