Skip to main content

Set-AdUser Powershell Cmdlet Usage

Set-AdUser Powershell Cmdlet Usage

Set-AdUser is an important Powershell Cmdlet that helps us to edit or change the attributes of active directory users. The usage of this cmdlet is as follows:

Open Powershell and import the active directory module. So we can manage the Active directory through powershell.

Import-Module Activedirectory

Single User:

First of all, we can use this cmdlet to change single or multiple properties of a single active directory user.

Set-AdUser properties

Multiple Users:

In addition, if you want to change the properties for multiple users, first we need to use Get-Aduser command and then pipe the result to Set-Aduser. For example, if we want to change the “City” property for all users in any specific OU, we can use SearchBase to specify the OU. The command will be as follows:

Get-Aduser OU

 

Use Set-ADUser with CSV:

Finally, We can change the attributes of bulk users by importing the list of users from the CSV file and then change any specific attributes.

$Import =Import-CSV “c:\Userslist.csv”

Foreach ($user in $Import)

{Set-ADUser $user.sAMAccountname –city $user.city}

As shown in the above example, the users are imported from Userslist.csv file and city property is updated for each. Similarly, we can add other properties in this command. Additionally, we can add multiple properties in the same script.

In conclusion, Set-ADUser is a very helpful cmdlet. if you want to learn more about this command its parameters you can visit the Technet Page for this Cmdlet.

DNS

Resolve-DNSName Usage in Powershell

Resolve-DNSName Usage in Powershell

Resolve-DNSName is a new entry in Windows 8 and Server 2012 to replace our old friend Nslookup. Nslookup is still a great tool to query the DNS servers, but it has its limitations. For example, it is not easy to use inside the scripts. While these days, automation is very important part of every tool. Powershell introduces Resolve-DNSName that gives much more flexibility and options while querying the DNS Servers.

How Name Resolution Works:

The DNS resolution works in the following order:

  1. Hosts file is checked for any entry
  2. Local cached is checked for any cached records
  3. DNS Server is queried for name resolution

First it checks the hosts file for an entry for the queried domain, then it checks for the local cache, if the domain already queried or not and finally it quires the DNS Server, that is responsible for that domain.

Resolve-DNSName (Query As You Want):

Resolve-DNSName gives us the flexibility to query any of these options, that is not available in NSLookup. A normal Resolve-DNSName query looks like this:
Resolve-DNSName

For this example i have made an entry in the hosts file for AdExchangeAdmin.com with the IP 10.0.0.1

hosts

After adding the hosts file entry, now as soon i am querying the domain from my PC, it is returning the local IP.

Resolve-DNSName hosts

Here comes the fun part. We can mention to skip the hosts file by using “NoHostsFile” option to skip the hosts file check and move to the 2nd option. We can also mention“CacheOnly” to use cache or “DNSOnly” to directly query the DNS and skip Hosts and Cache.

Resolve-DNSName No Hosts

After using the NoHostsFile, it skips the host file and gets the actual IPs instead of the fake 10.0.0.1 entry that i made in the hosts file.

 

Resolve-DNSName Record Types:

As a Systems Admin, i often require to get different types of DNS records, especially MX information for the domains. Now i can do that in Powershell using Type parameter in Resolve-DNSName command as follows:

Resolve-DNSName MX Record

Here i used the Resolve-DNSName command to fetch the MX record for my domain, ADExchangeAdmin.com

To list the DNS Servers that hold the record of any domain, we can use the “NS” (Short for Name Server). The output looks like this:

Resolve-DNSName Type NS

When we have multiple DNS Servers having record for any domain, we can query any specific DNS also for the record by specifying the Server. Here, i used 173.245.59.144 Server IP from my previous output.

Resolve-DNSName Type NS Server

Similarly, we can query any type of records using Reolve-DNSName.

 Save Reults:

Finally, we can use the flexibility of Powershell to pipe the output to the Export-CSV and save the it in CSV format.

Resolve-DNSName Export

 

You can use “Get-Help Resolve-DNSName” to get detailed help for this command in Powershell or visit Technet documentation to learn more about it.

 

Force Group Policy Update

Force Group Policy Update, The Easier Way

Force Group Policy Update, The Easier Way

For any administrator, it is a regular task to force group policy update when ever the changes are made to the group policy. On a single PC or Server it is easy to run “GPUpdate /force” to enforce the group policy updates immediately. Running GPUpdate manually on multiple PCs or Servers, is time consuming task. Furthermore it requires additional efforts from the Systems Administrators.

Until Server 2008, it was not easy to update the group policy in bulk. But since Server 2012, we can invoke remote group policy update on Servers/ PC’s. As a result this task has become super easy.

There are two methods to do it:

  • Through Group Policy Management Console
  • Through Powershell

Force Group Policy Update through GPMC:

Open the Group Policy Management Console and select the “Organisational Unit” where you want to invoke the group policy update. Right Click the Organisational Unit and select “Group Policy Update”

Force Group Policy Update

The confirmation dialogue box will open, that shows the number of computers that will take the Group Policy Updates. Click Yes to continue.

Force Group Policy Update Confirmation

The Remote Group Policy Update Result dialogue box will open that shows the progress of the updates.

Force Group Policy Update Progress

Wait for the progress bar to complete. You can also see the success and failure for the Computers with the errors if any while the process is running.

Force Group Policy Update through Powershell:

In Powershell the Invoke-GPUpdate command can be used to update the group policy. Here we specify the OU path where we want to run the Invoke command.

The complete command looks like this:

Get-ADComputer –filter * -Searchbase “OU=Servers, DC=Domain,DC=COM” | foreach{ Invoke-GPUpdate –computer $_.name -force}

 I got the following output after running the above command.

Force Group Policy Update Powershell

Note: Any errors, are shown in red, but for the successful updates there is no “Success message”. Hence i prefer to use Group Policy Management Console.

If you want to get more details about the Remote Group Policy Refresh, follow this Technet article