Disclaimer

You will not hold me responsible for any inconvenience, incompatibility, damage, or lack of satisfaction that you experience by undertaking any or all of the steps mentioned in this blog.

Although I have a positive personal experience with everything I have written here, I cannot guarantee the same results for you, whether due to inadvertent actions, hardware,software, or any other issues.

I shall not be liable in any event of any damages, incidental or consequential in connection with or arising out of the advice, scripts or suggestions provided by me.

Only use the scripts that you find online once you fully understand what they are doing and if you have questions or want advice please contact me and I will try and help. Any advice provided will be bound by the same terms above.

GUI: LAPS Password Recovery Tool

The below LAPS Password Recovery Tool For Deleted Objects and those still in AD is created to allow you also recover the Microsoft LAPS administrator password of objects that have been deleted but that are still within the tombstone period of your Active Directory Forest.

This is the only advantage over Microsofts own GUI but is useful if you were to delete lots of machines from Active Directory and subsequently need to get in to it without restoring the object.

It will need to be run as an account that has permissions to ready the ms-Mcs-AdmPwd property and requires the Active Directory PowerShell module to be available (RSAT)

Function: Internet Radio Control – Frontier Silicon

The below uses the PowerShell invoke web request cmdlet to control a Roberts Internet Radio using the Frontier Silicon API. I have tied this in with my home automation to turn the radio on and off as feedback what is playing.

Auditing: Report and Disable Inactive AD User Accounts

The below can be run as a scheduled task to detect and disable accounts that have not been used for a specified amount of days or for accounts which have never been used.

Report outputs to a CSV and is displayed as follows:

Auditing: Reset Passwords That Expire Today

The below can be run as a scheduled task to detect Active Directory User accounts that have passwords that expire today. Any objects where the password is due to expire today will automatically have the “Change password at next logon” ticked meaning that they wont suddenly lose connection to things such as mapped drives at the original expiry time.

Credit to Andrew Lyonette for turning my “Why dont you solve it like this” in to the script below.
https://www.linkedin.com/in/andylyonette/

Auditing: Report and Disable Inactive AD Computer Accounts

The below can be run as a scheduled task to detect and disable accounts that have not been used for a specified amount of days or for accounts which have never been used.

Report outputs to a CSV and is displayed as follows:

Auditing: Audit AD Groups

This script will perform AD group member auditing by fetching all AD Groups and their members and then email the owner of that group a list to be checked to ensure they are still correct.

It utalises the Description field for the group name e.g Sales File Share or Sales Distribution Group and the MangedBy property to then fetch the owners name and email address from the Mail field of the user.

For any group that does not have a ManagedBy user a separate email will be sent to an address of your choosing stating that there is no owner and to check the members and find an appropriate owner.

Function: Get AD User Password Expiry Date/Time

This is a PowerShell Function written to obtain a users password expiry date and time in a friendly format. It allows you to search using a username, first name or surname. This may be useful on a helpdesk to ascertain if the issue a user is experiencing is due to password expiry.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GUI: System Information Collector

WMI System Information Collector uses WMI to obtain a variety of system information where it may not be possible to use WINRM and CIM.

This tool may be used on helpdesks to provide some immediate triage as the call is logged in ticketing system. Any suggestions are welcomed.

Download:

WMI-PCInfo

GUI: Password Generator

A simple password generator to get away from people using CompanyNameYear formats and variations of Password – This is by no means meant to be a super secure way of generating passwords and I am aware of the inherent risks of using get random. This is simply a way to generate a password for an end user that will be awkward enough that they change it immediately whilst getting away from people setting password2017! and similar.

Download Here:

PasswordGenerator

Prerequisites:

.NET 4.5
WMF 5.1