Tag: Active Directory
-
PowerShell: “Some or all identity references could not be translated”
For a whole host of reasons we use scripts to create access controlled file shares, and to create the Active Directory groups that control access to them. Not only is it easier than doing it manually, it also ensures that the group is created in the correct place, that permissions are set correctly, and that…
-
Free text search in ADUC
A critical component to successfully closing a lot of the tickets I handle at work is the ability to search for – and find – Active Directory User, Computer, and Group objects. In about eight of ten instances, I’m able to do so using the standard search types (searching for Users, Contacts, and Groups or…
-
A better way of finding users’ group memberships
More than six years ago, I wrote a post, detailing how I could identify users’ Active Directory group memberships. While the method I detailed certainly works, it isn’t as simple as it might have been. Having recently found myself needing to perform that very same task again, I decided to revisit this topic, to show…
-
Finding all groups without a manager in a specific OU in AD
Last week, I showed you how you can easily find the OU to use when looking for the members of a specific OU. Today, I’d like to show you how I use that information. The background was that we use AD groups to control access to network shares. In order for IT support to know…
-
Finding the full OU path of an AD OU
Using PowerShell, I was building a script to identify a subset of the groups in a given organizational unit (OU). As you may know, these are built up of subsections with the prefixes CN (common name) and DC (Domain Component). In order to have the script run successfully, you need to specify the OU using…
-
AD: Inspecting object attributes
A little while ago, I was asked about when a specific user last logged in with their active directory (AD) user account. While looking up that information was easily done, finding out how to look up the information was a mite more challenging. There are a number of ways of achieving it; including command line…
-
Building a script to find all members of a given group
Some time ago, I was asked to provide a list of everyone with access to a specific system. After communicating with the client, it transpired that they were particularly interested in knowing who were the members of a set of Active Directory groups. While this can be done manually, I wanted to try my hand…
-
Exporting AD group members’ display name
Five years ago, I showed you how to export a list of members of an Active Directory group, using a command line query. One issue I’ve run into using this query, is that I get their user name, not their actual name, which tends to make the resulting list hard to parse. As I had…
-
Powershell: Exporting Active Directory Contacts
Some time ago, I needed to have a list of all Contacts registered in Active Directory. Knowing that there are a lot of them (numbering at least eighty), getting the data manually was not a viable alternative, particularly knowing that the same objective can be achieved through Powershell. I eventually came up with a solution.…
-
AD Group member does not show up in Exchange address book
A couple of months ago, a customer sent us a ticket, complaining that a mail group was incomplete. Specifically, his manager was not listed among the recipients. The mail group in question contained all managers, and membership was gained through dedicated active directory (AD) organisational units (OUs), one for the manager of each business unit…
-
Active Directory: Accessing the Attribute Editor
A month or so ago, I was asked to find a specific attribute (objectGUID, in case you wondered) of a group in Active Directory, for use in some third-party system. Thinking that this would be easily accomplished, I opened my Active Directory Users and Computers-window, and found the group in question. I opened the properties,…