Enable protection from accidental deletion on all organizational units in Active Directory domain

As part of running the best practice analyser for Active Directory, I wanted to protect all organizational units from accidental deletion, this is achievable by using both the Get-ADOrganizationalUnit and Set-ADOrganizationalUnit cmdlets. First of all I wanted to see which organizational units were not protected from accidental deletion, we can do this by invoking the Get-ADOrganizationalUnit … More Enable protection from accidental deletion on all organizational units in Active Directory domain

Enabling Active Directory Recycle Bin on Windows 2008 R2

Well I have been a bit lazy recently in terms of my certification and in particular refreshing my MCSA (2003). So, I have decided to make a start, which will ultimately be disrupted by my summer holidays (or should I say honeymoon!). First up I am going to prepare for the 70-640: Windows Server 2008 … More Enabling Active Directory Recycle Bin on Windows 2008 R2

Set Extension Attribute value for bulk users in Active Directory

I was recently reminded of a powershell script I compiled many months ago, to set a specified extension attribute to the location of JPEG a on a network share which would be used as the users profile picture within Sharepoint. The script was dependant on two items. Firstly,  the cmdlet’s require ActiveRoles Management Shell for … More Set Extension Attribute value for bulk users in Active Directory

Quest Active Roles: Perform action on expiring passwords

Add-PSSnapin Quest.ActiveRoles.ADManagement $maxPassAge = (Get-QADObject (Get-QADRootDSE).defaultNamingContextDN).MaximumPasswordAge.days $enabledUsers = Get-QADUser  -Enabled -PasswordNeverExpires:$false -size 0 -ldap “(mailNickName=*)” $expiredUsers = $enabledUsers | where {$_.passwordAge -gt 0 -AND ($maxPassAge-$_.passwordAge.days) -lt 7} $expiredUsers | foreach { Insert Action Here}