Some of our customers have an Active Directory environment that needs upgrading, to get a good overview of their environment I always check a lot of things before writing a report and a recommendation about which steps we need to take. In this blog post, I will show you a script that gathers information about the Active Directory Domain which saves a lot of command-line checking and starting up Management Consoles 😉
For one of our customers, we needed a report on all local groups and their members on all Active Directory joined servers. You can connect all servers one by one with Computer Management and check, but hey... PowerShell is there for you 🙂 In this blog post, I will show you an easy way to get a report on the memberships, and yes... I used the ImportExcel module too (Needed for the Export-Excel cmdlet) 😀
In a previous blog post (Link), I showed a way to create a report on OU (Organizational Unit) permissions. One of the replies I got about that was: How about the Container permissions, those are important too 🙂 And that's correct, they are! In this blog post, I will show you how to create a report on those (Script is based on the OU report)
For one of our customers, we are working on restricting permissions of admin accounts by implementing Role Based Access and delegating permissions to Organizational Units (OU's). But one of the first questions was… What are the current permissions and what should we remove and where? In this blog post I will show you a way to report on the current permissions so that you can remove them where they shouldn't be granted 🙂
In a previous blog post (here) I wrote about how to get a list of changes in Active Directory administrative groups, I got a question about that on Facebook... The question was: Nice to get a list of changed groups and what the change was, but what account made that change? This blog post shows you a way to get all the security events from the Domain Controller security logs 🙂
Currently, I'm working for a customer on a new security model for their Active Directory, one of the things that we discussed was how to report on changes in certain administrative groups. I did this in the past using the Active Directory command-line tools (dsquery, dsget, etc.) but in this blog post, I will show you how to do this using PowerShell.