Power Shell - Export Active Directory Users

Why I need to export my Active Directory users/accounts ?

Working as a System Administrator sometimes (actually always) is a bit messy organise the users and accounts that you have in the Active Directory.
Sometimes do you have old users than left the company years ago, or maybe you created twice, or three times the same Service account.

However, it's a good practice to have a list of all your users in an Excel document, to take some actions about the organisation/administration of your Active Directory.

Here is a Power Shell script to export all your users to a CSV file, after that you will be able to apply filters and look for users, accounts that you don't need anymore.

The Script

 

#Path to export the CSV file, the folder must to be created before.
$path = Split-Path -Parent "C:\Export_AD_Users_to_CSV\*.*"

#Variable for the date.
$LogDate = get-date -f yyyyMMddhhmm

#Define CSV and log file location variables
#they have to be on the same location as the script
$csvFile = $path + "\ALLADUsers_$LogDate.csv"

#Import the AD Module
Import-Module ActiveDirectory

#Set the OU to do the base search for all user accounts.
$SearchBase = "OU=Domain Controllers,DC=contoso,DC=com"

#Get Admin account credential.
$GetAdminact = Get-Credential

#Define variable for a server with AD web services installed.
$ADServer = 'Server01'

#Define "Account Status" 
$AllADUsers = Get-ADUser -server $ADServer `
-Credential $GetAdminact -SearchBase $SearchBase `
-Filter * -Properties * | Where-Object {$_.info -NE 'Migrated'}

#Select the properties that you want to export.
$AllADUsers | 
Select-Object @{Label = "First Name";Expression = {$_.GivenName}},
@{Label = "Last Name";Expression = {$_.Surname}},
@{Label = "Display Name";Expression = {$_.DisplayName}},
@{Label = "Logon Name";Expression = {$_.sAMAccountName}},
@{Label = "Full address";Expression = {$_.StreetAddress}},
@{Label = "Job Title";Expression = {$_.Title}},
@{Label = "Directorate";Expression = {$_.Description}},
@{Label = "Department";Expression = {$_.Department}},
@{Label = "Phone";Expression = {$_.telephoneNumber}},
@{Label = "Email";Expression = {$_.Mail}},
@{Label = "Last LogOn Date";Expression = {$_.lastlogondate}} |

Export-Csv -Path $csvfile -NoTypeInformation

Manage 2008 from Server Manager 2012

Introduction

Windows Server 2012 allows us manage server remotely from Server Manager.
Also, we could just use Remote Server Administration Tool (RSAT) from client computer (Windows 8 or Windows 10).

However, if we are using a Windows 10 client computer or a Server 2012, we will need to run some setup in the 2008 server.
This setup will be installing WinRM and doing some configuration to avoid this manageability warning of “Online – Verify WinRM 3.0 service is installed, running, and required firewall ports are open".

Warning

Solution

1. Install Windows Management Framework 3.0

   Go and get the appropriate .msu from here: http://www.microsoft.com/en-us/download/details.aspx?id=34595
2. Config WinRM
   From a Power Shell terminal, with elevated right, type "winrm quickconfig"

   

   
   

3. Create Firewall Rule
   Allow port 5985

   
   

Remote Desktop Connection Manager

Remote Desktop Connection Manager

One of the best free software tool from Microsoft to administrate and manage Windows Server.
It's free, easy to use and very intuitive.

Download Link:

http://www.microsoft.com/en-au/download/details.aspx?id=21101&SearchToggle=true

NOTE: For the installation you must to have .NET Framework version 2.0  installed in your pc/server.

Here is a link to install the .NET Framework version 3.5 and 2.0 in Windows 8, 8.1, 10 :)
https://msdn.microsoft.com/en-us/library/hh506443(v=vs.110).aspx

Kind regards.

Windows 10 - Configure Gmail Mail and Calendar

Windows 10 - How to configure my Gmail account with Windows Mail & Calendar

Introduction

One of the good features that Windows 10 has is that you can integrate it with your personal account.
For instance, you are able to configure the Windows Future Mail & Calendar app with your Gmail account.

Step by Step

In order to do that, you must to follow the next easy steps.

1. First of all you need to open the Microsoft Mail or calendar to configure your Google account.
   (See Figure 1)
   As you see, the Microsoft account it was configured before, now we must to click on Add Account button to add the new on.
   
   

   

   Figure 1

2. Then, we will need to choose which account we want to add, that could be any one of the listed in the Figure 2.

   

   Figure 2
   

3. After selected the Google account, we will asked for the Google account credentials.
   (See Figure 3)

   

   Figure 3
   

4. We will be asked to confirm the connection with the Google account (Figure 4).
   Also, after that we will be asked if we want to save our password, I selected yes but this is up to you.
   
   

   

   Figure 3

5. Now, we are ready to use our Google Mail and Calendar with the Windows 10 Mail & calendar Client.

   

   Windows 10 - Mail Client

   
   

   

   Windows 10 - Calendar Client

Conclusion

Windows 10 has a lot of new features, I think that it's much superior than Windows 8.1.
It's a perfect mix between Win 8.1 and  Win 7.
The Mail and Calendar clients has a good look and feel, it works very well and also you can configure it to synchronize every hour/ every 10 min/ all the time, etc.

