How to get list of all AD users in AD group

To list all members of one AD security group:

Get-AdGroupMember -identity "Domain Admins" | get-aduser -Properties * | ft name, samaccountname, whencreated

To list all sec. groups of one AD user (member of what groups):

Get-ADUser -Identity [someone'-samaccountname] -Properties memberof|Select-Object -ExpandProperty memberof

To copy all groups from one AD user to other:

Get-ADUser -Identity [source-user-samaccountname] -Properties memberof|Select-Object -ExpandProperty memberof|Add-ADGroupMember -Members [target-user-samaccountname]

# all groups of [source-user-samaccountname] will be copied to [target-user-samaccountname]… Read the rest

Recommendations for powershell profile

As i showed in my post about creation of powershell profile you can add into profile your own frequently used functions.

I recommend to name them with permanent prefix. For example i create all my functions as moguy-cdp, moguy-esxi and so on.

In this case you don’t need to remember the name of your function to run, just start typing as moguy… and autocompletion will show you all your functions.

for example:

function moguy-vms


Get-VMHost | Get-VM | Select-Object Name, PowerState, NumCpu, MemoryMB, VMhost, @{N="Datastore";E={Get-Datastore -vm $_}}, UsedSpaceGB, ProvisionedSpaceGB, @{Name='ToolsVersion';Expression={$_.Guest.ToolsVersion}}, @{Name=’VMHostVersion’;Expression={$_.VMHost.Version}},Version, @{N="IP Address";E={@($_.guest.IPAddress[0])}},@{Name=’Cluster’;Expression={$_.VMHost.Parent}}, @{N="PortGroup";E={Get-VirtualPortGroup -VM $_}}, @{N="owner1";E={$_.customfields.item("owner1")}} | Export-Csv 
Read the rest

powershell script notification about expiration of password for AD user

#Import AD Module
Import-Module ActiveDirectory

#Create warning dates for future password expiration
$SevenDayWarnDate = (get-date).adddays(7).ToLongDateString()
$ThreeDayWarnDate = (get-date).adddays(3).ToLongDateString()
$OneDayWarnDate = (get-date).adddays(1).ToLongDateString()

#Email Variables
$MailSender = " Password AutoBot <>"
$Subject = 'FYI - Your account password will expire soon'
$EmailStub1 = 'I am a bot and performed this action automatically. I am here to inform you that the password for'
$EmailStub2 = 'will expire in'
$EmailStub3 = 'days on'
$EmailStub4 = '. Please contact the helpdesk if you need assistance changing your password. DO NOT REPLY TO THIS EMAIL.'
$SMTPServer = 'smtp.itforce.local'

#Find accounts that are enabled and 
Read the rest

How configure ssh_config for windows openssh client, for example for PubkeyAcceptedKeyTypes=+ssh-dss

Since win10 you have openssh ssh.exe in


So to use passwordless ssh connection you maybe need to provide ssh.exe “PubkeyAcceptedKeyTypes=+ssh-dss”

For this you can create ssh_config file anywhere (for example in c:\users\yourname\.ssh near your id_dsa private key file) with only one line:


so now you can:

ssh yourname@ -F "c:\users\yourname\.ssh\ssh_config"

where for example your ssh server, san_switch, HPE virtual connect manager, nimble storage and so on

the same is true for openssh server installed from home site on win2016 server
only ssh.exe file will be in
“C:\Program Files\OpenSSH-Win64” (by default installation)… Read the rest

Use powershell module to automate Nimble storage administration

Install Nimble module for powershell

Install-Module -Name HPENimblePowerShellToolkit -RequiredVersion 3.0.0

Use below script to connect to nimble SAN storage, and create LUN, Access InitiatorGroup and assign the LUN access group

import-module HPENimblePowerShellToolkit
#this section for inputs, what should be changed
$arrayname = "nimble-group02.itforce.local"
$nm_uid = "admin"
$nm_password = ConvertTo-SecureString -String "[your-password]" -AsPlainText -Force
$nm_cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $nm_uid,$nm_password
Connect-NSGroup -group $arrayname -credential $nm_cred -IgnoreServerCertificate

# The following commands are used if creating an FC connection

$description="Initiator Group for ”+$servername
$performancepolicyid=Get-NSPerformancePolicy -name default | select -ExpandProperty id

New-NSInitiatorGroup –name $servername –access_protocol fc –description 
Read the rest

how properly enter into maintenance mode on Exchange2016/2013 DAG

Let’s assume that we have

ex01.itforce.local and ex02.itforce.local Exchange 2016 servers in DAG cluster. We need to install new CU on this cluster without downtime. (assumed that all CAS, smtp protocols are properly loadbalanced). So we need:

  1. at first disable all workloads/switch to maintenance mode on the node ex01,
  2. install CU on ex01,
  3. reboot ex01
  4. exit from maintenance mode on ex01
  5. enter into maintenance mode on ex02
  6. install CU on ex02,
  7. reboot ex02
  8. exit from maintenance mode on ex02
  9. equally spread workload on both nodes again
#goto ex01
#run in elevated mode powershell for exchange

#prepare smtp transport:
Set-ServerComponentState ex01 
Read the rest

How to report all hidden mailboxes with related AD user Enable status

# find all hidden mailboxes for whole AD  and show AD user’s Enabled/Disabled status, plus with location (in what OU)

get-mailbox -resultsize unlimited | where {($_.IsMailboxEnabled -eq "True") -and ($_.HiddenFromAddressListsEnabled -eq "True" )} | select-object name, samaccountname, @{N="ADAccount-Is-Enabled"; E={(get-aduser -Identity $_.samaccountname).enabled}}, PrimarySmtpAddress, IsMailboxEnabled , HiddenFromAddressListsEnabled, OrganizationalUnit| export-csv -path c:\temp\hidden.csv -NoTypeInformation
Read the rest

How in bulk disable “Protect from accidental deletion” in AD

sample, how to untick/disable attiribute “Protect from accidental deletion” in bulk/batch for whole OU

It can be useful to be able to move, delete ADobjects using powershell, ADManager

$searchb02 = "OU=Disabled Users,DC=itforce,DC=local"
Get-ADObject -Filter * -SearchBase $searchb02 |ForEach-Object -Process {Set-ADObject -ProtectedFromAccidentalDeletion $false -Identity $_}
Read the rest