Powershell example 5

SetPermswithCACLS.ps1

#SetPermsWithCACLS.ps1# CACLS rights are usually# F = FullControl# C = Change# R = Readonly# W = Write$StartingDir=Read-Host " What directory do you want to start at?"$Right=Read-Host " What CALCS right do you want to grant? Valid choicesare F, C, R or W"Switch ($Right) {  "F" {$Null}  "C" {$Null}  "R" {$Null}  "W" {$Null}  default {    Write-Host -foregroundcolor "Red" `    `n $Right.ToUpper() "is an invalid choice. Please Try again."`n    exit  }}$Principal=Read-Host " What security principal do you want to grant" `"CACLS right"$Right.ToUpper()"to?" `n `"Use format domain/username or domain/group"$Verify=Read-Host `n "You are about to change permissions on all" `"files starting at"$StartingDir.ToUpper() `n "for security"`"principal"$Principal.ToUpper() `"with new right of"$Right.ToUpper()"."`n `"Do you want to continue ? [Y,N]"if ($Verify -eq "Y") { foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {  #display filename and old permissions  write-Host -foregroundcolor Yellow $file.FullName  #uncomment if you want to see old permissions  #CACLS $file.FullName  #ADD new permission with CACLS  CACLS $file.FullName /E /P "${Principal}:${Right}" >$NULL  #display new permissions  Write-Host -foregroundcolor Green "New Permissions"  CACLS $file.FullName }}

GetLDAPUsers.ps1

#GetLDAPUsers.ps1$user=read-host "What user credentials do you want to use for" `"authentication to the" `n `"domain controller? Use format domain/username."$cred=get-credential $user$server=read-host "What domain controller do you want to connect to?"$rc=read-host "Do you also want to save output to a text file? [YN]"if ($rc -eq "Y") {$file=read-host "Enter the filename and path"write-host "Connecting to" $server "as" $userget-wmiobject -class ds_user -namespace root/directory/ldap `-computername $server -credential $cred | `select-object DS_Name,DS_distinguishedname,DS_sAMAccountname |`tee-object -file $file}else{write-host "Connecting to" $server "as" $userget-wmiobject -class ds_user -namespace root/directory/ldap `-computername $server -credential $cred | `select-object DS_Name,DS_distinguishedname,DS_sAMAccountname}

 

 

CreateUser.ps1

#CreateUser.ps1#specify the OU where you want to create the account$OU=[ADSI] "LDAP://OU=Testing,DC=MyCo,DC=Local"#using the ADSI type specifier#Add the user object as a child to the OU$newUser=$OU.Create("user","CN=Francis Bacon")$newUser.Put("sAMAccountName","fbacon")#commit changes to Active Directory$newUser.SetInfo()#set a password$newUser.SetPassword("P@ssw0rd")$newUser.SetInfo()#Define some other user properties$newUser.Put("DisplayName","Francis Bacon")$newUser.Put("UserPrincipalName","Fbacon@MyCo.com")$newUser.Put("GivenName","Francis")$newUser.Put("sn","Bacon")#enable account = 544#disable account = 546$newUser.Put("UserAccountControl","544")$newUser.Put("Description","Created by PowerShell "`+(get-date).ToString())#commit changes to Active Directory$newUser.SetInfo()#flag the account to force password change at next logon$newUser.Put("pwdLastSet",0)$newUser.SetInfo()

 

AddToGroup.ps1

#AddToGroup.ps1$Grp=[ADSI]"LDAP://CN=SAPIEN Authors,OU=SAPIEN,DC=MyCo,DC=local"$NewUserDN="CN=Bill Shakespeare,OU=Testing,DC=MyCo,DC=local"#create an array object from current group members$grpMembers=@($Grp.Member)#display current group membershipWrite-Host "There are currently" $grpMembers.Count "members in" $Grp.Nameforeach ($user in $grpMembers) {$user}Write-Host `n; Write-Host "Adding" $NewUserDN($grp.Member).add($NewUserDN) > $NULL#commit changes to Active Directory$Grp.SetInfo()#refresh object and display new membership list$Grp.psbase.refreshCache()$grpMembers=@($grp.Member)#display new membershipWrite-Host "There are now" $grpMembers.Count "members in" $grp.Nameforeach ($user in $grpMembers) { if ($user -eq $NewUserDN) {  write-Host -foregroundcolor Green $user } else { write-Host $user }}

 

ListWinNT.ps1

#ListWinNT.ps1$member=[ADSI]"WinNT://MyServer" foreach ($item in $member.psbase.children) {  if ($item.psbase.schemaclassname -eq "user") {   Write-Host $item.Name  }}

 

SearchForAllUsers.ps1

#SearchForAllUsers.ps1$searcher=New-object DirectoryServices.DirectorySearcher$searcher.Filter="(&(objectcategory=person)(objectclass=user))"$users=$searcher.FindAll()#display the number of usersWrite-Host "There are "$users.count"users in this domain."#display each user's distinguishednameforeach ($user in $users) { Write-Host $user.properties.distinguishedname}

 

SearchForAllUsersAdvanced.ps1

#SearchForAllUsersAdvanced.ps1$searcher=New-object DirectoryServices.DirectorySearcher$searcher.Filter="(&(objectcategory=person)(objectclass=user))"$users=$searcher.FindAll()#display the number of usersWrite-Host "There are "$users.count"users in this domain."foreach ($user in $users) { foreach ($user in $users) {  $entry= $user.GetDirectoryEntry()  $entry |Select displayname,samaccountname,description,distinguishedname }}

 

 

FindUserDN.ps1

#FindUserDN.ps1$sam=Read-Host "What user account do you want to find?"$searcher=New-Object DirectoryServices.DirectorySearcher$searcher.Filter="(&(objectcategory=person)(objectclass=user)"`+"(sAMAccountname="+$sam+"))"$results=$searcher.FindOne()if ($results.path.length -gt 1) {write-host $results.path}else {write-host "User" $sam "was not found."}