Active Directory

Script to modify the defaultSecurityDescriptor attribute on the Group-Policy-Container schema class object

June 29, 2016

Last week I published an article about the changes in the behavior of Group Policy processing after the deployment of security update MS16-072 under KB3163622. It included a script to assist with the remediation of Group Policy permissions: Script to report on and remediate the Group Policy security change in MS16-072. Of course that’s not where it […]

Read the full article →

Script to report on and remediate the Group Policy security change in MS16-072

June 22, 2016

On June 14th 2016 Microsoft released security update MS16-072 under KB3163622 that changes the behavior of Group Policy processing so that user group policies are now retrieved by using the machine’s security context instead of the user’s security context. This is a by-design behavior change from Microsoft to protect computers from a security vulnerability. Update 23/06/2016: Microsoft […]

Read the full article →

Netlogon parser for Message Analyzer

January 25, 2015

The Microsoft Message Analyzer is a very cool tool which helps us read and analyse a number of different log and trace file formats. In fact Message Analyzer is the replacement for the old Network Monitor (AKA Netmon) tool. Brandon Wilson from Microsoft wrote a parser for the NetLogon.log files. Here are the references to Brandon’s TechNet blogs: […]

Read the full article →

Script to Create a Summary Overview and Full Report of all Contact Objects in a Domain

January 2, 2015

This PowerShell script is one of the most comprehensive you will find that provides a thorough overview and full report of all contact objects in a domain. It is the culmination of many Active Directory audit and reviews and therefore contains valuable input from many customers. A lot of thought has been put into the logic […]

Read the full article →

Script to Create an Overview and Full Report of all Group Objects in a Domain

January 2, 2015

This PowerShell script is one of the most comprehensive you will find that provides a thorough overview and full report of all group objects in a domain. It is the culmination of many Active Directory audit and reviews and therefore contains valuable input from many customers. A lot of thought has been put into the logic within […]

Read the full article →

Script to Create an Active Directory Schema Update Report

June 22, 2014

This PowerShell script was written by the awesome Ashley McGlone (AKA Goatee PFE) and published to the TechNet Script Center. It was also blogged on the Scriting Guy TechNet site. However, it did need some updates to keep up with the newer schema updates as well as adding the SCCM (ConfigMgr) versions. As Ashley has […]

Read the full article →

Script to Create an Overview of all Computer Objects in a Domain

June 22, 2014

This PowerShell script will provide an overview and count of all computer objects in a domain based on Operating System and Service Pack. It helps an organisation to understand the number of stale and active computers against the different types of operating systems deployed in their environment. Computer objects are filtered into 4 categories: Windows Servers […]

Read the full article →

Script to Create a Report of Members of Privileged Groups

June 9, 2014

This PowerShell script will create a report of users that are members of the following privileged groups: Enterprise Admins Schema Admins Domain Admins Cert Publishers Administrators Account Operators Server Operators Backup Operators Print Operators This is the default list of privileged groups I’ve set, but you can adjust the privileged groups directly within the getForestPrivGroups function if needed. […]

Read the full article →

Script to Create, Import and Export Group Policy WMI Filters

June 9, 2014

This PowerShell script will Create, Import and Export Group Policy WMI Filters. I wrote this script to cover a number of different scenarios: To create a default set of GPO WMI Filters for new builds. To document existing WMI filters for health checks and audits. To provide a mechanism to migrate WMI filters between Dev, […]

Read the full article →

Script to Create a Report on the Primary Groups (primaryGroupID) in Use

May 27, 2014

This PowerShell script will enumerate all user accounts in a Domain and report on the primary groups (primaryGroupID) in use. It will also total up the number of enabled and disabled user accounts that each group is applied to. The output of this script helps with remediation tasks and perhaps even a redesign to implement some standards for the […]

Read the full article →