PowerShell: Add Users to Active Directory Group from Text File

A customer recently requested a PowerShell script, to add Active Directory users to a security group. The list of users would come from a text file that resides on the filesystem. To that end, I wrote a short PowerShell script that does just that, complete with parameter validation. #requires -version 4.0 #requires -Module ActiveDirectory param … Read more PowerShell: Add Users to Active Directory Group from Text File

PowerShell: Update-Help via Scheduled Task in Group Policy Preferences

Introduction

If you’re like me, you probably like to ensure that all your computers have PowerShell updatable help updated on a regular basis. You can achieve this using a variety of methods, but since Group Policy Preferences are available out of the box using Windows 7 and later, I figured it would be the perfect tool to keep PowerShell help up-to-date! The following guide will show you how to implement a Windows Scheduled Task to update PowerShell version 3.0 help on a regular basis.

The following operating systems include Group Policy Preferences Client Side Extensions (GPP-CSE) out of the box:

  • Windows 7
  • Windows 8
  • Windows Server 2008 R2
  • Windows Server 2012

You can also deploy the Windows Management Framework Core 3.0, and Group Policy Preferences Client Side Extensions to Windows Server 2008 non-R2 systems, however the equivalent client operating system, Windows Vista, does not support WMF 3.0.

Read morePowerShell: Update-Help via Scheduled Task in Group Policy Preferences

Restricting Settings by Active Directory Site with Only One GPO

Introduction

Have you ever wanted to configure a setting using a single Active Directory (AD) Group Policy Object (GPO), but have a different value for each logical AD “site” in your IT environment? Well, even if you haven’t, there are other folks out there that do. Here is a paraphrased version of an inquiry that I received recently:

“I am working on a Windows 7 deployment, and I would like to have custom wallpapers depending on the physical location. This I am able to do but there are 20+ Active Directory sites and can do it with a GPO assigned to each site. However, it would be easier to manage just a single GPO. Is this possible?”

In short, this person wants 20+ different wallpapers, but doesn’t want to have to create 20+ unique GPOs in order to configure the wallpaper. The most common suggestion in this case, at least historically, would probably be to write a custom user-based logon script (as opposed to a computer startup script) that checks the current AD site, and sets the wallpaper based on that. Granted, that would be a pretty solid solution, however with Group Policy Preferences (GPP), we have another option that requires no knowledge of scripting!

Let’s explore how to use Group Policy Preferences to consolidate multiple desktop wallpaper configurations (per AD site) into a single GPO!

Read moreRestricting Settings by Active Directory Site with Only One GPO

PowerShell: Creating the System Management Container

If you’ve ever worked with Systems Management Server (SMS) 2003 or System Center Configuration Manager (ConfigMgr / SCCM) 2007, you probably are familiar with the step of creating the “System Management” container underneath the “CN=System,DC=mydomain,DC=com” container in Active Directory. Normally you have to go into ADSIEdit.msc in order to do this, since you can’t create … Read more PowerShell: Creating the System Management Container

PowerShell: Removing a list of computers from Active Directory

@Kid_Zer0 on Twitter recently asked the following question: “Need to delete a list of computers from AD – anyone know how to do this in #PowerShell or #VBScript (List is from a file)” I’ve previously written several versions of an Active Directory cleanup script, but if you’re not seeking something that complicated, you can simply … Read more PowerShell: Removing a list of computers from Active Directory

Intel vPro: Finding AMT Objects in Active Directory

If you are using Out Of Band (OOB) Management in Microsoft System Center Configuration Manager (SCCM) 2007 SP1 (or greater) to manage your Intel vPro clients, you may have noticed that computer objects are created in your Active Directory domain during provisioning of the Intel vPro firmware. These computer objects are created by the amtproxymgr … Read more Intel vPro: Finding AMT Objects in Active Directory

PowerShell: AD Workstation Cleanup Script version 2.0

Update (2010-08-25): I have posted a newer version of this script. A little while ago, I posted a PowerShell script that detects old machine accounts in Active Directory, and disables or deletes them, based on certain ages (in days). I’ve continued work on this script, such that it now logs information to Excel about actions … Read more PowerShell: AD Workstation Cleanup Script version 2.0

Failing software updates in SCCM / WSUS

I recently was troubleshooting an issue with some failing software update installations being deployed via SCCM / WSUS, and finally found out what was affecting them. All of the failed updates were related to Microsoft Office, so that kind of tells you something right there. It turns out, the root cause of the installation failure was … Read more Failing software updates in SCCM / WSUS

PowerShell: Clean up AD Computer Accounts

Update (2009-11-03): I have posted a newer version of this script. Please visit this link for information. ————— I recently wrote a script to clean up workstation accounts in our Active Directory domain. It’s not perfect, but it was a good learning experience, as I found out there are some gritty details when working with … Read more PowerShell: Clean up AD Computer Accounts