I hesitated for a long time. It’s done, it’s not done… should I add more menus… But at some point it’s over. It has to be published. The following article describes the use of a set of advanced functions. This function presents a menu with a lot of scripts in it. It’s like sconfig, but in relation it’s much more powerful when it comes to Active Directory administration.
*** Update ***
For the lastest version open this link:
Active Directory Domain Services Section (Version 1.1)
The function has grown and grown over time and it’s not a perfect script, but I’m sure it will help many of you out there. If you look inside the script, don’t be afraid of lot’s of Write-Host. Write-Host is not as evil as many say.
Active Directory Domain Services Section
What can we do with it? This is the question for this part. I wanna give you a foretaste. Here’s the menu:
And here are the sub menus:
1 – List all Domain Controllers
2 – Domain Configuration
3 – Forest Configuration
4 – List Windows Clients
5 – List all Windows Server
6 – List all Computer
7 – Systeminfo on Remote Computer
You are able to select a scope …
8 – The Domain Admins
Please note that nested groups are not shown.
9 – Show Optional Features (Recycle Bin …)
10 – List all active (linked) GPOs by Name
11 – Show Default Domain Policy Settings
12 – Show all Active Directory Sites in Detail
13 – Show Users Last Logon
14 – Get a list of all enabled users
15 – List User Details
16 – List Active Directory Groups
17 – List Group Memberships
18 – Send Messages to user’s desktop
Cool, ha? One of my favorites …
19 – Get Logged on User per Workstation
Another cool stuff … Second favorite … 😉
First, provide administrator credentials …
Then enter the computer to query … Petra has logged on to client01.
Ok, that’s it for now.
PowerShell Web Access
You are also able to run this in PowerShell Web Access:
If you haven’t installed PowerShell Web Access yet, here’s a walk through: Windows Server 2012/2016: Installing and Configuring PowerShell Web Access (PSWA)
The Script
I have decided not to present the entire code here. Too many lines of code. You can download the script here, it’s a psm1 file, a PowerShell script module file:
Download: Active Directory Domain Services Section
Prerequisites and Notes:
- Tested in an Active Directory environment with Windows Server 2012/2016 Domain Controllers and Windows 7/8/10 clients
- All operating systems should be installed in English (because of the compatibility with section 19)
- WinRm must be enabled on all Client computers (WinRm is enabled on Windows Server 2012/2016 by default) manually (winrm qc) or by GPO. See Enabling WinRM for Windows Client Operating Systems (Windows 10, Windows 8, Windows 7)
- Run the tool on a Domain Controller (You may run into troubles with RSAT)
- 0 and Enter (instead of Enter only) to go back to the main menu is due to the possible integration of PowerShell Web Access where pressing Enter only will not work
After downloading create a folder “AD” in C:\Program Files\Windows PowerShell\Modules and save the AD.psm1 file there.
It should be then available every time you start PowerShell and run the command ad.
Or as mentioned in PowerShell Web Access.
Have fun with it! I am very grateful for ideas for further functions.
Categories: PowerShell, Windows Server
My name is Patrick Gruenauer. From Austria.
hi, how do i integrate export-csv into your scripts as I like to process the results.
LikeLike
how do I export the results with Export-Csv command ?
LikeLike
Hi,
Just export it with a pipe Get-ADUser … | Export-CSV
LikeLike
Hi there – looks really useful, but when I try to run it, it complains that it is not digitally signed. I don’t really want to allow all unsigned scripts, so is there an answer to that?
LikeLike
You can run PS with the bypass parameter.
LikeLike
Hi and Thank you for this awesome script. Not sure what I am doing wrong. I followed the Prerequisites and place the ad.psm1 in C:\Program Files\WindowsPowerShell\Modules\AD and still opens in Notepad and not in PS. I really would like to know what I am doing wrong.
Running on a DC
File was renamed to ad.psm1
Please help.
Thanks
LikeLike
Open the tool with PowerShell, Open PS and type ad and hit enter.
LikeLike
launch the scripts but it does not work, just open the notepad with the content and nothing else.
Thank you for sharing this
LikeLike
Hi!
The script is a psm1 file. It’s open by notepad by default. That’s a normal behavior.You have to copy this file in the appropriate folder as described in the article.
P
P
LikeLike
Hi Patrick,
if you add this under 8:
$AD=Get-ADDomain
$SID=$AD.DomainSID.Value
$SID = $SID + “-512”
(Get-ADGroupMember -Identity $SID).Name
you get the Output independant from installed language
All the best,
Raimund
LikeLike
Hi!
Wow. Thank you very much for this killer tip!
Best,
P
LikeLike
I think it does not explain well, the file is in the suggested route but even so when I execute it according to the procedure it opens together the notepad and it does not work.
LikeLike
You have to run the tool in PS, as described detailed in the article. Note the prerequisites.
LikeLike
Yes via PS tools like otrer ps scripts
LikeLike
Very helpful, great module. Possibility of an export command?
LikeLike
Hi,
Yes, open the script and edit the desired section with the out commands (out-gridview, out-printer, out-file….). I deliberately did without various out commands, because there are problems with PS Web Access.
All the best
P
LikeLike
Fantastic work Patrick !
LikeLike
Thank you very much!
Your side doesn’t have to hide either!
LikeLike