There are several Active Directory attributes where the value is stored as an Integer8 value. These include: accountExpires badPasswordTime lastlogon lastlogontimestamp pwdLastSet Here’s information on what Integer8 is: Many attributes in Active Directory have a data type (syntax) called Integer8. These 64-bit numbers (8 bytes) often represent time in 100-nanosecond intervals. If the Integer8 attribute …
Tag: ActiveDirectory
Oct 15 2014
PowerShell Function: Get-ADAuthGroups
Here’s a PowerShell Function that leverages Active Directory .Net to get a list of the AD authorization groups. This is extremely useful to get a complete list of security groups that comprise a user’s AD Kerberos token without having to loop or recurse AD groups. Function GetAuthGroups { Param ( $AccountID, [switch]$CountAuthGroups, [Switch]$ReturnGroups = …
Oct 10 2014
PowerShell and Ambiguous Name Resolution (ANR) Search in Active Directory
I was recently asked how to find a user when you have data that may be the SamAccountName or in another attribute. My first thought was leveraging Ambiguous Name Resolution (ANR) Search in Active Directory. ANR enables you to find a user when you have some information about a user, but don’t know exactly to …
Oct 07 2014
PowerShell Code: Find User in Active Directory Forest
PowerShell Code: Find User in Active Directory Forest There are times when you have a userid, but don’t know where in a multi-domain forest a user is located. Here’s some PowerShell code for locating the user’s domain. PowerShell code leverages the Active Directory PowerShell module to query a local Global Catalog (GC) server in …
Sep 30 2014
Azure & Active Directory
Azure is big. It’s really big. Seriously, it’s hard to comprehend just how big it really is. (Apologies to Douglas Adams.) In July of last year, then-CEO Steve Ballmer stated that Azure data centers held “comfortably over a million physical servers.” Last year, Azure server purchases accounted for 17% of all server purchases worldwide. …
Sep 27 2014
Powershell Remote Use of Module Commandlets (Remoting Import-Module)
Practically all of my Powershell scripts use an Active Directory commandlet. Ok, so they use several. I like to query AD to get environmental information so when I run the script, I know what I am working with from an AD perspective. I can’t help it, I’m an AD Guy. In order to run the …
Sep 25 2014
PowerShell Code: Find Active Directory Site Containing AD Subnet
Here’s a quick script that returns the site in the Active Directory forest given a subnet (ex. 10.20.30.0). Match-Subnet2Site.ps1 Param ( [string]$Subnet ) $IPSubnetRegEx = ‘\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|0)\b’ # $IPRegEx = ‘\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b’ IF ($Subnet -match $IPSubnetRegEx) { Write-Output “Searching the AD forest for subnet: $Subnet ” } ELSE { Write-Error “The provided subnet ($Subnet) is not …
Sep 24 2014
LOL! Lingering Object Liquidator for Active Directory
Microsoft released the LOL GUI tool for removing Active Directory lingering objects. Historically, removing lingering objects from AD had been a painful process. Note that LOL is not a straightforward download. Follow the following steps to download: Log on to the Microsoft Connect site (using the Sign in) link with a Microsoft account:: http://connect.microsoft.com Note: …
Sep 23 2014
PowerShell Code: Active Directory Domain Controller Discovery
There are several different ways to find AD Domain Controllers (DCs). Here are a few: AD PowerShell Module: Discover the closest Domain Controller running the AD web services (support PowerShell AD cmdlets): import-module activedirectory Get-ADDomainController -discover -forcediscover -nextclosestsite -service ADWS discover – find a DC forcediscover – re-discover a DC and not use a cached …
Recent Comments