Active Directory

List Computer-Objects with last logon time

get-adcomputer -filter * -properties lastlogontimestamp | sort name | select Name, @{N='LastLogontimestamp'; E={[DateTime]::FromFileTime($_.LastLogontimestamp).tostring("dd.MM.yyyy, hh:mm")}}, DistinguishedName | export-csv -path c:\install\adcomputer.csv

List Group-Objects with no member

Get-ADGroup -Filter * -Properties Members | Where-Object {$_.Members.count -eq 0} | Select Name, GroupCategory, DistinguishedName  | export-csv -path c:\install\emptygroups.csv

List Group-Objects with only disabled members

Import-Module ActiveDirectory
$groups = Get-ADGroup -Filter * -Properties Members
$groupsWithDisabledUsers = @()
 
foreach ($group in $groups) {

    $members = Get-ADObject -LDAPFilter "(objectCategory=person)" -SearchBase $group.DistinguishedName -SearchScope OneLevel -ResultSetSize 500000
    $disabledMembers = $members | Where-Object {$_.ObjectClass -eq 'user' -and $_.Enabled -eq $false}

    if ($members.Count -eq $disabledMembers.Count -and $members.Count -gt 0) {
        $groupObject = [PSCustomObject]@{
            GroupName = $group.Name
            DisabledMembers = $disabledMembers.Name
        }
        $groupsWithDisabledUsers += $groupObject
    }
}
 
if ($groupsWithDisabledUsers.Count -gt 0) {
    $outputPath = "C:\Install\groups.csv"
    $groupsWithDisabledUsers | Export-Csv -Path $outputPath -NoTypeInformation
    Write-Host "Groups with only disabled users exported to $outputPath"
}
else {
    Write-Host "No groups found with only disabled users."
}

List User-Objects with last logon time

get-aduser -filter * -properties lastlogontimestamp | sort name | select Name, @{N='Date LastLogontimestamp'; E={[DateTime]::FromFileTime($_.LastLogontimestamp).tostring("dd.MM.yyyy")}}, @{N='Time LastLogontimestamp'; E={[DateTime]::FromFileTime($_.LastLogontimestamp).tostring("hh:mm")}}, DistinguishedName | export-csv -path c:\install\aduser.csv

List User-Objects with last logon time and there azure licenses

# Install the Azure AD module if it's not already installed
Install-Module -Name AzureAD -Force
 
# Connect to Azure AD
Connect-AzureAD
 
# Get all users and their license details
$azureADUsers = Get-AzureADUser -All $true | Get-AzureADUserLicenseDetail
 
# Get Active Directory users and their last logon timestamp
$adUsers = Get-ADUser -Filter * -Properties LastLogonTimeStamp |
    Sort-Object -Property Name |
    Select-Object Name,
        @{Name='DateLastLogonTimestamp'; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp).ToString("dd.MM.yyyy")}},
        @{Name='TimeLastLogonTimestamp'; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp).ToString("hh:mm")}},
        DistinguishedName
 
# Join Active Directory users with Azure AD license information
$users = $adUsers | ForEach-Object {

    $azureADUser = $azureADUsers | Where-Object { $_.UserPrincipalName -eq $_.DistinguishedName.Split(',')[0].Split('=')[1] }

    [PSCustomObject]@{
        Name = $_.Name
        DateLastLogonTimestamp = $_.DateLastLogonTimestamp
        TimeLastLogonTimestamp = $_.TimeLastLogonTimestamp
        DistinguishedName = $_.DistinguishedName
        AssignedLicenses = $azureADUser.LicenseDetails.ServicePlans.ServicePlanName -join ', '
    }
}
 
# Export the user information to a CSV file

$users | Export-Csv -Path 'C:\install\UserInfo.csv' -NoTypeInformation

Find duplicate users in Active Directory by comparing Displayname

Script can be adapted to search for all ad attributes.

# Import the Active Directory module
Import-Module ActiveDirectory
 
# Get all user objects from Active Directory
$users = Get-ADUser -Filter * -Properties displayname

# Create a hashtable to store displayname and the corresponding user objects
$userTable = @{}
 
# Loop through each user object
foreach ($user in $users) {
    # Get the displayname
    $upn = $user.displayname
    # If the displayname is not null
    if ($upn) {
        # If the displayname already exists in the hashtable
        if ($userTable.ContainsKey($upn)) {
            # Add the current user object to the existing array
            $userTable[$upn] += $user
        }
        else {
            # Create a new array with the current user object
            $userTable[$upn] = @($user)
        }
    }
}
 
# Filter the hashtable to get only the entries with more than one user object
$duplicateUsers = $userTable.GetEnumerator() | Where-Object { $_.Value.Count -gt 1 }
 
# Output the duplicate users
if ($duplicateUsers) {
    Write-Host "Duplicate users found based on displayname:"
    foreach ($duplicateUser in $duplicateUsers) {
        Write-Host "displayname: $($duplicateUser.Key)"
        $duplicateUser.Value | ForEach-Object {
            Write-Host "`t$($_.Name) ($($_.displayname))"
        }
    }
}
else {
    Write-Host "No duplicate users found based on displayname."
}

Export Group Policies from specific OU and its subtree

Import-Module -Name ActiveDirectory
 
# – Set Variables

$BaseOU=”OU=Server,DC=ad,DC=test,DC=com”

$RootBackupFolder=”C:\temp”

$BackupFolder=(get-date).ToString(“ddMMyyyy”)
 
# – Create Backup Folder

If (Test-Path $RootBackupFolder\$BackupFolder) {

Write-Verbose “Backup Folder already exists”

Exit}

Else {

New-Item -Path $RootBackupFolder\$BackupFolder -ItemType Directory -Verbose

}
 
# – Main

# — Get all GPO’s linked to OU Recursive
 
 
$OUs = @()
 
$OUs = Get-ADOrganizationalUnit -searchbase $BaseOU -filter *
 
foreach ($OU in $OUs){

    (Get-ADOrganizationalUnit -Identity $OU).LinkedGroupPolicyObjects | % {

    # — Get GPO details

    $GPOGUID=”{” + ($_.Split(“{“)[1]).Split(“}”)[0] + “}”

    $GPOName=(Get-GPO -Guid $GPOGUID).DisplayName

    Write-Verbose “Processing: $GPOName”

    # — Create backup folder based on GPO Name

    New-Item -Path $RootBackupFolder\$BackupFolder\$GPOName -ItemType Directory -Verbose

    # — Backup GPO

    Backup-GPO -Guid $GPOGUID -Path $RootBackupFolder\$BackupFolder\$GPOName -Verbose

    }

}