COMMAND LINE
Find/Delete hidden and system files
dir /s /q /f /a:h Thumbs.db
del /s /q /f /a:h Thumbs.db
List all Files (also in subdirectories) with Hidden Attribute dir /S /A:h
List all Files (also in subdirectories) with System Attribute dir /S /A:s
Delete all ** files : del /s /q /f /a:h desktop.ini or del /s /q /f /a:h thumbs.db
Robocopy command
Robocopy Source Target / R:0 /W:0 /MIR
Serial Number
wmic bios get serialnumber
wmic csproduct get name
POWERSHELL – ACTIVE DIRECTORY
Importing cmdlets
get-module ActiveDirectory
Login Details for Computers and Users
List all Logon Dates for Computers
Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate, Enabled -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt
List all Logon Dates for Users – ( Save in DELL folder) change as appropriate.
get-aduser -f * -pr lastlogondate|sort -property lastlogondate|ft samaccountname,lastlogondate -auto | Out-File C:\dell\ComputerLastLogonDate.txt
Login Details for Computers and Users
List all Logon Dates for Computers
Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate, Enabled -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt
List all Logon Dates for Users – ( Save in DELL folder) change as appropriate.
get-aduser -f * -pr lastlogondate|sort -property lastlogondate|ft samaccountname,lastlogondate -auto | Out-File C:\dell\ComputerLastLogonDate.txt
List all Groups and the Membership in AD
#// Start of script #// Get year and month for csv export file $DateTime = Get-Date -f "yyyy-MM" #// Set CSV file name $CSVFile = "C:\AD_Groups"+$DateTime+".csv" #// Create emy array for CSV data $CSVOutput = @() #// Get all AD groups in the domain $ADGroups = Get-ADGroup -Filter * #// Set progress bar variables $i=0 $tot = $ADGroups.count foreach ($ADGroup in $ADGroups) { #// Set up progress bar $i++ $status = "{0:N0}" -f ($i / $tot * 100) Write-Progress -Activity "Exporting AD Groups" -status "Processing Group $i of $tot : $status% Completed" -PercentComplete ($i / $tot * 100) #// Ensure Members variable is empty $Members = "" #// Get group members which are also groups and add to string $MembersArr = Get-ADGroup -filter {Name -eq $ADGroup.Name} | Get-ADGroupMember | select Name if ($MembersArr) { foreach ($Member in $MembersArr) { $Members = $Members + "," + $Member.Name } $Members = $Members.Substring(1,($Members.Length) -1) } #// Set up hash table and add values $HashTab = $NULL $HashTab = [ordered]@{ "Name" = $ADGroup.Name "Category" = $ADGroup.GroupCategory "Scope" = $ADGroup.GroupScope "Members" = $Members } #// Add hash table to CSV data array $CSVOutput += New-Object PSObject -Property $HashTab } #// Export to CSV files $CSVOutput | Sort-Object Name | Export-Csv $CSVFile -NoTypeInformation #// End of script
List all Groups and the Membership in AD (exclude disabled accounts)
#// Start of script
#// Get year and month for csv export file
$DateTime = Get-Date -f "yyyy-MM"#// Set CSV file name
$CSVFile = "C:\AD_Groups_no_disabled_accounts"+$DateTime+".csv"#// Create emy array for CSV data
$CSVOutput = @()#// Get all AD groups in the domain
$ADGroups = Get-ADGroup -Filter *#// Set progress bar variables
$i=0
$tot = $ADGroups.countforeach ($ADGroup in $ADGroups) {
#// Set up progress bar
$i++
$status = "{0:N0}" -f ($i / $tot * 100)
Write-Progress -Activity "Exporting AD Groups" -status "Processing Group $i of $tot : $status% Completed" -PercentComplete ($i / $tot * 100)#// Ensure Members variable is empty
$Members = ""#// Get group members which are also groups and add to string
$MembersArr = Get-ADGroup -filter {Name -eq $ADGroup.Name} | Get-ADGroupMember | select Name, objectClass, distinguishedName
if ($MembersArr) {
foreach ($Member in $MembersArr) {
if ($Member.objectClass -eq "user") {
$MemDN = $Member.distinguishedName
$UserObj = Get-ADUser -filter {DistinguishedName -eq $MemDN}
if ($UserObj.Enabled -eq $False) {
continue
}
}
$Members = $Members + "," + $Member.Name
}
#// Check for members to avoid error for empty groups
if ($Members) {
$Members = $Members.Substring(1,($Members.Length) -1)
}
}#// Set up hash table and add values
$HashTab = $NULL
$HashTab = [ordered]@{
"Name" = $ADGroup.Name
"Category" = $ADGroup.GroupCategory
"Scope" = $ADGroup.GroupScope
"Members" = $Members
}#// Add hash table to CSV data array
$CSVOutput += New-Object PSObject -Property $HashTab
}#// Export to CSV files
$CSVOutput | Sort-Object Name | Export-Csv $CSVFile -NoTypeInformation#// End of script
Extract All users, Last logon and Department from AD
Get-ADUser -Filter * -Properties * | Select-Object name, lastlogondate, department | export-csv -path c:\temp\userexport.csv
Another Group Membership Extract Script
$Groups = Get-ADGroup -Properties * -Filter {GroupCategory -eq “Security”} -SearchBase “OU=CML_File_Security_Groups,DC=mountain,DC=cairngormmountain,DC=com”
Foreach($G In $Groups)
{
“+++++++++++++++++++++++” | Out-File c:\test\Report.txt -encoding ASCII -append