Let's go to see which more has Microsoft to surprise us.

PowerShell on Windows Server 2012

Introduction

Power Shell commands:

PS Version

 
   PS C:\> $PSVersionTable.PSVersion
   Major  Minor  Build  Revision
   -----  -----  -----  --------
   3      0      -1     -1

Remote Management

   
   //Comment To see if the WinRM Service is running
   Get-Service WinRM 
   //Comment Enable remote Power Shell management 
   Enable-PSRemoting -Force
   //Comment Connecting to the server
   New-PSSession -ComputerName ServerName -Credential administrator
   //Comment Now enter to the PSSession
   Enter-PSSEssion X 
   //Comment Where X is the number of the Session
  

Rename Computer:

   Rename-Computer
   Restart-Cmputer
  

Shutdown computer:

   Stop-Computer
  

Join a computer to a domain:

   Add-Computer -DomainName corp.contoso.com

   Restart-Computer
  

List and Install Windows Features

   
  //Comment List  
  Get-WindowsFeature
  //Comment Install
  Install-WindowsFeature -Name RSAT-AD-Tools -IncludeAllSubFeature -IncludeManagementTools
 
 //Comment Installing Windows Feature from media (Using DISM - Deployment Image Service & Managment)
 Get-WindowsImage -ImagePath D:\sources\install.wim
 
 Mount-WindowsImage -ImagePath D:\sources\install.wim -Index 4 -Path C:\mount -Optimize -ReadOnly
 
 Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart –Source c:\mount\windows\winsxs

 

Active Directory Commands

  //Comment User info

  
  Get-ADUser user.name
  Get-ADUser JohnDoe -Server seattle.otherdomain.com  

  Get-ADUser -Filter {Givenname -eq "Gaston"}
  Get-ADUser -Filter {Surename -eq "Gonzalez"}
  
  Get-ADGroup "Finance"
  Get-ADGroupMember "Finance"
  Get-ADPrincipalGroupMembership username | select name
  
  //Comment Remove a user from a AD Group
  Remove-ADGroupMember -Identity "DocumentReaders" -Member "WilsonPais"
 
  //Comment Move a user to different OU
  

  //Comment Create a user
  New-ADUser –Name “User Name” –GivenName User –Surname Name –UserPrincipalName uname@mw.local –SamAccountName uname
  
  //Comment To see a list of disabled accounts in the domain
  Search-ADAccount –AccountDisabled –UsersOnly |FT Name
  //Comment Enabele/Disable/Remove account
  Enable-ADAccount –Identity uname
  Disable-ADAccount –Identity uname
  Remove-ADUser uname

  //Comment Modify properties of a user
  Set-ADUser -Identity "GGonzalez" -OfficePhone "+54 9 11 62844466"
  
 

Install/Uninstall Windows GUI  

  Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell -Restart
  Uninstall-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell -Restart
  

Power Shell Shortcuts:

Alt+Space+E Displays an editing shortcut menu with Mark, Copy, Paste, Select All, Scroll, and Find options. You can then press K for Mark, Y for Copy, P for Paste, S for Select All, L to scroll through the screen buffer, or F to search for text in the screen buffer. To copy the screen buffer to the Clipboard, press Alt+Space+E+S and then press Alt+Space+E+Y. 

F7 Command history. 

Alt+F7 Clears the command history. 

Ctrl+C Press Ctrl+C to break out of the subprompt or terminate execution. 

Ctrl+End Press Ctrl+End to delete all the characters in the line after the cursor. 

Ctrl+Left arrow / Ctrl+Right arrow Press Ctrl+Left arrow or Ctrl+Right arrow to move left or right one word at a time. 

Ctrl+S Press Ctrl+S to pause or resume the display of output. 

Delete / Backspace Press Delete to delete the character under the cursor, or press the Backspace key to delete the character to the left of the cursor. 

