Active Directory Archives - The Lazy Administrator

Easily Enable End Users to Manage Active Directory Users with PowerShell GUI

January 18, 2021 Brad Wyatt Comments 1 comment

Recently I got a request to find a way to let managers or Human Resources the ability to modify basic user attributes in Active Directory. Like anyone else, I presented the idea of using RSAT to let them modify users in ADUC or ADAC. This was not an ideal solution because ADUC can become overwhelming to someone that isn’t technical. They wanted something that was extremely basic, easy to follow and work in without any guidance or instructions, and did not show the user anything else that they could not modify or needed to see.

The decision was made to create a custom program with the pre-requisite of having RSAT installed so we could use the AD modules underneath the hood. We could then control permissions on the Active Directory side.

Improvements from ADUC

Because I built this with a specific audience in mind, I was able to make some … Continue...

Master User Creator [PowerShell GUI Software] v2 Update

April 1, 2019 Brad Wyatt Comments 28 comments

I usually do not post articles on updates to software that I write but there are so many great updates in Master User Creator V2 that I had to make another write up. Master User Creator (MUC) is a piece of software that makes creating Active Directory and/or Office 365 users easier and more efficient. One of the drawbacks of creating a user in Active Directory Users and Computers (ADUC) is that you have to first create the user, and then find the user and edit their attributes, modify group membership, and so on. Master User Creator give you one single interface that allows you to modify membership, permissions, licenses, attributes, and so on. You can create an AD and Office 365 user at a single time as well, even copying your AD User attributes with a single click of a button.

Since publicizing the software, I have gotten many … Continue...

Get a Teams Notification the Moment an Active Directory User gets Locked Out with PowerShell Using Webhooks

December 13, 2018 Brad Wyatt Comments 20 comments

I have been recently using Teams as a central location for my organizations technical notifications instead of email as it provides a way for an entire Help Desk team to openly collaborate on the message and its contents. I recently got a request to get a Teams notification when a user gets locked out of their Active Directory account. By setting up a Webhook connector we can make it happen. The script will be triggered from Task Scheduler on Event ID 4740 which is created when a user gets locked out. By using “Search-ADAccount -LockedOut” we can return an array of locked out accounts, but by ordering it by lockout time we can ensure that we grab the most recent locked out user that corresponds to the security event.

I set the script and scheduled task up on my PDC because as far as I know, the actual lockout event … Continue...

Create an Interactive Active Directory HTML Report With PowerShell

December 4, 2018 Brad Wyatt Comments 30 comments

I have covered the PowerShell module, “ReportHTML” in a previous article (Create an Interactive HTML Report for Office 365 with PowerShell) where I used it to generate Office 365 tenant reports. The module takes a little bit to learn the syntax and formatting but it’s great if you are not familiar with CSS/HTML as it does most of the heavy lifting for you. I like to generate reports using HTML because the data can be interacted with. You can filter your tables, search for items, change the ordering of the table, and also gather your data in bar and pie graphs.

My end goal was to create an Active Directory overview report using PowerShell. I looked into PSWinDocumentation but ultimately I wanted the report be interactive. I was looking for basic Active Directory items like Groups, Users, Group Types, Group Policy, etc, but I also wanted items like … Continue...

Sync Office 365 / AzureAD down to ADDS

November 21, 2018 Brad Wyatt Comments 7 comments

I recently found myself needing to build out an on premise Active Directory environment and populate it from objects found in Office 365 (AzureAD). The local Active Directory would then be configured as the identity source and would sync up to AzureAD using Azure AD Connect. Unfortunately, Azure AD Connect is currently a one way sync from your on premise Active Directory Domain Services environment to AzureAD and wont sync objects down. AADConnect does have the ability to match our AzureAD objects to their corresponding Active Directory objects but, if an attribute like City, Phone Number, Department, Title, etc. is present in your existing AzureAD and not in ADDS, the attribute may remain in AzureAD but not replicate down to ADDS. So we will want to copy over as many attributes from AzureAD to our local Active Directory as possible in preparation for the Azure AD Connect sync. We will … Continue...

[Tool] Create and Configure Active Directory and Office 365 Users at Once.

July 11, 2018 Brad Wyatt Comments 58 comments

One of the things IT Administrators look to automate first is the new user creation process. I recently was going through the process of creating a new hires Active Directory login, Office 365 mailbox, and their Office 365 user account, and I wondered how I could make the process easier and quicker.

My focus was geared towards Managed Service Providers (MSP’s), Human Resource (HR) departments and general Help Desk Technicians. For MSP’s I wanted to create a tool that they could easily use across all of their clients because they may not spend the time to automate new user creations because they have hundreds, if not thousands of clients to tend to, and each client is unique so you can’t just copy the same automation script from one client to another. This would also be a huge asset for Help Desk technicians because they are more often than not the … Continue...

Email Users If Their Active Directory Password is set to Expire Soon

March 28, 2018 Brad Wyatt Comments 39 comments

In this article I will show you how PowerShell can automatically send an e-mail notification to end users when their Active Directory password is set to expire soon. I looked over several other similar scripts on TechNet but ended up writing one from scratch to incorporate several features I needed, as well as improve on the overall script flow.

Some of the requirements I needed to meet were as follows:

Get users email addresses from the Email Address value in Active Directory, if it’s empty look at the default address in the proxyaddresses attribute
Send E-mail to users with passwords that were expiring in 7 days or less
Include directions users can follow to reset their Active Directory password
Send E-mail with high priority
Get E-mail notification if sent or failed
Store the credential in a Cred object so it’s secure
Advanced logging on the script for troubleshooting
Send E-mail

… Continue...

The Lazy Administrator

Finding ways to do the most work with the least effort possible

Category: Active Directory