Find Active Directory User and Group Information using PowerShell

Quite often during my Active Directory projects I need to generate information about my customer’s users and groups in the environment for documentation purposes. Since PowerShell easily allows us to find and customize this information, I have written a simple script to help grab and output this information.

Copy the text below and save as a .ps1 file.

# PowerShell script to gather information for AD Users.

Import-Module ActiveDirectory

Write-Host “”
Write-Host “Running script to gather information about Active Directory user accounts” -ForegroundColor Green

# Directory where files will be saved
$outdir = “C:\AD Users”

# create the new directory if it’s not already there
if(!(test-path $outdir)){ mkdir $outdir | Out-Null }

# Remove Canonical Name from Distinguished Name
function Get-ADParent ([string] $dn) {
$parts = $dn -split ‘(?<![\\]),’
$parts[1..$($parts.Count-1)] -join ‘,’
$parent = @{Name=’OU’; Expression={ Get-ADParent $_ } }
$parent = @{Name=’OU’; Expression={ Get-ADParent $_.DistinguishedName } }

# Find info about the admin users
$allusers = Get-ADUser -filter * -Properties *
$dadmins = $allusers | where {$_.MemberOf -like “*Domain Admins*”}
$eadmins = $allusers | where {$_.MemberOf -like “*Enterprise Admins*”}
$sadmins = $allusers | where {$_.MemberOf -like “*Schema Admins*”}
$admins =$allusers | where {$_.MemberOf -like “*Administrators*”}
$dadmins | select -Property Name,SamAccountName,PasswordNeverExpires | sort Name | Export-Csv $outdir\Groups-DomainAdmins.csv -NoTypeInformation
$eadmins | select -Property Name,SamAccountName,PasswordNeverExpires | sort Name | Export-Csv $outdir\Groups-EnterpriseAdmins.csv -NoTypeInformation
$sadmins | select -Property Name,SamAccountName,PasswordNeverExpires | sort Name | Export-Csv $outdir\Groups-SchemaAdmins.csv -NoTypeInformation
$admins | select -Property Name,SamAccountName,PasswordNeverExpires | sort Name | Export-Csv $outdir\Groups-Administrators.csv -NoTypeInformation

# Find info about groups
$groups = Get-ADGroup -Filter * -Properties *
$groups | select -Property Name,GroupCategory,GroupScope,$parent | sort OU,GroupCategory,Name | Export-Csv $outdir\Groups.csv -NoTypeInformation

# Set date 90 days ago as a value to compare against (find stale accounts)
$date = [DateTime]::Today.AddDays(-90)

# Find info about user accounts (both active and inactive)
$allusers | select -Property Name,SamAccountName,Enabled,LastLogonDate,$parent | sort OU,Enabled,Name | Export-Csv $outdir\AllUsers.csv -NoTypeInformation
$activeusers = $allusers | where {$_.LastLogonDate -gt (get-date).addmonths(-3) -AND $_.enabled -eq “True”}
$activeusers | select -Property Name,SamAccountName,Enabled,LastLogonDate,$parent | sort OU,Name | Export-Csv $outdir\ActiveUsers.csv -NoTypeInformation
$disabledusers = Search-ADAccount -AccountDisabled -UsersOnly
$disabledusers | select -Property Name,SamAccountName,LastLogonDate,$parent | sort OU,Name | Export-Csv $outdir\DisabledUsers.csv -NoTypeInformation
$inactiveusers = Get-ADUser -Filter ‘LastLogon -le $date’
$inactiveusers | select -Property Name,SamAccountName,Enabled,LastLogonDate,$parent | sort Enabled,OU,Name | Export-Csv $outdir\InactiveUsers.csv -NoTypeInformation
$nopwexpiration = $allusers | where {$_.PasswordNeverExpires -eq $true}
$nopwexpiration | select -Property Name,SamAccountName,PasswordNeverExpires,Enabled,$parent | sort OU,Name | Export-Csv $outdir\NoPWExpirationUsers.csv -NoTypeInformation

# Generate text file of the numbers of users
“All Users: $(($allusers).count)” | Out-File $outdir\UserCount.txt
“Active Users: $(($activeusers).count)” | Out-File $outdir\UserCount.txt -Append
“Inactive Users: $(($inactiveusers).count)” | Out-File $outdir\UserCount.txt -Append
“Disabled Users: $(($disabledusers).count)” | Out-File $outdir\UserCount.txt -Append
“Domain Admins: $(($dadmins).count)” | Out-File $outdir\UserCount.txt -Append
“Enterprise Admins: $(($eadmins).count)” | Out-File $outdir\UserCount.txt -Append
“Schema Admins: $(($sadmins).count)” | Out-File $outdir\UserCount.txt -Append
“Administrators: $(($admins).count)” | Out-File $outdir\UserCount.txt -Append
“All Groups: $(($groups).count)” | Out-File $outdir\UserCount.txt -Append

Write-Host “”
Write-Host “Completed!” -NoNewline “Ouput from the script is located in $outdir” -ForegroundColor Green
Write-Host “”


Run DCDiag on all domain controllers using PowerShell script

Since DCDiag is a simple and great way to check the health of a domain controller I have decided to right a simple script in PowerShell that will connect to all domain controllers in a session, run DCDiag, and spit out the results to a text file. The requirements to make this work is that the domain controller must support PowerShell remoting with it enabled on each domain controller you want to run it on. This at least requires that PowerShell V2 is installed on the domain controller. To enable PowerShell remoting, you can either run Enable-PSRemoting from the PowerShell console on each domain controller or create a GPO and apply to the domain controllers OU. PowerShell remoting is enabled by default on Server 2012 and 2012 R2 domain controllers.

