Export Active Directory SIDs

Useful for finding specific SIDs such as -500 for Administrator -501 for Guest etc.

dsquery * -filter “&(&(objectClass=User)(objectCategory=Person))” -limit
0 -attr sAMAccountName givenName sn objectSID 

Information on well known SIDs below

http://www.windowsecurity.com/articles-tutorials/windows_server_2008_security/Well-Known-SIDs-Windows-Server-2008-R2-Active-Directory.html

 

Using PowerShell to retrieve workstations and/or servers from AD

Servers

Get-ADComputer -Filter {OperatingSystem -Like “*server*”} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto

Workstations

Get-ADComputer -Filter {OperatingSystem -NotLike “*server*”} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto

Both

Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto

Inventorying Computers with AD PowerShell

 

 

Group Policy Modelling “The given Key was not present in the dictionary”

I found this recently when running GPO modelling and there is a Microsoft article that describes the symptom caused by using the GPO registry wizard to import registry settings.

https://support.microsoft.com/en-gb/kb/2692409

Unfortunately I was not able to find a quick way and had to look through all GPOs for the Registry Wizard Values key.  Underneath this key, the offending item has a blank type/ value name.

untitled

Troubleshoot AD lockout of a user account

https://www.microsoft.com/en-gb/download/details.aspx?id=15201

This application will identify on which DCs lockouts are occurring.  Find the DC and look at the security event logs for event id 4771.  General information will give the user name and source IP address/port number of the offender.

The following script may also be useful in troubleshooting

http://mikefrobbins.com/2013/11/29/powershell-script-to-determine-what-device-is-locking-out-an-active-directory-user-account/