Archive for the 'AD cmdlets' Category

Download Links for PowerGUI and QAD cmdlets

powergui logoWith Dell’s acquisition of Quest and all the IT reorganization that followed, it is actually not that easy to find these two popular free PowerShell tools any longer. So here are the links that work today (January 30, 2015):

PowerGUI

The download is freely available from Dell’s PowerGUI community.

The community itself also got moved from http://powergui.org to http://en.community.dell.com/techcenter/powergui.

Dell Software is still maintaining the product – as I am writing this the latest version is 3.8 released in April 2014.

UPDATE: Looks like Dell took the community site down but direct download link http://community-downloads.quest.com/powergui/Release/3.8/PowerGUI.3.8.0.129.msi still works.

Quest / QAD cmdlets

This one is a little more tricky to find: https://software.dell.com/register/71110

If this link for some reason changes, all Dell’s freeware and trial links can be found in this catalog: http://software.dell.com/trials/

UPDATE: Looks like this got hidden even further. Not sure where it can be found now. This site seems to have copied and made them available for download though: http://www.powershelladmin.com/wiki/Quest_ActiveRoles_Management_Shell_Download

Happy PowerShelling!

Advertisements

Freeing up memory in PowerShell using garbage collector

Just got this great tip from Lars on how he reduces memory consumption in his AD PowerShell scripts with a simple garbage collection call (basically explicitly telling .NET behind PowerShell to recycle the objects no longer in use):

Using Quest AD tools I often run in to memory consumption problems. I thought it was a question of memoryleaks, but its not, its the Garbage collection that doesn’t get collection until its to late.
So i’m using this when I use Quests AD Management Cmdlets in PowerShell, where $i is a simple counter

if (($i % 200) -eq 0)
{
[System.GC]::Collect()
}

Hope that helps!

PowerGUI and AD cmdlets usergroup at Deep Dive?

If you are planning to attend European TEC 2011 PowerShell Deep Dive in Frankfurt October 17-18 2011, I have a question for you: would you like to stay half a day longer and have a usergroup for PowerGUI and QAD cmdlets in the morning of Oct 19th -or in the afternoon of Sunday, Oct 16th?

We could discuss the features and roadmap, share our experience with the tools, and so on.

Let me know if you are interested – if there’s enough people wanting to do that I can work with the organizers to get us the room, etc.

Group Membership Unions and Intersections

A friend of mine recently asked for one-liners for Active Directory group membership union and intersection.

These are the one-liners which I sent him:

Group Union – users present in either of the groups (he needed a list of DNs of direct members of two groups):

(Get-QADGroupMember GroupA –Type user) + (Get-QADGroupMember GroupB –Type user) | 
 Select-ExpandProperty DN
 Sort | Select-Unique

Group Intersection – users present in both groups at the same time:

Compare-Object (Get-QADGroupMember GroupA –Type user) `
 (Get-QADGroupMember GroupB –Type user) `
 -ExcludeDifferent -IncludeEqual | Select-ExpandProperty InputObject

You can obviously tweak them to add indirect users (with -indirect parameter) or enabled only (-enabled), etc. – see Get-QADGroupMember help for all options.

I am pretty sure that there are multiple ways to skin these cats – so if you have better alternatives – please post these in the comments.

Show your support: Vote for AD cmdlets, PowerShell, and PowerGUI

If Get-QADUser (or any other QAD cmdlet) or PowerGUI ever saved your day – now is a good time to show your love and spread the news. 🙂

Windows IT Pro magazine put us in their community award finals. So if you want to show your support:

1. Simply go to the award voting page,

2. For the first nomination, Best Active Directory & Group Policy Product, pick Quest Software ActiveRoles Management Shell for Active Directory (who would have thought that the official name was so long):

3. And obviously leave them a note in the Give us a killer quote about your winner! box.

4. Also, believe it or not 17. Best Microsoft Product has PowerShell as one of the options.

5. 21. Best Scripting Tool has Quest Software PowerGUI:

6. And obviously feel free to either ignore all other categories or cast your vote there as well.

Cast your vote now – before the contest is over.

Clean up expired certificates from AD

Security MVP Vadims Podans just did a great post on using PowerShell to remove expired user certificates from Active Directory.

In a nutshell,

  • If your company is using certificates for user authentication or encryption, these expire every now and then,
  • Your Enterprise CA in that case appends new certificates to users’ userCertificate attribute, while leaving expired certs there as well,
  • Over time these increasingly clutter your AD, making administration more difficult and negatively affecting AD replication traffic.

Luckily, cleaning up expired certificates with PowerShell is extremely easy.

To do the clean-up for a specific user you can run this one-liner:

Get-QADUser username | Remove-QADCertificate -Valid:$false

To clean-up the entire domain, just do:

Get-QADUser | Remove-QADCertificate -Valid:$false

See Vadim’s original post for details.

Read more about PKI management with PowerShell here.

Find everyone rolling up to me

Yesterday someone asked me to help create a distribution list for everyone reporting to a particular manager (directly or indirectly). Needless to say, that PowerShell makes getting a list of such user accounts a piece of cake!

Here’s the quick script (using AD cmdlets) which I emailed back:

function Get-QADIndirectReport {
param ($Identity)
  # Find all direct reports
  Get-QADUser -Manager $Identity | ForEach-Object {
      # Output direct report
    $_ 
    # Then recursively call this function for all
    # reports of this report
    Get-QADIndirectReport -Identity $_
  }

}

# usage example
Get-QADIndirectReport 'Dmitry Sotnikov'

Basically, AD cmdlets natively can retrieve all direct reports, and I have created a function which keeps going deeper level-by-level getting everyone reporting indirectly as well.

You can then take this a few steps further. For example, say, you want to get a list of users you could then just copy/paste into Outlook. Simply select the Email property from the user objects and ask PowerShell to put semicolon between the addresses:

# get a list of addresses for an email message
(Get-QADIndirectReport 'Dmitry Sotnikov' | 
  Select-Object -ExpandProperty Email) -join '; '

Or you could indeed use the list to populate a group:

# add everyone to a group
Get-QADIndirectReport 'Dmitry Sotnikov' |
  Add-QADGroupMember DmitrysReports

Or you could further restrict the list by City, Department and so on by simply tweaking Get-QADUser parameters in the code above. PowerShell is super-flexible!


My Recent Tweets

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

October 2017
M T W T F S S
« Aug    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

%d bloggers like this: