PowerShell: Export Active Directory Group Members

To accomplish this we can use PowerShell.

In this tutorial, I will walk through the steps for exporting group members to a csv file.

Let’s get started.

Step 1: Load the Active Directory Module

To connect and query an AD group with PowerShell the Active Directory module needs to be loaded.

The Active Directory module can be installed with the following methods:

• Having RSAT tools installed
• Windows Server 208 R2 and above with the AD DS or AD LDS server roles

You can run the following command to see if you have installed

Get-Module -Listavailable

Continue reading “PowerShell: Export Active Directory Group Members” →

How to check Active Directory user account created date

Here’s the PowerShell command:

Get-ADUser <UserName> -Properties whenCreated | Format-List Name,whenCreated

or 
Get-ADUser -Filter * -Properties * | Select Name, whenCreated, whenChanged, LastlogonDate

 

In the Active Directory 

Go to account properties > Attribute Editor > check for “whenCreated” attribute.

How to Get AD Users Password Expiration Date

In this guide, I’ll show you how to get the password expiration date for Active Directory User Accounts.

This is very easy to do.

I will provide a few examples that go over how to get this information for a single user and how to get the expiration date for all AD users.

Check it out.

Method 1: Using Net User command to Display User Expiration Date

This first method uses the net user command that is built into windows. This command is used to add, remove and make changes to user and computer accounts.

To determine when the password will expire for a single account open the command prompt and type the following command:

Net user USERNAME /domain

In the below screenshot is an example for the user mfoster.

In addition to displaying the password expires date it also provides other useful information such as password last set, when the password can be changed, if the account is active and so on.

That is it for method 1.

Continue reading “How to Get AD Users Password Expiration Date” →

Simple Guide : How to Rename Domain Name in Windows Server 2012?

For Server Admin who familiar with Windows Server 2000 & 2003, you may be still remember about RENDOM utility, which is this use to rename Windows 2000 @ 2003 domain name and have to install manually.

But in Windows Server 2012 domain you don’t have to separately install “Rendom” utility.

It gets installed as part of “Active Directory Domain Services” role when you promote a server to the DC role. And It can be found here: %windir%\system32\rendom.exe.

For this time Simple Guide, I will show you all how to rename domain name in Windows Server 2012, the process is straightforward.. but as usual.. backup any necessary information @ Server before you proceed & I always advise especially to my students, please do this exercises in LAB Environment (Hyper-V).  Don’t simply take any risk by doing this is a production environment unless you have to!!.

For this exercises, I’m using MCT courseware from 20410B (Installing and Configuring Windows Server 2012).

The existing domain is ADATUM.COM and I will rename it to CPX.LOCAL.

So, let get started…

1 – Open your System Properties and check your existing domain name, if you see from my Windows Server 2012 system properties, my existing domain name is Adatum.com. This will be changed to cpx.local in the short while.

Continue reading “Simple Guide : How to Rename Domain Name in Windows Server 2012?” →

Simple Guide : How to Rename Server 2012 AD Host Name?

1 – Here what I have is a Server 2012 call LON-DC1.adatum.com, and i going to rename it to MIZI01.cpx.local.. this Windows Server 2012 previous domain name was adatum.com and if you want to know how to change domain name, please refer to my last post here

https://gayanstechblog.wordpress.com/2018/08/14/simple-guide-how-to-rename-domain-name-in-windows-server-2012/

 

2 – Next, open CMD.. and this is the SYNTAX : netdom computername <currentDC FQDN> /add:<newDCName FQDN> 

— so in your cmd, type netdom computername LON-DC1.adatum.com /add:MIZI01.cpx.local

Continue reading “Simple Guide : How to Rename Server 2012 AD Host Name?” →

Transferring the FSMO Roles via Ntdsutil

To transfer the FSMO roles from the Ntdsutil command:
Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.

C:\>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server XYZ
Binding to XYZ …
Connected to XYZ using credentials of locally logged on user.
server connections: quit
fsmo maintenance: transfer schema master
fsmo maintenance: transfer domain naming master
fsmo maintenance: transfer rid master
fsmo maintenance: transfer infrastructure master
fsmo maintenance: transfer pdc

use the following command to check the status.

netdom query fsmo

How to: Make Secondary Domain Controller the Primary, when primary fails.

This will help you change your secondary domain controller to primary when your primary fails.

 

Step 1: one

Open CMD on the secondary domain, at prompt type Ntdsutil and press enter.

Example: C:\windows>ntdsutil
ntdsutil:

Step 2: Two

Once complete type: roles and press enter.
you will see-
fsmo maintenance:

Step 3: Three

Then type: connections and press enter.
you will see-
server connections:

Now type the name of the secondary server you are trying to make primary.
Example-
server connections: connect to myserver 
it will say connected using local user.

 

Step 4: Four

Next step type q.
server connections: q

Now we are going to seize the FSMO.
type:
seize domain naming master 
seize PDC 
seize RID master 
seize schema master

Step 5: Five

from start—> click run and enter dsa.msc

right click the domain that shows and select Operations Master.

From here promote your domain.

Continue reading “How to: Make Secondary Domain Controller the Primary, when primary fails.” →