PowerShell Set-ADAccountPassword -WhatIf bug

Today (2017 March) I unfortunately learned of the -WhatIf bug for the PowerShell Active Directory cmdlet Set-ADAccountPassword. About -WhatIf “-WhatIf” is a common PowerShell System State parameter that is supposed to “Explain what will happen if the command is executed, without actually executing the command.(Boolean ) -whatif:$false or -whatif:$true.” I use it all of the …

Use PowerShell to require users with the oldest passwords to change their passwords

This PowerShell script will help you find the Active Directory users who have gone the longest without changing their password, and then require them to change their password the next time they logon to a domain resource. Consider this a password policy on a bell curve that targets those users who have the oldest Password …

Using PowerShell to disable and move user and computer accounts

Here are two PowerShell scripts that I wrote and use to disable old Active Directory user or computer accounts. Typically I use the Microsoft Assessment and Planning Toolkit to have it identify “Days Since Last Activity” for both Active Directory Users and Devices. I then copy the list of Users or Devices I wish to …

Using Active Directory PowerShell to Manage Groups and Members

I’m making an effort to teach myself PowerShell when the opportunity arises. Next week I will be reorganizing several VMware View desktop pools and the Active Directory Security Groups that are tied to them. Since I’ll be moving large groups of users around, I taught myself a few PowerShell one liners that should help. Table …

Raising the domain functional level makes me nervous

One of the projects I have been working on recently at work has been to replace all of our Windows 2003 domain controllers with Windows 2008 R2 domain controllers. So far, the project has gone rather well and I’m just a few steps away from being done. There’s one step, however, that I have been …