$users = Get-Content c:\scripts\list.txt
ForEach($userlist in $users)
{
$user = Get-ADUser $userlist
$dn= [ADSI](“LDAP://” + $user)
$acl= $dn.psbase.objectSecurity
if ($acl.get_AreAccessRulesProtected())
{
$isProtected = $false # $false to enable inheritance
# $true to disable inheritance
$preserveInheritance = $true # $true to keep inherited access rules
# $false to remove inherited access rules.
# ignored if isProtected=$false
$acl.SetAccessRuleProtection($isProtected, $preserveInheritance)
$dn.psbase.commitchanges()
Write-Host($user.SamAccountName + "|" + `
$user.DistinguishedName + `
"|inheritance set to enabled")
}
else
{
write-host($user.SamAccountName + "|" + `
$user.DistinguishedName + `
"|inheritance was already enabled - no change")
}
}
Active Directory
$AllFolders = Get-ChildItem -Directory -Path "\\server\Share$\" -Force -depth 3
$Results = @()
Foreach ($Folder in $AllFolders) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access) {
if ($Access.IdentityReference -notlike "BUILTIN\Administrators" -and $Access.IdentityReference -notlike "domain\Domain Admins" -and $Access.IdentityReference -notlike "CREATOR OWNER" -and $access.IdentityReference -notlike "NT AUTHORITY\SYSTEM") {
$Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD Group'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Results += New-Object -TypeName PSObject -Property $Properties
}
}
}
$Results | Export-Csv -path "C:\temp\FileName - $(Get-Date -format MMyy) b.csv"
get-aduser -filter { passwordNeverExpires -eq $true -and enabled -eq $true } |select Name,UserPrincipalName,samaccountname
And output to CSV
get-aduser -filter { passwordNeverExpires -eq $true -and enabled -eq $true } |select Name,UserPrincipalName,samaccountname | Export-csv c:\temp\PassExpires3.csv
Filter by OU
get-aduser -filter { passwordNeverExpires -eq $true -and enabled -eq $true } -searchbase "OU=123,DC=domain,DC=Local" | sort | ft Name,UserPrincipalName,samaccountname
One column with samccountname
ForEach ($user in (import-csv -path "C:\temp\PassExpiresRevised.csv"))
{
Get-AdUser -Identity $user.samaccountname | set-aduser -PasswordNeverExpires:$false
}
List DFS replication groups:
dfsradmin rg list
List replicated folders in a replication group:
dfsradmin rf list /rgname:<REPL_GROUP>
List members of a replication group:
dfsradmin mem list /rgname:<REPL_GROUP>
List the local folders that correspond to replicated folders of a replication group:
dfsradmin membership list /rgname:<REPL_GROUP> /attr:RfName,MemName,LocalPath
Show backlog between 2 members of a replication group:
dfsrdiag backlog /rgname:<REPL_GROUP> /rfname:<REPL_FOLDER> /smem:<SRV_A> /rmem:<SRV_B> [/v] dfsrdiag backlog /rgname:<REPL_GROUP> /rfname:<REPL_FOLDER> /smem:<SRV_B> /rmem:<SRV_A> [/v]
dfsrdiag can also be used for inspecting SYSVOL backlog when DFS-R SYSVOL replication is enabled:
dfsrdiag backlog /rgname:"Domain System Volume" /rfname:"SYSVOL Share" /smem:DC1 /rmem:DC2
A word of warning if you want to run commands like the one above in PowerShell: parameters with spaces are a major pain in the rear. Naïve approaches like
& dfsradmin rf new /rgname:MyGroup /rfname:"My Replicated Folder"
or
& dfsradmin rf new /rgname:MyGroup "/rfname:My Replicated Folder"
or
& dfsradmin rf new /rgname:MyGroup "/rfname:`"My Replicated Folder`""
or even
$cmd = 'dfsradmin.exe'
$params = @('rf', 'new', '/rgname:MyGroup', '/rfname:"My Replicated Folder"')
& $cmd $params
won’t work, regardless of what recommendations you may find on the Internet. You need to work around this issue like this:
$env:rgname = 'MyGroup' $env:rfname = 'My Replicated Folder' & cmd /c 'dfsradmin rf new /rgname:%rgname% /rfname:"%rfname%"'
or (slightly more PoSh) like this:
$rgname = 'MyGroup'
$rfname = 'My Replicated Folder'
& cmd /c ("dfsradmin rf new /rgname:{0} /rfname:`"{1}`"" -f $rgname, $rfname)
In PowerShell v3 you could also do this:
$env:rgname = 'MyGroup' $env:rfname = 'My Replicated Folder' & dfsradmin --% rf new /rgname:%rgname% /rfname:"%rfname%"
Credit to “Six Demon Bag”
- Log on to the 2008 DHCP server.
- Open a command prompt as Administrator.
- On the Action menu (from within the DHCP management console), click “Backup”.
- Type
netsh dhcp server export C:\temp\dhcp.txt all, and then press ENTER. - Copy the exported DHCP text file to
C:\tempof the new DHCP server. - Open a command prompt as Administrator (on the 2012/2016)
- Type
netsh dhcp server import C:\temp\dhcp.txt all, and then press ENTER - Open DHCP console on the 2012/2016), in the console tree, right-click DHCP and Select “Authorize”.
Install-WindowsFeature -Name DHCP -IncludeManagementTools
Install-WindowsFeature -IncludeAllSubFeature RSAT
The Identity synchronization service detected that the number of deletions exceeded the configured deletion threshold
Enable-ADSyncExportDeletionThreshold
Get-ADSyncExportDeletionThreshold
Disable-ADSyncExportDeletionThreshold
Enable-ADSyncExportDeletionThreshold -DeletionThreshold 500
Get-ADUser -SearchBase "OU=Accounts,OU=RootOU,DC=ChildDomain,DC=RootDomain,DC=com" -Filter *