Skip to main content

Posts

Showing posts from February, 2012

Get the number of days that a local account password has been changed.

This method utilizes PowerShell to discover the number of days since a local account password has been changed.  For this process, we are going to take a look at the local Administrator account. First, open PowerShell. $admin = [ADSI]"WinNT://./Administrator,user" This collected the Administrator object and placed it in a variable called $admin $Admin.PSBase.Properties This will list some of the properties of this account. The PasswordAge property reports the password age in seconds.  To convert this to days, we will need to divid it by 86400 (60 seconds in a minute  X  60 minutes in an hour X 24 hours in a day). ($Admin.PasswordAge.Value)/86400 436.432361111111 First the command evaluates the content in the parenthesis. This will be the value of the PasswordAge property as an integer value. Then we divide by 86400 seconds to get the result in days.

Phonetic attributes in Active Directory

Sometimes you come across a user account or maybe a resource that is named in a way that is not common to your native language.  When users search for this resource they may have some difficulty.  In Active Directory there is now several phonetic attributes to help your users out. ms-DS-Phonetic-First-Name Contains the phonetic given name or first name of the person. ms-DS-Phonetic-Last-Name Contains the phonetic last name of the person. ms-DS-Phonetic-Department Contains the phonetic department name where the person works. ms-DS-Phonetic-Company-Name Contains the phonetic company name where the person works. ms-DS-Phonetic-Display-Name The phonetic display name of an object. In the absence of a phonetic display name the existing display name is used.   To test this I manually populated the ms-DS-Phonetic-First-Name attribute with Bbrraadd for the user named Brad.  In Active Directory Users and computers, I did a search for the name Bbrr .  It returned the correct users. I test

Expire and Un-Expire User Accounts with PowerShell

In class we had a project that required us to read in a text file that started with a users email address and then was followed by dates on the same line.  The data file appeared as below JDoe@contoso.com,1/12/2012,1/13/2012,1/14,2012 JaneD@contoso.com,2/3/2012,3/4/2012 The requirement was for this script to run every morning and expire any accounts who had a date that matched the current date.  Also, any accounts who’s expiration date was the previous day needed to be un-expired.  Below is the code to do it.   <# Function : Test - File Verifies that a file exists . Returns True is the file is present . #> Function Test-File { param ( $FilePath , $FileName ) $TestPath = $FilePath + "\" + $FileName $FileReady = Test-Path -path $TestPath Write-output $FileReady } #End: Test File <# . SYNOPSIS Confirms if a module is available . . DESCRIPTION Confirms if the provided parameter is available on the local client . .

How to extract the file permissions of every file and folder, and subfolder, inside of a share.

The objective of this one liner is to allow you to enumerate all the shares on a client. Then recurse through the files and folders to get the NTFS permissions on each. Get-WmiObject Win32_Share | Select-Object – Property Path | Get-ChildItem – recurse | get-acl To get only directorys: Get-WmiObject Win32_Share | Select-Object – Property Path | Get-ChildItem – recurse | Where-Object { $_ . mode – match “ d ” } | get-acl To only get information on files: Get-WmiObject Win32_Share | Select-Object – Property Path | Get-ChildItem – recurse | Where-Object { $_ . mode – notmatch “ d ” } | get-acl

Case Sensitive PowerShell–Contains Comparison Operator

In PowerShell, you can test to see if a variable or array contains a specific piece of data.  Take the following example: $Arr1 = "PowerShell" , "Rocks" , "The" , "Windows" , "World" If I was interested in knows if this array contained the string “rocks”, I would execute this command: $Arr1 -contains "rocks" The response would be True .  Notice that in the array, the data is spelled with a capitol letter.  The query used a lower case letter.  PowerShell has a case sensitive contains operator called ccontains.  When the same query is executed, but this time with ccontains , the answer returned is False .  If the query was changed to $Arr1 -ccontains "Rocks" Then the response would be True