Some of our customers have an Active Directory environment that needs upgrading. To get a good overview of their environment, I always check many things before writing a report and a recommendation about which steps we need to take. In this blog post, I will show you a script that gathers information about the Active Directory Domain, which saves a lot of command-line checking and starting up Management Consoles 😉
Active Directory
Retrieve all local group members of Active Directory member servers
For one of our customers, we needed a report on all local groups, and their members on all Active Directory joined servers. You can connect all servers one by one with Computer Management and check... But, luckily, PowerShell is there for you 🙂 In this blog post, I will show you an easy way to get a report on the memberships, and yes... I used the ImportExcel module, too (Needed for the Export-Excel cmdlet) 😀
Report on Active Directory Container permissions using PowerShell
In a previous blog post (Link), I showed a way to create a report on OU (Organizational Unit) permissions. One of the replies I got about that was: How about the Container permissions? Those are important too 🙂 And that's correct, they are! In this blog post, I will show you how to create a report on those (The script is based on the OU report)
Report on Active Directory OU permissions using PowerShell
For one of our customers, we are working on restricting permissions of admin accounts by implementing Role Based Access and delegating permissions to Organizational Units (OUs). But one of the first questions was… What are the current permissions, and what should we remove and where? In this blog post, I will show you a way to report on the current permissions so that you can remove them where they shouldn't be granted 🙂
Retrieve Security events from Active Directory using PowerShell
In a previous blog post (here), I wrote about how to get a list of changes in Active Directory administrative groups. I got a question about that on Facebook... The question was: Nice to get a list of changed groups and what the change was, but what account made that change? This blog post shows you a way to get all the security events from the Domain Controller security logs 🙂
Report on changed Active Directory groups using PowerShell
Currently, I'm working for a customer on a new security model for their Active Directory. We discussed how to report on changes in certain administrative groups. I did this in the past using the Active Directory command-line tools (dsquery, dsget, etc.), but in this blog post, I will show you how to do this using PowerShell.