PowerShell: Read Active Directory data

 

Using Windows PowerShell to read Active Directory objects.

AD objects: Users / Groups and Computers

Read out users

Read out all non-deactivated domain users and show only the name:

get-aduser -ldapfilter "(&(&(objectCategory=user)(userAccountControl=512)))" | where-object -property enabled -eq true | fl name

userAccountControl=512 is "NORMAL_ACCOUNT", see:  https://support.microsoft.com/en-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties

Read groups

Get-ADGroup -Filter "GroupScope -eq 'Global' -and GroupCategory -eq 'Security'"

nested AD group memberships (nested)

gallery.technet.microsoft.com

Get-ADNestedGroupMembers "GroupName"

Read out computer

Get-ADComputer -filter 'name -like "*"' -Properties * | select name,OperatingSystem,IPv4Address

Search with a filter:

Get-ADComputer -filter 'name -like "*SEARCHSTRING*"' -Properties * | select name,OperatingSystem,IPv4Address

Username to SID

(New-Object System.Security.Principal.NTAccount($(read-host -prompt "Username"))).Translate([System.Security.Principal.SecurityIdentifier]).value

Read out OU permissions / delegation

Looking for a tool to evaluate all OU permissions, I came across a script in the Technet gallery: gallery.technet.microsoft.com

connect to another domain (trust)

as a small addition to the Technet-Gallery example:

For connecting to another domain, a specific domain controller can be used in the commands each -Server:

$OUs = Get-ADObject -SearchBase (Get-ADRootDSE).schemaNamingContext -LDAPFilter '(schemaIDGUID=*)' -server $FQDN_DC_ServerName -Properties name, schemaIDGUID

For Get-ACL to be applied to another domain, the domain can be joined using New-PSDrive as follows:

New-PSDrive -Name AD2 -PSProvider ActiveDirectory -Server $FQDN_DC_ServerName -root "//RootDSE/"

...
ForEach ($OU in $OUs) {
$report += Get-Acl -Path "AD2:\$OU"

AD and DNS

DNS zones

Get-DnsServerZone -ComputerName DOMAINCONTROLLERNAME

show all domain controllers:

(Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }

to write the result to a CSV file, the command can be extended as follows:

(Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ } | Export-csv c:\temp\allDCs.csv -delimiter ";" -NoTypeInformation

Subnets in Sites and Services

Get-ADReplicationSubnet -filter * -Properties * | Select Name, Site, Location, Description | export-csv -Delimiter ";" -Path c:\temp\subnets.csv -NoTypeInformation

Exchange version

Get-ADObject "CN=ms-Exch-Schema-Version-Pt,$((Get-ADRootDSE).schemaNamingContext)" -Property Rangeupper

Here is the corresponding version table: https://eightwone.com/references/schema-versions/ or https://adsecurity.or g/?page_id=195

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Questions / Comments


By continuing to browse the site, you agree to our use of cookies. More Details