customer relationships

Must have PowerShell Tool for SysAdmins

Hey Guys, as a Windows SysAdmin some of your primary tools is Active Directory and PowerShell. I want to share this tool I found online from Patrick Gruenauer – Author of

You can download the tool from here:

Active Directory Domain Services Section

What can we do with it? This is the question for this part. I wanna give you a foretaste. Here’s the menu of version 1.1.


The Subsections

1 – Forest | Domain | Sites Configuration


2 – List Domain Controller

Note that in this section you are also able to test the connectivity to your Domain Controller.


3 – Replicate all Domain Controller

Tired of pressing replicate on all DC’s? You’ve come to the right place.


4 – Show Default Password Policy

It’s good to have an eye on your password settings…


5 – List Domain Admins


6 – List of Active GPOs


7 – List all Windows Clients (Client Operating System only)


8 – List all Windows Server


9 – List all Computers


10 – Run SystemInfo on Remote Computer

You are able to select a scope …


11 – Move Computer to OU


Don’t worry I will intercept wrong entries and save the user…


12 – List all Groups


13 – List Group Memberships


14 – List all enabled Users


15 – List User Properties


16 – User’s last Domain Logon

The forums are full of questions like “is the LastLogon attribute important, or LastLogonTimestamp or LastLogonDate…, when is it replicated … why is it so difficult to find the right logon date …”. I don’t care and contact every DC and ask for the LastLogon and take the latest…, surprise, surprise it always shows me the correct latest logon …


Don’t worry. I will take care if the user has never logged on.


17 – Show currently logged on User

This is a live query. The target host will be contacted with the quser command.


18 – Send Messages to users desktop

Cool, ha? One of my favorites … Make your choice to send it to all Windows Server …


19 – Find orphaned User or Computer Accounts

Who forgot to remove the computer or user account? You have to provide the computer or user account and a timespan.


20 – Configure Time-based-Group-Membership

This only works in a Windows Server 2016 Forest Mode. Don’t worry, the tool will first check the Forest Mode and if the feature is enabled. Provide User, Group and Timespan in days.


21 – Onboarding | Create New AD User (from existing)

Do you dream of creating a user based on an existing in a few seconds … to have more time for other tasks? Here we go.


22 – Offboarding | Disable AD User

When an employee leaves the company, he should be deactivated.


Ok, that’s it for now.

PowerShell Web Access

You are also able to run this in PowerShell Web Access:


The Script

I have decided not to present the entire code here. Too many lines of code. You can download the script here, it’s a psm1 file, a PowerShell script module file:

Download: Active Directory Domain Services Section (v.1.1)

Prerequisites and Notes:

  • Tested in an Active Directory environment with Windows Server 2012/2016 Domain Controllers and Windows 7/8/10 clients
  • WinRm must be enabled on all Client computers (WinRm is enabled on Windows Server 2012/2016 by default) manually (winrm qc) or by GPO.
  • Run the tool on a Domain Controller (You may run into troubles with RSAT)
  • 0 and Enter (instead of Enter only) to go back to the main menu is due to the possible integration of PowerShell Web Access where pressing Enter only will not work

After downloading create a folder “AD” in C:\Program Files\Windows PowerShell\Modules and save the AD.psm1 file there.


It should be then available every time you start PowerShell and run the command ad.


Or as mentioned in PowerShell Web Access.

Have fun with it! I am very grateful for ideas for further functions.

best vpn deal

Leave a Reply

Your email address will not be published. Required fields are marked *