How to get list of all AD users in AD group

To list all members of one AD security group:

Get-AdGroupMember -identity "Domain Admins" | get-aduser -Properties * | ft name, samaccountname, whencreated

To list all sec. groups of one AD user (member of what groups):

Get-ADUser -Identity [someone'-samaccountname] -Properties memberof|Select-Object -ExpandProperty memberof

To copy all groups from one AD user to other:

Get-ADUser -Identity [source-user-samaccountname] -Properties memberof|Select-Object -ExpandProperty memberof|Add-ADGroupMember -Members [target-user-samaccountname]

# all groups of [source-user-samaccountname] will be copied to [target-user-samaccountname]… Read the rest

powershell script notification about expiration of password for AD user

#Import AD Module
Import-Module ActiveDirectory

#Create warning dates for future password expiration
$SevenDayWarnDate = (get-date).adddays(7).ToLongDateString()
$ThreeDayWarnDate = (get-date).adddays(3).ToLongDateString()
$OneDayWarnDate = (get-date).adddays(1).ToLongDateString()

#Email Variables
$MailSender = " Password AutoBot <>"
$Subject = 'FYI - Your account password will expire soon'
$EmailStub1 = 'I am a bot and performed this action automatically. I am here to inform you that the password for'
$EmailStub2 = 'will expire in'
$EmailStub3 = 'days on'
$EmailStub4 = '. Please contact the helpdesk if you need assistance changing your password. DO NOT REPLY TO THIS EMAIL.'
$SMTPServer = 'smtp.itforce.local'

#Find accounts that are enabled and 
Read the rest

How in bulk disable “Protect from accidental deletion” in AD

sample, how to untick/disable attiribute “Protect from accidental deletion” in bulk/batch for whole OU

It can be useful to be able to move, delete ADobjects using powershell, ADManager

$searchb02 = "OU=Disabled Users,DC=itforce,DC=local"
Get-ADObject -Filter * -SearchBase $searchb02 |ForEach-Object -Process {Set-ADObject -ProtectedFromAccidentalDeletion $false -Identity $_}
Read the rest

How to report in Active Directory all protected users

If you use ManageEngine ADmanager Plus then some your manual operations or automations can fail due to the “Protect from accidental deletion”. In this case it’s very useful to determine who has already this attribute enabled:

Get-ADuser -Filter * -Properties * | select-object name, samaccountname,enabled, ProtectedFromAccidentalDeletion | export-csv -path c:\temp\protection-status.csv -NoTypeInformation

if you need to disable this attribute pls visit my other post

 … Read the rest