Raise Forest Functional Level
domain.msc > Active Directory Domains and Trust > Raise Forest Functional Level
Fine-grained password policies
Administrative Center: dsac.exe > Tree View > System > Password Settings Container > New > Password Settings
Password Expiration Notification
Group Policy Management: gpmc.msc > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Interactive logon: Prompt user to change password before expiration > 14 days
Server Manager:
servermanager
Windows Firewall
Windows Firewall with Advanced Security: wf
Active Directory Domains and Trusts:
domain.msc
Active Directory Sites and Services:
dssite.msc
Certificate Authority:
certsrv.msc
DNS Management:
dnsmgmt.msc
DHCP Management:
dhcpmgmt.msc
Windows Server Backup:
wbadmin
PowerShell Control output
Get-Process Get-Process | Format-Table Get-Process | Format-Table * Get-Process | Format-Table Name, Id, Responding Get-Process | Format-List Get-Process | Format-List * Get-Process | Format-List Name, Id, Responding Get-Process | Format-wide Name -col 5
Sort
Get-Process | sort | Format-Table Name, Id, Responding Get-Process | sort | Format-List Name, Id, Responding Get-Service | sort Status | Format-Table -GroupBy Status Get-Service | sort Status | Format-List -GroupBy Status
Select-object *
Get-Service Get-Service | Select-Object * Get-Service VSS Get-Service VSS | Select-Object *
Like, eq,
Get-Service | ?{$_.Status -like 'Running'}
Get-Service | ?{$_.Name -like 'V*'}
Sort and Group by
Get-Service | sort Status | ?{$_.Name -like 'V*'} | ft -GroupBy Status
Output to text
Get-Service | ft Name, ServiceName, Status | Out-File test.txt Get-Service | select * | Export-Csv test.csv Get-Service | Export-Clixml test.xml Get-Service | ConvertTo-Html | Out-File test.html
Administration with PowerShell
Get Password policy
Get-ADDefaultDomainPasswordPolicy
Get-ADUser -Identity kim -properties PasswordLastSet, PasswordExpired, PasswordNeverExpires, EmailAddress, GivenName
Get Password expiry date (from all users)
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Get Password expiry date
Get-ADUser kim -properties "msDS-UserPasswordExpiryTimeComputed" | Select @{Name = "Password expires in" ; e={[datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)}}
Password Countdown
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | sort msDS-UserPasswordExpiryTimeComputed | Select-Object -Property "Displayname", @{Name="ExpiryDate"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}, @{Name="Countdown"; e={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")-(Get-Date)}}
Password expiring users
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Where-Object {$_.ExpiryDate -lt (get-date).AddDays(14)} | Sort-Object ExpiryDate
Force restart server using cmd
shutdown /r /f /t 0 /m \\ServerName