$G.Name | Out-File c:\test\Report.txt -encoding ASCII -append
“———————–” | Out-File c:\test\Report.txt -encoding ASCII -append
” ” + $G.Members | Out-File c:\test\Report.txt -Encoding ASCII -append
” ” | Out-File c:\test\Report.txt -Encoding ASCII -append
}
Extract Computers and operating system
Get-ADComputer -Filter ‘operatingsystem -notlike “*server*” -and enabled -eq “true”‘ `
-Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
Sort-Object -Property Operatingsystem |
Select-Object -Property Name,Operatingsystem,OperatingSystemVersion
List folder access
$OutFile = “C:\Temp\permissions.csv“
$Header = “Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags”
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = “\\fs1\shared”
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + “,” + $ACL.IdentityReference + “,” + $ACL.AccessControlType + “,” + $ACL.IsInherited + “,” + $ACL.InheritanceFlags + “,” + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}}
POWERSHELL – 365 Exchange
Set Execution Policy
Set-ExecutionPolicy Unrestricted
Importing Modules for AD
See Download: https://www.microsoft.com/en-us/download/details.aspx?id=45520 (Remote Server Administration Tools for Windows 10 )
Print out full list of modules to txt file
Get-Command|Select-Object CommandType, Name, Version, Source |out-file e:\andy\commands.txt
Export “GET” only
Get-Command -Verb Get | Select-Object CommandType, Name, Version, Source
Connect to Office 365
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Disconnect from Office 365
Remove-PSSession $Session
Change Login for user with DIRSYNC
- $msolcred = get-credential
connect-msolservice -credential $msolcred
Set-MsolUserPrincipalName -UserPrincipalName shona.macgillivray@parklandsgroup.onmicrosoft.com -NewUserPrincipalName shona.macgillivray@parklandsgroup.com
Calendar Permissions - Office 365
remove-mailboxfolderpermission -identity dave.thomas@highwater.co.uk:\calendar -user jeff.gray@highwater.co.uk
ADD Calendar permissions
add-mailboxfolderpermission -identity dave.thomas@highwater.co.uk:\calendar -user jeff.gray@highwater.co.uk
REMOVE ALL Mailbox Permissions
Remove-MailboxPermission -Identity dave.thomas@highwater.co.uk -User jeff.gray@highwater.co.uk -AccessRights FullAccess -InheritanceType All
Change Email Address without changing login
Set-Mailbox john.gell@simplylet.biz -WindowsEmailAddress john@cruachan-gell.co.uk
365 Mailbox Permissions
Get Permissions of Mailbox
Get-MailboxPermission -Identity lee.thomson@daviotgroup.com | Format-List
Add Mailbox permissions – Full Access
Add-MailboxPermission hr@daviotgroup.com -User claire.barnett -AccessRights FullAccess
Mailbox permissions – send as
Add-RecipientPermission hr@daviotgroup.com -AccessRights SendAs -Trustee claire.barnett
What mailboxes a user can access
Get-Mailbox | Get-MailboxPermission -User Claire.barnett@daviotgroup.com
To Remove Mailbox Permissions:
Remove-MailboxPermission -Identity karina.cooper@daviotgroup.com -User Claire.barnett@daviotgroup.com -AccessRights FullAccess
To Remove Mailbox Permissions for ALL USERS from individual:
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq ‘UserMailbox’) -and (Alias -ne ‘Admin’)} | Add-MailboxPermission -User AdministratorAccount@contoso.com -AccessRights fullaccess -InheritanceType all
_________________________________________________________
AUTOMAPPING
Remove Automapping ** you need to remove full access permissions and then re-apply
*1st Mailbox is the Mailbox you are applying permissions TO
** 2nd Mailbox is the User who gets the permission
To Add the Permissions back in with No AutoMapping
Add-MailboxPermission -Identity michael.ross@daviotgroup.com -User paul.adams@daviotgroup.com -AccessRights FullAccess -AutoMapping:$false
To Add the Permissions back in WITH AutoMapping
Add-MailboxPermission -Identity karina.cooper@daviotgroup.com -User Claire.barnett@daviotgroup.com -AccessRights FullAccess -AutoMapping:$true
To Add the Permissions back in with No AutoMapping – for ALL Users to an individual
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq ‘UserMailbox’) -and (Alias
-ne ‘Admin’)} | Add-MailboxPermission -User paul.adams@daviotgroup.com -AccessRights fullaccess -InheritanceType all -AutoMapping:$false
Disable Clutter for All USers
Get-Mailbox -ResultSize Unlimited | Set-Clutter -Enable $False
Winmail.dat Issue (when emails are delivered as winmail.dat to Apple devices
Set-RemoteDomain Default -TNEFEnabled $false
Hacks
Outlook shared mailbox fix sent items
-
HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\Preferences
Note The x.0 placeholder represents your version of Office (16.0 = Office 2016, 15.0 = Office 2013, 14.0 = Office 2010).
- On the Edit menu, point to New, and then click DWORD Value.
- Type DelegateSentItemsStyle, and then press Enter.
- Right-click DelegateSentItemsStyle, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Exit Registry Editor.