Active Directory

Validating username and password with PowerShell

Intro Even though we have group managed service account, regular user accounts are still used by various services and applications. The passwords for these accounts are (hopefully) hard to remember and might be shared by a group of people. This means that when it’s time to modify that service , scheduled task or application we haven’t touched in years I really want to make sure I have the right username and password before I start.

PowerShell, ActiveDirectory and the elusive Filter parameter

When searching for users in Active Directory using PowerShell, the ActiveDirectory module is often one of the first things that comes in to mind. The module has been around for quite som time now but there is one problem that many users still stumbles on, the Filter parameter. There are basically three methods for searching after a user with Get-ADUser.

tl;dr;** _This article explains how use the -Filter parameter when searching AD, if you just want the answer, skip down to the_ **_Solution._

Test GPO read permission with PowerShell (MS16-072 – KB3159398)

Last patch-tuesday, Microsoft released Security Bulletin MS16-072. This update changes how Group Policies are downloaded to a computer which might cause GPOs to fail to apply. A common symptom for this is that users no longer get their drives mapped by GPO. To quote the KB-article KB3159398: This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.

Reset password in Active Directory using PowerShell

I’ve previously written about how to generate a random password and how to output a password in phonetic alphabet. Today I’m going to put those two functions to use in a practical example. Scenario: Carl is a helpdesk agent and today he is feeling a bit stressed out. There has been an outage on one of the business critical systems and the phones are constantly ringing. One of the calls is a user who forgot his password and Carl quickly asks the usual control questions to make sure that the user is who he claims to be, locates the user account and clicks on reset password.

Generating passwords for Active Directory–Revisited

I once wrote a post on how to generate random passwords that would comply with Active Directory complexity rules quite a while back. My script on TechNet Gallery has now reached over 2000 downloads and I thought it might be time to revisit the topic with a few updates. First off I’ve just updated the script, mainly for better performance. I’ve also realized that a common scenario is when a user calls the service desk asking for a new password.