Active Directory
To get a list of the FSMO Role holders for a Single Domain.
Get-ADDomain | Select-Object DistinguishedName, SchemaMaster, DomainNamingMaster, InfrastructureMaster, PDCEmulator, RIDMaster
To get a list of the FSMO Role holders in a Forest.
Get-ADForest | Select-Object Name,SchemaMaster, DomainNamingMaster,InfrastructureMaster, PDCEmulator, RIDMasterall
To get a nicely formatted list with all the Domain Controllers and who owns which particular role.
Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, OperationMasterRoles | Where-Object {$_.OperationMasterRoles}
Create a new AD computer.
$ServerName="newsys"
$DC="ads01.example.com"
$OU="OU=SERVERS,DC=example,DC=com"
New-ADComputer -Name $ServerName -SamAccountName $ServerName -Path $OU -Description "Apache Win Development" -Server $DC -Enabled $True
Unlock an account
get-ADUser -Identity <username> -Properties LockedOut
Unlock-ADAccount -Identity <username>
Change a password
$SecPaswd= ConvertTo-SecureString -String 'kPnguoHTUQ' -AsPlainText -Force
Set-ADAccountPassword -Reset -NewPassword $SecPaswd -Identity cesvcsso01
Set-ADUser -Identity <username> -ChangePasswordAtLogon $false
New AD group
$GroupName="SvrOps"
$OU="OU=GROUPS,DC=exmple,DC=com"
New-ADGroup $GroupName -Path $OU -GroupCategory Security -GroupScope Global -PassThru -Verbose
No Comments