Copy the text below and save as a .ps1 file. Remember to run “Set-ExecutionPolicy Unrestricted” on the domain controller you plan on running the script from. The script will only need to be run once.

Import-Module ActiveDirectory
$outdir = “C:\DCDiag”
if(!(test-path $outdir)){ mkdir $outdir }
$DCs = (Get-ADForest).Domains | %{ Get-ADDomainController –Filter * -Server $_ }
foreach ($DC in $DCs){
$sessions = New-PSSession $
$dcoutdir = “$outdir\$($”
New-Item $dcoutdir -ItemType directory | Out-Null
Invoke-Command -Session $sessions {dcdiag} | Out-File $dcoutdir\dcdiag.txt
Remove-PSSession -ComputerName $

Write-Host “”
Write-Host “Output from script will be in ” $outdir

Write-Host “”


Find Current Users using PowerShell

Similar to having to help discover the current workstations in the environment in my previous post, I also helped myself (along with my customer) in generating the list of current users as well for the migration.

Again the variables I needed to consider are that the account has logged in within 3 months from today’s date along with being an enabled account. The command I used to achieve this is:

Get-ADUser -Properties * -Filter * | where {$_.LastLogonDate -gt (get-date).addmonths(-3) -AND $_.enabled -eq “True”} | select -Property Name,SamAccountName,Enabled,LastLogonDate | sort-object Name | Export-Csv C:\Lists\Users.csv -NoTypeInformation

Enjoy (again)

Find Current Workstations in PowerShell

Recently while performing an Active Directory migration for a customer I needed to generate a list of workstations that were currently in use in the environment. Since the customer was extremely busy wrapped up in numerous other projects and I was in a time crunch, I decided to see what PowerShell could do for me. Some of the variables I needed for my list were:

  • Computer is running a client operating system
  • Computer account is enabled
  • Computer had been logged on in the past 3 months

Using those variables, I generated a nice command to find, sort, and output the information in an Excel file so the project could continue to move on at a decent pace without delay. The command I use to achieve this was:

Get-ADComputer -Properties * -Filter * | where {$_.OperatingSystem -notlike “*server*” -AND $_.lastlogondate -gt (get-date).addmonths(-3) -AND $_.enabled -eq “True”} | select -Property Name,OperatingSystem,Enabled,LastLogonDate | sort-object LastLogonDate -descending | Export-Csv c:\Lists\Workstations.csv -NoTypeInformation


Self-Signed Certificate for LDAPs

March 19, 2014 2 comments

I recently ran into an instance where one of my customers needed to get LDAPs up and functioning quickly. We had a pending engagement to help them implement some Certification Authorities but needed something to hold them ever temporarily until the completion of the project. The following is a way to setup LDAPs using self-signed certificates.

Create the following certificate request making the subject the FQDN of the domain controller, save as .inf file.

Open the Command Prompt as Administrator. Run the following certreq command and call the .inf file

Click Cancel on the Save Request screen after.

Open up the Certificates console using the MMC. Look in Computer Personal Store and export the certificate.

Since there is only one option to not export the private key, click

 Select the Base-64 encoded button to export the file as the Base-64 format, click Next.

Save the file in an easy location for import into the Trusted Root Certification Store, click Save.

 Go to the Trusted Root Certification Authority, right click on Certificates, click Import.


Click Browse to select the file that was just exported.


 Highlight the Base-64 certificate file and click Open.

Place the certificate into the Trusted Root Certification Authorities Store, click Next.


Click Finish to end


Categories: Active Directory

Using PowerShell to display wireless SSID and password

Being in the Information Technology field, I often turn into everyone’s “computer guy”. If you work in IT, you know exactly what I am talking about. I recently have been asked a few times about what password was configured on someone’s personal wireless connection. Sometimes people bring in their other “computer guys” or companies that may get the laptop connected to WiFi and not share the password with them but write it down and put it somewhere. Often the average user is not savvy enough to just hop on their web browser, go to the router URL (remembering that username and password as well), and dig around there to find it. Since PowerShell can do pretty much anything and everything in the Windows world, I have been using this to help assist those in need.

Open a PowerShell window by clicking Start or pressing the Start key on the keyboard and typing PowerShell.

Once the PowerShell windows is open, run this command:

[string](netsh wlan show profiles name=([string](netsh wlan show interface | sls “\sSSID”) | sls “\:.+”| %{$_.Matches} | %{$ssid = $_.Value -replace “\:\s+”; $ssid}) key=clear | sls “Key Content”) | sls “\:.+”| %{$_.Matches} | %{$pass= $_.Value -replace “\:\s”}; Write-Host “SSID:`t”$ssid”`nPass:`t”$pass;

This will display the current SSID and password that is used on the Wireless connection.


Categories: PowerShell

FSMO placement and optimization on Active Directory domain controllers

Over my time in IT I have heard numerous cases on where the FSMO roles should reside on domain controllers in a domain. During some random research regarding some FSMO holder information I stumbled across this article on the Microsoft support site that I thought I would share.

FSMO placement and optimization on Active Directory Domain Controllers

Categories: Active Directory