SetPermswithCACLS.ps1
 |
#SetPermsWithCACLS.ps1
# CACLS rights are usually
# F = FullControl
# C = Change
# R = Readonly
# W = Write
$StartingDir=Read-Host " What directory do you want to start at?"
$Right=Read-Host " What CALCS right do you want to grant? Valid choices
are F, C, R or W"
Switch ($Right) {
"F" {$Null}
"C" {$Null}
"R" {$Null}
"W" {$Null}
default {
Write-Host -foregroundcolor "Red" `
`n $Right.ToUpper() "is an invalid choice. Please Try again."`n
exit
}
}
$Principal=Read-Host " What security principal do you want to grant" `
"CACLS right"$Right.ToUpper()"to?" `n `
"Use format domain/username or domain/group"
$Verify=Read-Host `n "You are about to change permissions on all" `
"files starting at"$StartingDir.ToUpper() `n "for security"`
"principal"$Principal.ToUpper() `
"with new right of"$Right.ToUpper()"."`n `
"Do you want to continue ? [Y,N]"
if ($Verify -eq "Y") {
foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
#display filename and old permissions
write-Host -foregroundcolor Yellow $file.FullName
#uncomment if you want to see old permissions
#CACLS $file.FullName
#ADD new permission with CACLS
CACLS $file.FullName /E /P "${Principal}:${Right}" >$NULL
#display new permissions
Write-Host -foregroundcolor Green "New Permissions"
CACLS $file.FullName
}
}
|
GetLDAPUsers.ps1
#GetLDAPUsers.ps1
$user=read-host "What user credentials do you want to use for" `
"authentication to the" `n `
"domain controller? Use format domain/username."
$cred=get-credential $user
$server=read-host "What domain controller do you want to connect to?"
$rc=read-host "Do you also want to save output to a text file? [YN]"
if ($rc -eq "Y") {
$file=read-host "Enter the filename and path"
write-host "Connecting to" $server "as" $user
get-wmiobject -class ds_user -namespace root/directory/ldap `
-computername $server -credential $cred | `
select-object DS_Name,DS_distinguishedname,DS_sAMAccountname |`
tee-object -file $file
}
else
{
write-host "Connecting to" $server "as" $user
get-wmiobject -class ds_user -namespace root/directory/ldap `
-computername $server -credential $cred | `
select-object DS_Name,DS_distinguishedname,DS_sAMAccountname
}
CreateUser.ps1
#CreateUser.ps1
#specify the OU where you want to create the account
$OU=[ADSI] "LDAP://OU=Testing,DC=MyCo,DC=Local"
#using the ADSI type specifier
#Add the user object as a child to the OU
$newUser=$OU.Create("user","CN=Francis Bacon")
$newUser.Put("sAMAccountName","fbacon")
#commit changes to Active Directory
$newUser.SetInfo()
#set a password
$newUser.SetPassword("P@ssw0rd")
$newUser.SetInfo()
#Define some other user properties
$newUser.Put("DisplayName","Francis Bacon")
$newUser.Put("UserPrincipalName","Fbacon@MyCo.com")
$newUser.Put("GivenName","Francis")
$newUser.Put("sn","Bacon")
#enable account = 544
#disable account = 546
$newUser.Put("UserAccountControl","544")
$newUser.Put("Description","Created by PowerShell "`
+(get-date).ToString())
#commit changes to Active Directory
$newUser.SetInfo()
#flag the account to force password change at next logon
$newUser.Put("pwdLastSet",0)
$newUser.SetInfo()
AddToGroup.ps1
#AddToGroup.ps1
$Grp=[ADSI]"LDAP://CN=SAPIEN Authors,OU=SAPIEN,DC=MyCo,DC=local"
$NewUserDN="CN=Bill Shakespeare,OU=Testing,DC=MyCo,DC=local"
#create an array object from current group members
$grpMembers=@($Grp.Member)
#display current group membership
Write-Host "There are currently" $grpMembers.Count "members in" $Grp.Name
foreach ($user in $grpMembers) {$user}
Write-Host `n; Write-Host "Adding" $NewUserDN
($grp.Member).add($NewUserDN) > $NULL
#commit changes to Active Directory
$Grp.SetInfo()
#refresh object and display new membership list
$Grp.psbase.refreshCache()
$grpMembers=@($grp.Member)
#display new membership
Write-Host "There are now" $grpMembers.Count "members in" $grp.Name
foreach ($user in $grpMembers) {
if ($user -eq $NewUserDN) {
write-Host -foregroundcolor Green $user
}
else
{
write-Host $user
}
}
ListWinNT.ps1
#ListWinNT.ps1
$member=[ADSI]"WinNT://MyServer"
foreach ($item in $member.psbase.children) {
if ($item.psbase.schemaclassname -eq "user") {
Write-Host $item.Name
}
}
SearchForAllUsers.ps1
#SearchForAllUsers.ps1
$searcher=New-object DirectoryServices.DirectorySearcher
$searcher.Filter="(&(objectcategory=person)(objectclass=user))"
$users=$searcher.FindAll()
#display the number of users
Write-Host "There are "$users.count"users in this domain."
#display each user's distinguishedname
foreach ($user in $users) {
Write-Host $user.properties.distinguishedname
}
SearchForAllUsersAdvanced.ps1
#SearchForAllUsersAdvanced.ps1
$searcher=New-object DirectoryServices.DirectorySearcher
$searcher.Filter="(&(objectcategory=person)(objectclass=user))"
$users=$searcher.FindAll()
#display the number of users
Write-Host "There are "$users.count"users in this domain."
foreach ($user in $users) {
foreach ($user in $users) {
$entry= $user.GetDirectoryEntry()
$entry |Select displayname,samaccountname,description,distinguishedname
}
}
FindUserDN.ps1
#FindUserDN.ps1
$sam=Read-Host "What user account do you want to find?"
$searcher=New-Object DirectoryServices.DirectorySearcher
$searcher.Filter="(&(objectcategory=person)(objectclass=user)"`
+"(sAMAccountname="+$sam+"))"
$results=$searcher.FindOne()
if ($results.path.length -gt 1)
{write-host $results.path}
else
{write-host "User" $sam "was not found."}
