en Passant

A friend is working on a script to pull active LCS accounts from his AD. One last bit of information that he that was troubling him was enabled/disabled AD accounts.

Scenario: I was given a list of 15,000 email addresses and asked if they were still valid in our Exchange environment.

Easy method: I ran a simple VBScript that does an LDAP query against each email address. This worked great, except that it took close to 5 seconds per email address to query our environment. (~20 hrs!) The over-all run time was going to be too extreme.

This HTA applet allows you to grant extended AD permissions to a specific user. I use it to assign permissions to the Associated External Account of an AD user rights to modify their own delegates.

I found what values I needed by configuring a single user with permissions, then using Richard's DACL export script to dump that user. I then modify the script (see line 248) to match the permissions I want to grant.

The migration process used to move a number of mailboxes created a couple hundred dead mailboxes objects in our environment. Their mailbox information needed to be cleared before their mailboxes could be migrated to the server for the final time. To fix this, I looked into a script. First I found the script at TelnetPort25, here. This script goes through the entire environment and purges all deleted and non-system mailboxes.

I have been working on a number of projects lately where I need to touch most of the servers in our environment; be it changing DNS servers, or querying event logs, I needed a way to get every live server out there.

The attached script will query AD for all servers, then if pingable, it will attempt to gather more info via WMI. The final result is output to a CSV file in the C:\ root of the local computer.

• Server name
• OS version
• Last Service Pack # applied (not patch version)
• MAC Address, IP and DNS configuration for each active NIC

Expanding on my code to query single printer information, I found I could pull all networked printers from Active Directory(AD). This will help in cleaning up the naming standard for all our printers. Hopefully making DNS cleaner by using a single standard for host(A) records. Final file is written to c:\printer-info.csv. The attached script will return the following:

• Printer name
• Server name - where hosted
• Port - name of printer port (local or network)
• Share name

We recently finished a project updating the naming standard for all our Windows AD accounts. Once completed, I found that approximately 3% of the accounts had the alias field set to this old naming standard. Googled high-and-low, I could not find a simple script to set the alias field. So...

As I am learning some of the benefits (and quirks) to PowerShell, I am finding new ways to take advantage of the language. Besides the enormous user community out there available via Google, there are a number of people all trying to do the same thing. It appears that we are all very excited about the simplicity and complexity of Powershell.

I've been working to revise (yet again) my User export script to write to a single CSV file and to include additional fields. Using the Scripting Guys recent post, I was able to find the Powershell value for when an account was created. Oddly, the same value in VBScript?! :) Next I used my sample from my LastLogonTime field to span several OUs into a single CSV file. The normal  export-csv does not appear to span, simply over-write.

I have been attempting to do some cleanup of the Active Directory environment. My latest endeavor is to capture the last logon time from AD and correlate it to active accounts. If they're not logging on, maybe they don't know how, or don't need a mailbox??

This PowerShell script replicates the basic functionality of my Exchange Mailbox export HTA script. Rather quickly, it exports the following values (for all accounts with an email address) :

• First name (givenname)
• Last name (sn)
• Distinguished name
• Primary SMTP Address (mail)
• User Logon name (userprincipalname)
• User Logon name "Pre-Windows 2000" (sAMAccountName)
• All secondary email addresses (proxyaddresses)