Get list of User account expiration dates


Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "SamAccountName","msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "SamAccountName", @{Name="Password Expiry Date"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

Shadow Groups

DS-Tools

The Quick and Dirty version:
dsquery user “<Organizational Unit distinguishedName>” –scope onelevel | dsmod group “<Shadow Group distinguishedName>” –chmbr

This will look for all users found in the specified OU, and limit the search to that OU only. Then it will clear the current group membership of the SG and add all users currently found in the OU.

The Clean and Clever batch file version:
Set OU=Organizational Unit distinguishedName (without quotes)
Set Group=Shadow Group distinguishedName (without quotes)

dsget group %Group% –members | find /v /i “%OU%” | dsmod group “%Group%” –rmmbr
dsquery * “%OU%” –filter “(&(sAMAccountType=805306368)(!memberOf=%Group%))” –scope onelevel | dsmod “%Group%” –addmbr


This will look at the group membership, pipe it to the find command, to find only the users where the OU’s distinguishedName is NOT present, and then pipe it to dsmod group to remove those users from the group. The next step is to look for all users in the specified OU that are NOT member of the Shadow Group already. It will then add any users found to the group.

PowerShell

Windows Server 2008 R2 with Active Directory cmdlets:
$OU=”Organizational Unit distinguishedName”
$Group=”Shadow Group distinguishedName”

Get-ADGroupMember –Identity $Group | Where-Object {$_.distinguishedName –NotMatch $OU} | ForEach-Object {Remove-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group –Confirm:$false}
Get-ADUser –SearchBase $OU –SearchScope OneLevel –LDAPFilter “(!memberOf=$Group)” | ForEach-Object {Add-ADPrincipalGroupMembership –Identity $_ –MemberOf $Group}
 

This will do the same thing as the ds-tools clean and clever version, except it’s done in PowerShell with the AD cmdlets.

Once you’ve decided for what approach you want to take, you can easily create a scheduled task for this and ensure that the batch or PowerShell script runs at intervals that suits your organization. Just make sure that the user account the scheduled task runs under has got the proper privileges (such as log on as batch job and permission to update the Shadow Groups (write members) in Active Directory).

WMI Filters

DESKTOPS

 

ANY WINDOWS DESKTOP OS

 

Any Windows Desktop OS – Version 1

select * from Win32_OperatingSystem WHERE ProductType = "1"

Any Windows Desktop OS – Version 2 (better for Win7 sometimes)

select * from Win32_OperatingSystem WHERE (ProductType <> "2") AND (ProductType <> "3")

Any Windows Desktop OS – 32-bit

select * from Win32_OperatingSystem WHERE ProductType = "1" AND NOT OSArchitecture = "64-bit"

Any Windows Desktop OS – 64-bit

select * from Win32_OperatingSystem WHERE ProductType = "1" AND OSArchitecture = "64-bit"

WINDOWS XP

 

Windows XP

select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1"

Windows XP – 32-bit

select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1" AND NOT OSArchitecture = "64-bit"

Windows XP – 64-bit

select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1" AND OSArchitecture = "64-bit"

WINDOWS VISTA

 

Windows Vista

select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1"

Windows Vista – 32-bit

select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

Windows Vista – 64-bit

select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1" AND OSArchitecture = "64-bit"

WINDOWS 7

 

Windows 7

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1"

Windows 7 – 32-bit

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

Windows 7 – 64-bit

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

WINDOWS 8

 

Windows 8

select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1"

Windows 8 – 32-bit

select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

Windows 8 – 64-bit

select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND OSArchitecture = "64-bit"

WINDOWS 8.1

 

Windows 8.1

select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1"

Windows 8.1 – 32-bit

select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

Windows 8.1 – 64-bit

select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND OSArchitecture = "64-bit"

 

 

SERVERS

 

ANY WINDOWS SERVER OS

 

Any Windows Server OS

select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3")

Any Windows Server OS – 32-bit

select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3") AND NOT OSArchitecture = "64-bit"

Any Windows Server OS – 64-bit

select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3") AND OSArchitecture = "64-bit"

Any Windows Server – Domain Controller

select * from Win32_OperatingSystem where (ProductType = "2")

Any Windows Server – Domain Controller – 32-bit

select * from Win32_OperatingSystem where (ProductType = "2") AND NOT OSArchitecture = "64-bit"

Any Windows Server – Domain Controller – 64-bit

select * from Win32_OperatingSystem where (ProductType = "2") AND OSArchitecture = "64-bit"

Any Windows Server – Non-Domain Controller

select * from Win32_OperatingSystem where (ProductType = "3")

Any Windows Server – Non- Domain Controller – 32-bit

select * from Win32_OperatingSystem where (ProductType = "3") AND NOT OSArchitecture = "64-bit"

Any Windows Server – Non-Domain Controller – 64-bit

select * from Win32_OperatingSystem where (ProductType = "3") AND OSArchitecture = "64-bit"

WINDOWS SERVER 2003

 

Windows Server 2003 – DC

select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2"

