Category Archives: Active Directory

Add Azure AD user to local admin on a workstation

Posted on 2021/04/02 by admin

Add an azure AD user as local admin on a workstation: cmd as admin net localgroup administrators AzureAD\<username> /add Admin rights required to do this, ofcourse, <username> is the upn address of the local user you want to add.

Posted in Active Directory, Azure | Comments Off on Add Azure AD user to local admin on a workstation

Working with Windows Active Direcory, transferring FSMO roles from one DC to another.

Posted on 2020/01/14 by admin

Today I had to move the fsmo-roles, and phase out an old DC. These days you can powershell it. Since you are working with Active Directory, log in as an admin user, fire up powershell and a do a: Import-Module … Continue reading

Posted in Active Directory, fsmo, powershell | Comments Off on Working with Windows Active Direcory, transferring FSMO roles from one DC to another.

userAccountControl, Attributes for AD Users

Posted on 2019/12/11 by admin

I needed this today for use in querying a large AD. Repost. Credits go to http://www.selfadsi.org/ads-attributes/user-userAccountControl.htm   you can query with this e.g. with powershell and do some counting: (Get-ADUser -LDAPFilter “(&(sAMAccountName=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))” -SearchBase ‘OU=Users,DC=domain,DC=local’ ).Count But could also check if … Continue reading

Posted in Active Directory, ldap | Comments Off on userAccountControl, Attributes for AD Users

(re)Setting rights on user home folders [batch script]

Posted on 2018/04/26 by admin

After some troubles with copied user home folders during a migration, the rights were set incorrectly. As this was about more than just a handful of users, re-setting the rights manually wasn’t a good idea. After digging around on the … Continue reading

Posted in .bat, Active Directory, batch, command line, File sharing | Comments Off on (re)Setting rights on user home folders [batch script]

Get a list of all computers in Active Directory with date lastlogon and OS

Posted on 2017/08/31 by admin

I needed to list all computers in use at customers, with os, and for the less diligently maintained AD’s also if they were still in use. You can obtain this by reading the value of lastlogondate of a machine account. … Continue reading

Posted in Active Directory, powershell | Comments Off on Get a list of all computers in Active Directory with date lastlogon and OS

Active Directory Powershell get [the count of] all enabled users in a certain OU [but not in sub OU’s]

Posted on 2017/08/30 by admin

For our internal use, I devised a powershell command that lists all enabled users in a certain OU, butĀ filtering out those in sub OU’s. Unfortunately this is not a dynamic process, since it is based on the currentĀ implementation of OU’s, … Continue reading

Posted in Active Directory, powershell | Comments Off on Active Directory Powershell get [the count of] all enabled users in a certain OU [but not in sub OU’s]

Powershell, get full names of a group of users in AD and export to text file.

Posted on 2016/12/23 by admin

Just a quick blurb that I encountered this morning. In powershell, to get a list of the full names of users and export them to a text file: Get-ADGroupMember -identity GROUPĀ -Recursive | Get-ADUser -Property DisplayName | Select Name > c:\temp\fullnamesofgroup.txt … Continue reading

Posted in Active Directory, powershell | Comments Off on Powershell, get full names of a group of users in AD and export to text file.

Windows Server 2008 r2 Domain Controller boots into Active Directory Repair

Posted on 2016/03/23 by admin

Problem! My Windows 2008 R2 DC (the only one) boots into Active Directory Repair mode. Now I can’t log in, because the Active Directory services aren’t started. I can’t even restart the system correctly, running as a VMware virtual machine, … Continue reading

Posted in Active Directory, Windows, Windows Server | Comments Off on Windows Server 2008 r2 Domain Controller boots into Active Directory Repair