Import-Module ServerManager Add-WindowsFeature -Name "RSAT-AD-PowerShell" -IncludeAllSubFeature Get-Command -Module ActiveDirectory Get-ADUser -Identity flofromm Get-ADUser -Filter "Department -like 'IT*'" Get-ADUser -Filter * -SearchBase "OU=Externals,DC=corp,DC=frickelsoft,DC=net" Search-ADAccount -LockedOut Search-ADAccount -AccountInactive -TimeSpan 120.00:00:00 | ft Name,LastLogonDate,Enabled Get-ADGroup -Filter * -Properties member Get-ADGroup -Filter "GroupCategory-eq 'Security'"-SearchBase "OU=Groups,DC=corp,DC=Frickelsoft,DC=net" Get-ADGroupMember -Identity 'Enterprise Admins' -Recursive Get-ADGroupMember -Identity 'Domain Admins' -Recursive Get-ADGroupMember -Identity 'Domain Admins' -Recursive | Get-ADUser -Properties Emailaddress, lastLogonDate | Export-CSV -Path "C:\ temp\csv\Domain Admins.CSV" Get-ADGroup -Filter "Name -like 'HR*'" -SearchBase 'OU=Groups, DC=nttest,DC=corp,DC=frickelsoft,DC=net' -SearchScope SubTree | Get-ADGroupMember Get-ADGroup -Filter "Name -like 'HR*'" -SearchBase 'OU=Groups,DC=nttest,DC=corp,DC=frickelsoft,DC=net' -SearchScope SubTree | Export-CSV -Path 'C:\temp\csv\HR_departmental_groups.csv' Get-ADUser -Filter * -SearchBase "OU=Externals,DC=corp,DC=frickelsoft,DC=net" | Set-ADUser -Add @{extensionAttribute4 = "M365"} Import-CSV 'C:\temp\csv\users.csv' | % { if($_. mail-like '*@frickelsoft.net') { Set-ADUser $_.sAMAccountName -Add @{extensionAttribute4 ="M365"}}} Import-CSV '.\Downloads\users.csv' | % { Set-ADUser -Identity $_.sAMAccountName-Add @{preferredDataLocation =$_.region }} Get-ADUser -Identity svc_low_SQL3 | Disable-ADAccount $lastLogonCutOff = (Get-Date). AddDays(-120) Get-ADUser -Filter { LastLogonDate -lt $lastLogonCutOff -and Enabled -eq $true } -SearchBase "OU=Externals,DC=corp,DC=frickelsoft,DC=net" | Disable-ADAccount Set-ADUser svc_low_SQL3 -LogonWorkstations "SQL3" $sqlServers = Get-ADComputer -Filter "Name -like 'SQL*'" -SearchBase "OU=Servers,OU=Tier1,DC=corp,DC=frickelsoft,DC=net" | SELECT sAMAccountName |%{$_.sAMAccountName.Trim("$")} $sqlServers = $sqlServers -join "," Set-ADUser svc_high_SQL3 -LogonWorkstations $sqlServers Set-ADAccountExpiration -Identity svc_low_SQL3 -TimeSpan 90.00:00:00 Search-ADAccount -PasswordNeverExpires | Export-CSV C:\temp\csv\neverexpires.csv Search-ADAccount -PasswordNeverExpires | %{Add-ADGroupMember -Identity "PWDNeverExpires" -Members $_.sAMAccountName } Get-ADUser -Filter 'DisplayName -like "SVC_HIGH_*"' -SearchBase "OU=Service Accounts,DC= corp,DC=frickelsoft,DC=net" | % { Add-ADGroupMember "High Sec Service Accounts" -Members $_ } $forest = Get-ADForest -Server "corp.frickelsoft.net" foreach($domain in $forest.Domains) { Get-ADDomainController -Filter * -Server $Domain } Get-ADForest | SELECT DomainNamingMaster, SchemaMaster Get -ADDomain -Name corp.frickelsoft.net | SELECT InfrastructureMaster, PDCEmulator, RIDMaster configPartition = (Get-ADRootDSE).configurationNamingContext Get-ADObject -Filter * -SearchBase "LDAP://CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,$($configPartition)" Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion Get-ADObject -Identity "CN=ms-Exch-Schema-Version-Pt,$((Get-ADRootDSE).schemaNamingContext)" -Properties rangeUpper | SELECT rangeUpper Get-AzureADPasswordProtectionSummaryReport -DomainController NTTEST-DC-01 DomainController: NTTEST-DC-01 PasswordChangesValidated: 4 PasswordSetsValidated: 2 PasswordChangesRejected: 7 PasswordSetsRejected: 5 ...