Active Directory

Reset AD password force change for access denied issues

Reset AD password force change for access denied issues

When you encounter access denied issues for a user account change password both from ADUC and powershell then below command can force change password.

PS C:\Windows\system32$password = Allgood@2018*
PS C:\Windows\system32Set-adaccountpassword ‘samaccountname’ -reset -newpassword (ConvertTo-SecureString -AsPlainText $password -Force)
PS C:\Windows\system32… Read the rest

Add dLMemSubmitPerms powershell restrict users via AD Group to send emails to Email group

Add dLMemSubmitPerms powershell restrict users via AD Group to send emails to Email group

We set this attribute usign ADUC using attribute editor but sometimes we get dlmemsubmitperms there is no editor registered to handle this attribute type error which happens to first time when try to add this.

Import-module activedirectory

Set-ADObject “CN=TestEmailGroup,OU=DL,DC=Test,DC=com” -Add @{dLMemSubmitPerms=”CN=ADGroup,OU=Security Groups,DC=Test,DC=com”}

To get the distinguished name from Powershell we can use below command

(Get-ADGroup -Identity “Groupname”).DistinguishedName

Below are Attribute Names, Name in GUI, Explanation, names in Powershell (Set-DistributionGroup)

authOrig, Accept messages from , Only senders in the following list can send emails to this group … Read the rest

Add Authorig powershell restrict users to send emails to Email group

Add Authorig powershell restrict users to send emails to Email group

Import-module activedirectory

Set-ADGroup -Identity “Test Group” -Add @{authOrig=@(‘CN=Test User,OU=Department,OU=People,DC=CONTOSO,DC=EDU’)}

To get the distinguished name from Powershell we can use below command

(Get-ADUser -Identity “Testuser”).DistinguishedName

Below are Attribute Names, Name in GUI, Explanation, names in Powershell (Set-DistributionGroup)
authOrig, Accept messages from , Only senders in the following list can send emails to this group if set, -AcceptMessagesOnlyFrom

dLMemSubmitPerms, same as above, see above but this accepts group, -AcceptMessagesOnlyFromDLMembers
unauthOrig, Reject messages from, Senders in the following list are not allowed to send emails to this group, -RejectMessagesFrom

dLMemRejectPerms, same as … Read the rest

Making a Security Group using Distribution group members in Powershell

Making a Security Group using Distribution group members in Powershell

First lets get the list of users samaccountnames from Distribution list

$List=Get-ADGroupmember DistributionlistName

Now create a empty Security group from Active Directory Users and Computers

Now lets add each of above user into a security group which is created from ADUC(Active Directory Users and Computers).

ForEach ($User in $List){Add-ADGroupMember -Identity SecurityGroupName -Member $User.samaccountname}

We can also use add members to distribution group powershell by this method of Add-ADGroupmember

We can also use powershell to add members to distribution group powershell or a Security group.

We can also use powershell to

Read the rest

Copy Group memebership using PowerShell from one user to another

Copy Group memebership using PowerShell from one user to another

Run Powershell as administrator (wasted 1 hr figuring this out. It does not work if not run as admin)

Import-module activedirectory

Then below command which accepts samaccount name of both users

Get-ADUser -Identity copyfrom -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members Copyto
Read the rest