Here’s a quick script that returns the site in the Active Directory forest given a subnet (ex. 10.20.30.0). Match-Subnet2Site.ps1 Param ( [string]$Subnet ) $IPSubnetRegEx = ‘\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|0)\b’ # $IPRegEx = ‘\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b’ IF ($Subnet -match $IPSubnetRegEx) { Write-Output “Searching the AD forest for subnet: $Subnet ” } ELSE { Write-Error “The provided subnet ($Subnet) is not …
Tag: ActiveDirectory
Sep 24 2014
LOL! Lingering Object Liquidator for Active Directory
Microsoft released the LOL GUI tool for removing Active Directory lingering objects. Historically, removing lingering objects from AD had been a painful process. Note that LOL is not a straightforward download. Follow the following steps to download: Log on to the Microsoft Connect site (using the Sign in) link with a Microsoft account:: http://connect.microsoft.com Note: …
Sep 23 2014
PowerShell Code: Active Directory Domain Controller Discovery
There are several different ways to find AD Domain Controllers (DCs). Here are a few: AD PowerShell Module: Discover the closest Domain Controller running the AD web services (support PowerShell AD cmdlets): import-module activedirectory Get-ADDomainController -discover -forcediscover -nextclosestsite -service ADWS discover – find a DC forcediscover – re-discover a DC and not use a cached …
Sep 19 2014
Read-Only Domain Controller (RODC) Information
The RODC is one of the most interesting new features of Windows Server 2008. RODCs provide the following: Read-only Active Directory Database – Read-only copy of Active Directory provides a more secure option for distant locations such as a branch office. Changes attempted against the RODC are referred to the next upstream DC. Read-only DNS Server …
Sep 02 2014
PowerShell: Using Active Directory .Net methods in PowerShell Part 2
Powershell has the incredible ability to run some .Net methods natively. Some of this data can also be gathered using AD commandlets. Read Part 1 for others. Here are a few of my favorites. Get a Computer’s Site: [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite() Get a User’s Domain: [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name Get a Computer’s Domain: [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name List Active Directory FSMOs: …
Jul 01 2014
LSASS Crashing, CNF Objects May Be the Cause
What Happens and How Do I Know if I’m Affected? When CNF mangled NTDS settings objects are created, the Lsass.exe process may crash and unexpectedly reboot one or more domain controllers. So there is a pretty good chance you’ll know about it. You may not know the root cause of the crash. More specifically though …
Jun 02 2014
Active Directory 2012 DCPromo
Starting with Windows Server 2012, DCPromo is no longer used to promote a member server to be a Domain Controller. Since DCPromo no longer works (Microsoft calls this featured deprecated), there is a new GUI option and associated Powershell commandlets. There are major changes to the promotion process which integrate the process. This simplified process …
May 27 2014
PowerShell Code: Get & Set Active Directory Tombstone Lifetime and Active Directory Delete & Recycle Operations
Active Directory is a multi-master database replicated among multiple Domain Controllers. In order to ensure that objects are fully replicated before deletions are processed (purged), objects that are marked for deletion before they are completely purged from Active Directory. Active Directory marks the object as deleted by performing the following actions on the object: The …
May 22 2014
Microsoft TechEd 2014 Sessions Posted
One of the toughest parts of being in the IT field is staying up to date with technology trends, directions, and products. I have found that free-to-view online content is a great way to do this. Microsoft has TechEd sessions posted going back to 2008: 2014 2013 2012 2011 2010 2009 2008 Here are some …
May 15 2014
Group Policy Preferences Password Vulnerability Now Patched
Looks like Microsoft finally removed the ability to set admin account passwords through GPP due to the Group Policy Preferences password exposure vulnerability. More information on how Group Policy Preferences are attacked is in the post “Finding Passwords in SYSVOL & Exploiting Group Policy Preferences“. Because of the security concerns with storing passwords in Group …