PowerShell

AD Overview Graphical Tool: Active Directory Domain Services Section

By on ( 50 Comments )

I hesitated for a long time. It’s done, it’s not done… should I add more menus… But at some point it’s over. It has to be published. The following article describes the use of a set of advanced functions. This function presents a menu with a lot of scripts in it. It’s like sconfig, but in relation it’s much more powerful when it comes to Active Directory administration.

*** Update ***

For the lastest version open this link:

Active Directory Domain Services Section (Version 1.1)

The function has grown and grown over time and it’s not a perfect script, but I’m sure it will help many of you out there. If you look inside the script, don’t be afraid of lot’s of Write-Host. Write-Host is not as evil as many say.

Active Directory Domain Services Section

What can we do with it? This is the question for this part. I wanna give you a foretaste. Here’s the menu:

Unbenannt.PNG

And here are the sub menus:

1 – List all Domain Controllers

Unbenannt.PNG

2 – Domain Configuration

Unbenannt.PNG

3 – Forest Configuration

Unbenannt.PNG

4 – List Windows Clients

Unbenannt.PNG

5 – List all Windows Server

Unbenannt.PNG

6 – List all Computer

Unbenannt.PNG

7 – Systeminfo on Remote Computer

You are able to select a scope …

Unbenannt.PNG

8 – The Domain Admins

Please  note that nested groups are not shown.

Unbenannt.PNG

9 – Show Optional Features (Recycle Bin …)

Unbenannt.PNG

10 – List all active (linked) GPOs by Name

Unbenannt.PNG

11 – Show Default Domain Policy Settings

Unbenannt.PNG

12 – Show all Active Directory Sites in Detail

Unbenannt.PNG

13 – Show Users Last Logon

Unbenannt.PNG

14 – Get a list of all enabled users

Unbenannt.PNG

15 – List User Details

Unbenannt.PNG

16 – List Active Directory Groups

Unbenannt.PNG

17 – List Group Memberships

Unbenannt.PNG

18 – Send Messages to user’s desktop

Cool, ha? One of my favorites …

Unbenannt.PNG

19 – Get Logged on User per Workstation

Another cool stuff … Second favorite … 😉

First, provide administrator credentials …

Unbenannt.PNG

Then enter the computer to query … Petra has logged on to client01.

Unbenannt.PNG

Ok, that’s it for now.

PowerShell Web Access

You are also able to run this in PowerShell Web Access:

Unbenannt.PNG

If you haven’t installed PowerShell Web Access yet, here’s a walk through: Windows Server 2012/2016: Installing and Configuring PowerShell Web Access (PSWA)

The Script

I have decided not to present the entire code here. Too many lines of code. You can download the script here, it’s a psm1 file, a PowerShell script module file:

 

Download: Active Directory Domain Services Section

 

Prerequisites and Notes:

  • Tested in an Active Directory environment with Windows Server 2012/2016 Domain Controllers and Windows 7/8/10 clients
  • All operating systems should be installed in English (because of the compatibility with section 19)
  • WinRm must be enabled on all Client computers (WinRm is enabled on Windows Server 2012/2016 by default) manually (winrm qc) or by GPO. See Enabling WinRM for Windows Client Operating Systems (Windows 10, Windows 8, Windows 7)
  • Run the tool on a Domain Controller (You may run into troubles with RSAT)
  • 0 and Enter (instead of Enter only) to go back to the main menu is due to the possible integration of PowerShell Web Access where pressing Enter only will not work

After downloading create a folder “AD” in C:\Program Files\Windows PowerShell\Modules and save the AD.psm1 file there.

Unbenannt.PNG

Unbenannt.PNG

It should be then available every time you start PowerShell and run the command ad.

Unbenannt.PNG

Or as mentioned in PowerShell Web Access.

Have fun with it! I am very grateful for ideas for further functions.

Categories: PowerShell, Windows Server

Tagged as: , , , ,

Published by Patrick Gruenauer

Microsoft MVP on PowerShell [2018-2023], IT-Trainer, IT-Consultant, MCSE: Cloud Platform and Infrastructure, Cisco Certified Academy Instructor.

50 replies »

  1. Hi Patrick, works great, thx for sharing. i am new to PS. you have mentioned “PowerShell Web Access”. I ran 1\2\3 instructions, and when i do “https://localhost/pswa”, showing page not found. Any input how to put this in web service?

    Like

    Reply

    • Hi Ari,

      Thank you for the comment. PowerShell Web Access is a wide topic, I recommend reading my articles to PowerShell Web Access and try again.
      The problem you’re faced is not related to my ad script. PSWA is not working correctly. https://localhost/pswa should redirect you to the PowerShell Web Access Login Page.

      All the best,
      P

      Like

      Reply
  2. Pingback: Active Directory Domain Services Section (Part 2) – Start it from your Client Computer (without RSAT) – SID-500.COM

  3. When you copy it out to the folder make sure the file is not blocked, that was causing my error below

    ad : The term ‘ad’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
    spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:1

    Once I unblocked the file it started working, good job. A password reset option would be a good add.

    Liked by 1 person

    Reply

  9. Hey Patrick, than you for the quick reply. I tried downloading the file, but i get only the ps1. I pasted id in the mentioned location. but with no luck

    PS C:\Users\K3rb\Desktop> ad
    ad : The term ‘ad’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
    spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:1

    Like

    Reply

  10. Hey Patrick, impressive work with the script. I am having issues running it, it runs the script, but nothing happens, nor does it display any error. WinRm is started, and running this on a DC. Thanks for the help!

    Like

    Reply

    • *** EDIT ***

      Thank you so much for your hint. I hate those kinds of mistakes. I’ve put the ps1 file in it instead of the psm1 file.

      I have now changed the download file so that it contains the correct file.

      You’ll need to place the psm1 file in C:\Program Files …

      Like

      Reply

      • Hi Patrick

        Followed the instructions but get the same error as Stefan

        ad : The term ‘ad’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
        spelling of the name, or if a path was included, verify that the path is correct and try again.
        At line:1 char:1

        I’ve dropped the .psm1 file into the newly created AD folder as specified but no joy.

        Like

      • Hi,

        Make sure your file is ad.psm1 and then make sure you copied it to the right folder. It’s C:\Program Files\WindowsPowerShell\Modules\AD. There’s nothing wrong with my script but PowerShell can’t find it for a reason. Double check your settings.
        All the best,
        P

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.