Windows Server 2003 – non-DC

select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3"

Windows Server 2003 – 32-bit – DC

select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"

Windows Server 2003 – 32-bit – non-DC

select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"

Windows Server 2003 – 64-bit – DC

select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2" AND OSArchitecture = "64-bit"

Windows Server 2003 – 64-bit – non-DC

select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3" AND OSArchitecture = "64-bit"

WINDOWS SERVER 2003 R2

 

Windows Server 2003 R2 – DC

select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2"

Windows Server 2003 R2 – non-DC

select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3"

Windows Server 2003 R2 – 32-bit – DC

select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"

Windows Server 2003 R2 – 32-bit – non-DC

select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"

Windows Server 2003 R2 – 64-bit – DC

select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2" AND OSArchitecture = "64-bit"

Windows Server 2003 R2 – 64-bit – non-DC

select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3" AND OSArchitecture = "64-bit"

WINDOWS SERVER 2008

 

Windows Server 2008 – DC

select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2"

Windows Server 2008 – non-DC

select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3"

Windows Server 2008 – 32-bit – DC

select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"

Windows Server 2008 – 32-bit – non-DC

select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"

Windows Server 2008 – 64-bit – DC

select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND OSArchitecture = "64-bit"

Windows Server 2008 – 64-bit – non-DC

select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND OSArchitecture = "64-bit"

WINDOWS SERVER 2008 R2

 

Windows Server 2008 R2 – 64-bit – DC

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="2"

Windows Server 2008 R2 – 64-bit – non-DC

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="3"

WINDOWS SERVER 2012

 

Windows Server 2012 – 64-bit – DC

select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="2"

Windows Server 2012 – 64-bit – non-DC

select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="3"

WINDOWS SERVER 2012 R2

 

Windows Server 2012 R2 – 64-bit – DC

select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="2"

Windows Server 2012 R2 – 64-bit – non-DC

select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="3"

Restore AD Objects

  • To enable Active Directory Recycle Bin using the Enable-ADOptionalFeature cmdlet
    Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.
    Below is a sample for enabling it for domain.com:
    Enable-ADOptionalFeature –Identity "CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com" –Scope ForestOrConfigurationSet –Target domain.com
     
    Once you have the Recycling Bin for Active Directory you will have to use LDP.exe to restore. By default the container with the deleted objects is not displayed. The following steps will allow you to see the container with the deleted objects.

        
    To display the Deleted Objects container
    1. To open Ldp.exe, click Start, click Run, and then type ldp.exe.
    2. On the Options menu, click Controls.
    3. In the Controls dialog box, expand the Load Predefined pull-down menu, click Return deleted objects, and then click OK.
    4. To verify that the Deleted Objects container is displayed:
      1. To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connections, click Connect, and then Bind
      2. Click View, click Tree, and in BaseDN, type DC=<mydomain>,DC=<com>, where <mydomain> and <com> represent the appropriate forest root domain name of your AD DS environment.
      3. In the console tree, double-click the root distinguished name (also known as DN) and locate the CN=Deleted Objects, DC=<mydomain>,DC=<com>container, where <mydomain> and <com> represent the appropriate forest root domain name of your AD DS environment.
         
         
        Once you have enabled the container to be displayed, you can now restore deleted objects from Active Directory. Below are the steps to recover a single item from the recycle bin using LDP.exe.
        To restore a deleted Active Directory object using Ldp.exe
    1. Open Ldp.exe from an elevated command prompt. Open a command prompt (Cmd.exe) as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, enter the appropriate credentials (if requested), confirm that the action it displays is what you want, and then click Continue.
    2. To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connections, click Connect, and then click Bind.
    3. On the Options menu, click Controls.
    4. In the Controls dialog box, expand the Load Predefined drop-down list, click Return Deleted Objects, and then click OK.
    5. In the console tree, navigate to the CN=Deleted Objects container.
    6. Locate and right-click the deleted Active Directory object that you want to restore, and then click Modify.
    7. In the Modify dialog box:
      1. In Edit Entry Attribute, type isDeleted.
      2. Leave the Values box empty.
      3. Under Operation, click Delete, and then click Enter.
      4. In Edit Entry Attribute, type distinguishedName.
      5. In Values, type the original distinguished name (also known as DN) of this Active Directory object.
      6. Under Operation, click Replace.
      7. Make sure that the Extended check box is selected, click Enter, and then click Run

Test SMTP Email with Telnet

In this example I'll email from [email protected] to [email protected]

 

First ID the SMTP server via it's MX record:

 

Nslookup -q=mx techshizz.com

 

From a Telnet client run:

 

Telnet mail.techshizz.com 25

 

At this point you should get a 220 response which means everything is OK up to this point.

 

Helo techshizz.com    <  just type the domain after helo - (not important)

 

Mail from: [email protected]

 

250 OK

 

Rcpt to: [email protected]

 

Data

This is a test - Ignore

.

    < Hit Enter then  <Period Key> then enter to submit.

 

250 OK

 

Quit