One of the things I’ve been working on lately is some kind of operational testing for Active Directory. It’s such a reliable product that as Administrators we tend to neglect it. Then Irwin Strachan came up with his Active Directory tests using Pester, and this was the first time I’d seen Pester used in something other than code testing and it really got the mind turning. So when we started getting really serious about monthly capacity planning at athena health then I wanted to do this kind of testing for our Active Directory.
Been so long since my last update! Why haven’t I posted more? Well, for one I’m usually so tired from coming home from work I just don’t have any extra energy for PowerShelling. Another factor has been there are so many people doing so many interesting things I just couldn’t find anything that someone else wasn’t already doing much better than I am. The last bit is having an interesting project to talk about. I’ve been doing a lot of things at work, but it had to do with Windows cluster node moves, SQL Availability Group moves and so on. But ultimately the scripts become pretty specific to athena so it’s difficult to translate for general use.
I think I finally have something interesting, though, with Get-SAUser so read on!
Bit of a departure from my normal PowerShell-centric posts, I want to talk about extending the Active Directory schema. There’s some really great information on the Internet for doing this, but there are some things to consider and none of that information seems to be in one place, and I wanted to bring it together here.
My most popular script on Spiceworks, by far, is Network Discovery. I posted it over 3 years ago, and actually wrote it much earlier than that! Time to take another look at it and give it a Powershell make-over. If you’re new to a company and want to find out the basics of what is going on, or a consultant going into new places all the time you’ll want to take a look at this script!
Simple script came across this week at Spiceworks. The funny thing was, the script didn’t solve the OP’s problem in the slightest! Turns out he was looking for a script to list several groups and who are members of it. Still, I think this request was interesting and wanted to write a little about it.
One thing I like to do in Active Directory is set the Manager field. To be honest, I’m not sure why I do this because we’re not using it, it’s just something I do. I guess you could call it future proofing. But there is a problem with this and that’s what do you do when a Manager leaves the company? There’s no easy way to pick up their direct reports and transfer them to a new manager. Until now.
Found a user on Spiceworks who was struggling getting vbScript to send an email using SMTP authentication. While very possible to do in vbScript (Paul Sadowski great blog I’ve used for years) this is definitely one of those things where the code just looks ugly and it can be a little confusing. Powershell’s Send-MailMessage cmdlet takes all of that away. Combine that with the RSAT tools for Active Directory and you can do some pretty cool things very easily. So read on to see how I solved this problem.
Really interesting script came by recently on Spiceworks, written in vbScript. As you know I like to take these scripts and see what I can do with them in Powershell with a special eye towards shortening it! This script, Disable User Account from Text file, was written by stubar and is a really well done script. I don’t want to take anything away from that. But with Powershell we can do the same thing, and often do more with less code. Here’s what I came up with.