PowerShell

AD Overview Graphical Tool: Active Directory Domain Services Section

I hesitated for a long time. It’s done, it’s not done… should I add more menus… But at some point it’s over. It has to be published. The following article describes the use of a set of advanced functions. This function presents a menu with a lot of scripts in it. It’s like sconfig, but in relation it’s much more powerful when it comes to Active Directory administration.


*** Update ***

For the lastest version open this link:

Active Directory Domain Services Section (Version 1.1)


The function has grown and grown over time and it’s not a perfect script, but I’m sure it will help many of you out there. If you look inside the script, don’t be afraid of lot’s of Write-Host. Write-Host is not as evil as many say.

Active Directory Domain Services Section

What can we do with it? This is the question for this part. I wanna give you a foretaste. Here’s the menu:

Unbenannt.PNG

And here are the sub menus:

1 – List all Domain Controllers

Unbenannt.PNG

2 – Domain Configuration

Unbenannt.PNG

3 – Forest Configuration

Unbenannt.PNG

4 – List Windows Clients

Unbenannt.PNG

5 – List all Windows Server

Unbenannt.PNG

6 – List all Computer

Unbenannt.PNG

7 – Systeminfo on Remote Computer

You are able to select a scope …

Unbenannt.PNG

8 – The Domain Admins

Please  note that nested groups are not shown.

Unbenannt.PNG

9 – Show Optional Features (Recycle Bin …)

Unbenannt.PNG

10 – List all active (linked) GPOs by Name

Unbenannt.PNG

11 – Show Default Domain Policy Settings

Unbenannt.PNG

12 – Show all Active Directory Sites in Detail

Unbenannt.PNG

13 – Show Users Last Logon

Unbenannt.PNG

14 – Get a list of all enabled users

Unbenannt.PNG

15 – List User Details

Unbenannt.PNG

16 – List Active Directory Groups

Unbenannt.PNG

17 – List Group Memberships

Unbenannt.PNG

18 – Send Messages to user’s desktop

Cool, ha? One of my favorites …

Unbenannt.PNG

19 – Get Logged on User per Workstation

Another cool stuff … Second favorite … 😉

First, provide administrator credentials …

Unbenannt.PNG

Then enter the computer to query … Petra has logged on to client01.

Unbenannt.PNG

Ok, that’s it for now.

PowerShell Web Access

You are also able to run this in PowerShell Web Access:

Unbenannt.PNG

If you haven’t installed PowerShell Web Access yet, here’s a walk through: Windows Server 2012/2016: Installing and Configuring PowerShell Web Access (PSWA)

The Script

I have decided not to present the entire code here. Too many lines of code. You can download the script here, it’s a psm1 file, a PowerShell script module file:

 

Download: Active Directory Domain Services Section

 

Prerequisites and Notes:

  • Tested in an Active Directory environment with Windows Server 2012/2016 Domain Controllers and Windows 7/8/10 clients
  • All operating systems should be installed in English (because of the compatibility with section 19)
  • WinRm must be enabled on all Client computers (WinRm is enabled on Windows Server 2012/2016 by default) manually (winrm qc) or by GPO. See Enabling WinRM for Windows Client Operating Systems (Windows 10, Windows 8, Windows 7)
  • Run the tool on a Domain Controller (You may run into troubles with RSAT)
  • 0 and Enter (instead of Enter only) to go back to the main menu is due to the possible integration of PowerShell Web Access where pressing Enter only will not work

After downloading create a folder “AD” in C:\Program Files\Windows PowerShell\Modules and save the AD.psm1 file there.

Unbenannt.PNG

Unbenannt.PNG

It should be then available every time you start PowerShell and run the command ad.

Unbenannt.PNG

Or as mentioned in PowerShell Web Access.

Have fun with it! I am very grateful for ideas for further functions.

43 replies »

  1. Hi,

    Thanks for the script, I learn some tricks from it.

    When I open it in Visual Studio Code the PSScriptAnalyzer detects that $result=@() is declared on row 291, but never used.

    I would also suggest adding functions to convert user SID:

    function Convert-ADUsertoSID ($SamAccountName,$Domain)
    {
    # https://community.spiceworks.com/how_to/2776-powershell-sid-to-user-and-user-to-sid
    $objUser = New-Object System.Security.Principal.NTAccount($Domain,$UserName)
    $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
    $strSID.Value
    }#end function

    function Convert-ADSIDtoUser ($SID)
    {
    # https://community.spiceworks.com/how_to/2776-powershell-sid-to-user-and-user-to-sid
    $objSID = New-Object System.Security.Principal.SecurityIdentifier($SID)
    $objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
    $objUser.Value
    }#end function

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.