I wanted to be able to check which windows users had been placed in the Windows AD Groups we use to control access to SQL Server. Here’s what I came up with to make checking this easy; Import-Module SQLPS -DisableNameChecking -ErrorAction Ignore; Import-Module ActiveDirectory -DisableNameChecking -ErrorAction Ignore; $sql_server = “sql_instance”; $srv = New-Object Microsoft.SqlServer.Management.Smo.Server $sql_server; […]

This Powershell snippet uses the Get-ADGroupMember to retrieve the names of users in a specific AD group. Import-Module ActiveDirectory; Get-ADGroupMember -Identity “Group Name” | Select-Object Name | Format-Table -AutoSize; Output should look something like below; Name —- Joe Bloggs John Smith Jane Doe

Here’s a quick Powershell script I knocked up to help me check AD Group Memberships between two user accounts. Just set the $user1 and $user2 variables and you’re good to go. Import-Module ActiveDirectory; $user1 = “username1”; $user2 = “username2”; $groups1 = Get-ADPrincipalGroupMembership –Identity $user1 | Select-Object -Property Name; $groups2 = Get-ADPrincipalGroupMembership –Identity $user2 | Select-Object -Property Name; if($groups1.Count -ne […]

Here’s a quick Powershell snippet to get the startup and shutdown times for a windows system after a specific point. Get-EventLog -LogName System -ComputerName myHost -After 12/03/2013 -Source “Microsoft-Windows-Kernel-General” | Where-Object { $_.EventId -eq 12 -or $_.EventId -eq 13; } | Select-Object EventId, TimeGenerated, UserName, Source | Sort-Object TimeGenerated | Format-Table -Autosize; Id 12 indicates […]

I don’t have access, like many DBAs, to the inner bowels of Active Directory.  While I’m more than happy for it to stay this way I still want to check that certain things have been setup correctly and haven’t been “cleaned-up” by a security nazi focused domain administrator. One such situation arose recently with Service Principal Names. SPNs […]