A bit more

Cmdlet	Description
Add-ADCentralAccessPolicyMember	Adds central access rules to a central access policy in Active Directory
Add-ADgroupmember PhoenixAdmins PhoenixAdmin01, PhoenixAdmin02	Add members to group
Add-ADResourcePropertyListMember	Adds one or more resource properties to a resource property list in Active Directory
Add-Computer –DomainName domainname.com	Joins a computer to domain
Add-NetSwitchTeamMember	Adds a network adapter member to an existing switch team
Add-PhysicalDisk	Adds a physical disk to storage pool
Add-WindowsFeature	Adds a role or feature
Configure-SMRemoting.exe –Enable	Used to configure a computer running Windows Server 2012 for Remote Management
Configure-SMRemoting.exe –Get	Used to find out if a computer is configured for Remote Management
Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=nuggetlab,DC=com’ –Scope ForestOrConfigurationSet –Target ‘domain.com’	Enable Active Directory Recycle Bin
Enable-NetFirewallRule	Enables a previously disabled firewall rule to be active within the computer or a GP OU
Enable-PSRemoting	Configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology
Enter-PSSession remote server name -credential user name	Establishes a PS session with a remote computer
Get-ADTrust	Returns all trusted domain objects in the directory
Get-ADUser	Gets one or more Active Directory users
Get-DNSServerGlobalQueryBlockList	List of servers that it does not respond to when the DNS server receives a query to resolve the name in any zone for which the server is authoritative
Get-Help Install-WindowsFeature	Gets the syntax and accepted parameters for the Install-WindowsFeature Cmdlet
Get-NetIPAddress	Gets information about IP address configuration
Get-StoragePool	Show storage pools
Get-VirtualDisk	Show virtual disks
Get-VM –ComputerName <NAME> | Enable-VMResourceMetering	Enable Hyper-V resource metering on Hyper-V host
Get-VM –ComputerName NAME | Measure-VM	To get all VMs metering data
Get-WindowsFeature	Used to get a list of roles and features installed on a computer running Server 2012
Import-GPO	Imports a GPO
Import-Module	Adds module to the current session
Install-ADDSDomain	Installs New Domain
Install-ADDSDomainController	Installs additional DC
Install-ADDSForest	Installs new forest
Install-AddsForest –DomainName “example.com”	Used to promote a server to an Active Directory Domain Controller and make that new DC responsible for a new forest
Install-WindowsFeature (for remote computer add the –computer flag, as in Install-WindowsFeature <Feature> -Computer <ComputerName>	Adds a role or feature
Install-WindowsFeature –name AD-Domain-Services	Installs Active Directory binaries
Install-WindowsFeature Migration	Adds Migration tools
Install-WindowsFeature –Name Hyper-V –ComputerName<name> -IncludeManagementTools -Restart	Installs Hyper-V on remote computer
Install-WindowsFeature Server-Gui-Mgmt-Infra	Installs Minimal Server Interface from Server Core
Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell –Restart	Switch from Server Core to Full GUI
Netdom renamecomputer %ComputerName% /NewName: <NewComputerName>	Renames computer
New-ADGroup (with appropriate flags)	Creates a new AD group
New-ADUser	Creates new AD user
New-GPO	Creates a new GPO
New-GPStarterGPO	Creates a new starter GPO
New-NetFirewallRule	New firewall rule
New-NetIPAddress –IPAddress 10.10.10.73 –InterfaceAlias “Ethernet” –DefaultGateway 10.10.10.1 –PrefixLength 24	Configures IP address- Server Core
New-SMBShare –Name Documents –Path D:\Shares	Creates a new SMB Quick share named Documents with the drive label D:
New-StoragePool –FriendlyName –StorageSubSystemFriendlyName –PhysicalDisks	Used to create a storage pool
New-NetRoute –InterfaceIndex 13 –DestinationPrefix 2001:ABCD: /64 –Publish Yes	Configure Network Route for ISATAP Interface
New-NetSwitchTeam	Creates a new switch team (for network traffic failover)
New-VM –Name “VMNAME” –MemoryStartupBytes <memory> -NewVHDSizeBytes <disksize>	Create a Hyper-V virtual machine
Remove-ADCentralAccessPolicy	Creates a new central access policy in Active Directory containing a set of central access rules
Repair-VirtualDisk	Repair virtual disk
Reset-ADServiceAccountPassword	Resets the password for a standalone managed service account. Reset is not supported for group managed service accounts.
Reset-PhysicalDisk	Removes physical disk from storage pool
Restart-Computer	Restarts a computer
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 10.10.10.70, 10.10.10.1	Configure DNS address- Server Core
Set-DNSServerGlobalQueryBlockList	Replaces all names in the list of names that the DNS server does not resolve with the names that you specify (if you need to resolve name  such as ISATAP or WPAD remove these names from the list).
Set-ExecutionPolicy	Enables you to determine which Windows PowerShell scripts will be allowed to run on your computer
Set-NetFirewallProfile	Enable Windows firewall
Set-NetFirewallRule	Modify existing firewall rule
Set-NetIPAddress	Modifies IP address configuration properties of an existing IP address
Set-NetIPInterface	Modifies IP interface properties such as in DHCP, IPv6 neighbor discovery settings, router settings, and Wake on LAN settings.
Set-NetIPv4Protocol	Modifies information about the IPv4 protocol configuration
Set-RemoteDesktop –Enable	Enable Remote desktop connections to the server
Show-WindowsFeatures	List of roles and features installed on a computer
Sync-ADObject	Replicates a single object between any two domain controllers that have partitions in common
Test-ADServiceAccount	Tests a managed service account from a computer
Uninstall-ADDSDomainController –ForceRemoval –LocalAdministratorPassword <password> -Force	Demotes a domain controller
Uninstall-WindowsFeature –Name GPMC –Vhd “path” –Remove	Features on Demand- removes binaries for Group Policy Management Console (can be used for any other feature).
Uninstall-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell –Restart (use –Remove before the restart to remove binaries)	Switch from full GUI to Server Core
Uninstall-WindowsFeature Server-Gui-Shell –Restart	Switch from Full to Minimal Server Interface; no IE, taskbar, Windows Explorer, or Control Panel