Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Download Quest Powershell with admin guide.
http://en.community.dell.com/techcenter/powergui/m/bits/20439049
Download Prerequisites
Microsft Powershell
http://support.microsoft.com/kb/968930
DotNet Framework 3.5 SP1
For query purpose its does not require any kind of special permission.
See the below link also.
Before running any ps script put the below command.
Set-ExecutionPolicy Unrestricted
1. How to find group members for n number of groups
$groups=get-content groups.txt
Foreach($group in $groups)
{
Get-QADGroupMember $group
Get-qadgroup $group
}
**Need to create a file called groups.txt and put the entire groups names into that text file. Find the below screenshot.
**
2. Find memberof for n number of users with powershell
$users=get-content users.txt
Foreach($user in $users)
{
get-Qadmemberof $user
Get-qaduser $user
}
3. Extract the known attr for "n" number of users
$users= get-content users.txt
foreach ($user in $users) {Get-QADuser $user -SerializeValues}
4. Find the E-MAILs of Users form an particular OU
get-QADuser -SearchRoot 'contoso.com/test' | select samaccountname,mail,memberof
5. Find the Display Name for n number of users
$users= get-content users.txt
foreach ($user in $users) {Get-QADuser $user -sizelimit 0 | Format-table displayname}
6. Find the Display Name,Canonicalname and Samaccountname for n number of users
$users= get-content users.txt
foreach ($user in $users) {Get-QADuser $user -sizelimit 0 | Format-table displayname,canonicalname,samaccountname}
7. Verify user is member of AD group
if(Get-QADMemberOf 'domain\user' -Indirect -Name GroupName){
"is member of"
}else{
"not member of"
}
8. Get Password Expiration Date of All Users in Active Directory
Get-QADUser -Name * | select givenName,sn,name,PasswordExpires
at the end you can add | Export-CSV c:\pass_exp.csv to export the results to file.
like: >Get-QADUser -Name * -sizelimit 0 | select givenName,sn,name,PasswordExpires | Export-CSV c:\pass_exp.csv
For 2008 R2 use this syntax
**Get-ADUser -Name * | select givenName,sn,name,PasswordExpires
**
**9. List the values of all properties of the user account. **
Get-QADUser <userlogon> -IncludeAllProperties -SerializeValues
10. Retrieve deleted user accounts with the name (RDN) of biz
C:\PS>Get-QADUser -Tombstone -Name 'biz*'
11. Find all objects for a OU
get-QADObject -Service 'itibase.contoso.com:389' -SearchRoot 'ou=test,dc=contoso,dc=com'
12.Restore a user account that was deleted from a particular container and had the name (RDN) of Bish B:
C:\PS> Get-QADUser -Tombstone -LastKnownParent '<DN of container>' –Name 'Bish B*' | Restore-QADDeletedObject
13. How to check the DACL
Get``-QADObject ``'cn=users,dc=contoso,dc=com' -SecurityMask Dacl | Get-QADPermission -Inherited -SchemaDefault
14. Checking the permission for an user/group
Get-QADObject 'cn=users,dc=contoso,dc=com' -SecurityMask Dacl | Get-QADPermission -Inherited -SchemaDefault | findstr / 'Groupname'
Group name is case sensitive.
15. Domain Controller Inventory
get-QADComputer -computerRole 'DomainController'| format-table -property computername,osname,osversion,osservicepack
get-QADComputer -computerRole 'DomainController' -IncludeAllProperties -SerializeValues | select cn,operatingSystem,msDS-isGC,msDS-isRODC,msds-sitename | Export-CSV c:\DCS.csv
16. Find the Disabled members from multiple GROUPS.
Get-Content c:\groups.txt | ForEach-Object {
Get-QADGroupMember $_ -Disabled
}