Active Directory automation with PowerShell

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay everyone's saying they're ready now all right so let me go ahead and just pop open active directory again for most of you guys you already know these are it labs that we provide uh that you can run in your web browser you go to serveracademy.com we have a whole list you can search for them if you're a member you go to the labs page and go to active directory users and computers we're using this lab so i can paste that link in the chat but you have to have some kind of account so you can sign up for like a free trial if you wanted to or you could just watch the training or you can also set up the labs uh in your own environment let me move this microphone for you guys this might sound better okay hopefully that sounds a little bit better all right so what i'm going to do is open active directory users and computers and if you guys want to follow along go ahead and pop open the lab and you got some time because i'm going to probably have to make sure i add some users to groups so we'll have something to work on here so let's see what i'm going to do is go under okay this is pretty much a blank slate so i'm going to go ahead and just make a new organizational unit and i'll just call this server academy and then inside of this i'm going to create a user account and i'm going to call it user a i'll do first name user last name a and using will be user.a and then i'll just hit next and i'm just going to type in some kind of bogus password that doesn't really matter because i won't be using it for this uh specific lab so if for those of you who are new to the labs in the labs if you click on the right hand side you have the administrator username and the password if you click on this it'll type it in for you alright so i'm just going to go ahead and leave the settings like this and i'll click finish and then i'll right click i can right click and i can make another new user by saying new user or i can right click and i can say copy and i can copy the settings this is more useful if you already had groups and you wanted to copy it to a new user but that's not what we want so we're going to make another blank user and this will be user b so i can spell it right user dot b and i'll click next and again i'm going to click the password here on the right hand side i'm just hitting it twice so it types it in twice and then i'm going to go down to the next one and click on that twice okay go ahead and switch back so you guys can see a little bit better all right i'll click next and finish okay so now i have two user accounts so the purpose of what we're gonna try to accomplish today is to copy the member group memberships from user a to user b right and we can actually even make a third user just that probably a better demonstration so user c user.c just type in the password really quick all right next finish okay so i'm going to give user a some group memberships so i'm going to go under double click on the user i'm going to select member of and i'm going to give it the domain admin membership and i'll give it the dns admin i'll just type in dns check names yeah dns admins that's what i wanted okay so this user has three groups that they're a member of right if i go and i check user b and i go to member of it doesn't have any memberships besides domain users and user c is going to be exactly the same so what we're trying to do if we had to do this ourselves we could do it manually by just opening user a clicking member of and then we could open user b and click on the member of tab and then we can compare the two users and i can see oh i need to add dns admins so i can click here and type in dns admins click check names and i can select dns admins and then i could do the same for domain admins so domain hit check names and then select domain admins click ok hit ok and now the users match right and it's all good because it's only three users in this little lab problem is if you have you know a couple hundred or a couple thousand or maybe tens of thousands of users there's no way you're going to go through each user and do all of them like that if you did it would take you forever and it'd be a waste of man hours it was it cost your money or your company a lot of money and that's the kind of things we don't want to we want to avoid right so i'm just going to remove these and we're going to automate this with powershell okay uh sorry i want to delete this one there we go okay so now user b only has a domain user's membership so hit apply and hit ok all right so i'm going to hit start and we're going to open the powershell ise all right and i will right click on this and just say run as administrator well that's loading up on this check on the comments oh cool so f cass jr saying he's in the office don't tell anyone that's funny uh yeah man just tell him it's work related uh no f cash junior you should not use your company's production active directory absolutely not you shouldn't be granting the uh domain administrator membership to just anybody that's a ter that's really really bad idea that's why we at server academy we have these it labs because you can start them i'll show you really quick you can start them and you can restart them so i can click up here i can end the lab if i want to just kill the instance of active directory that i have uh i can turn off the machines i can manage them i can switch between the virtual machines but the idea is you launch the lab in your web browser and it's a test environment so you don't have to be at work you know doing this in your work active directory that could be bad so i don't recommend you trying what i'm teaching you today in your active directory work until you've tried it in a test lab and that's what these test labs are for okay they're for you to practice them without having to worry about blowing something up yeah only 25 000 users yeah what's the worst that could happen right do you have uh active directory backups going on all right uh i'm gonna go ahead and open the powershell ic and i'm gonna zoom in so you guys can read this so let's see tell me when you guys can see this okay is that good can you guys read that if i type in a line like get all 80 users can you guys see that okay oh big chief has a hundred thousand users wow that's a big network yeah you definitely gotta be careful yeah so if you're trying to copy active directory um users you're definitely gonna want first of all you're going to want to do it in chunks because you're not going to want to try and run a command that's going to do all that at one time because that would just overload your database okay it looks like everybody can see everything good all right so what we have to do first is we're going to get the users just grab all their information and see what group memberships they have and uh then we can start working from there so we're gonna make a variable and the way that you do that in power shows by hitting shift and hitting the four sign or the number four sorry that'll give you the dollar sign and then here we can type in any name we want that's going to allow us to declare a variable and i shouldn't say any name because you don't want to use uh some you know pre-existing powershell variable names uh you know like some of these that are automatically populated so just try to use anything that's not in here but it's pretty easy to do so if we want to call make a variable called users we just type in users okay and we can say that is equal to get dash ad user and we're going to say dash filter and if you want we can go up a line and we can say import dash module module with a d and we're going to say active directory i'll hit tab to auto complete that now if i run this line what's going to happen is i'm going to start getting auto completion here so when i hit control and space backspace filter if i hit tab uh now or now when i hit dash rather i'm getting the auto completion here so if i hit filter i can do star and this is what this is going to do is just capture every active directory user in our domain right so i'll go ahead and run this and if we output or if we call users down here in the bottom just a quick side note the bottom blue part is you can kind of think of it as like temporary changes or just things you want to be temporary the top or the white part of the ic is what you'd want to be permanent or what you're actually going to be saving so now that i've written some of the script in the top i'm going to test out what's going on with the user's variable down in the blue part so you can call a variable or output its contents by just typing in the name of the variable remember we declared user so i'm just going to press use oh sorry it's users with an s so if i press enter this outputs all the users in my domain now i don't know about you but this isn't that useful to me because it it's kind of hard to see what's going on you have to scroll up and down so a really cool trick you can use i'll press the up arrow to recall my last command hit space and add the pipe symbol so i'm holding shift on my keyboard and hitting backslash it's right above enter and below delete that gives you the pipe symbol symbol sorry and what that's going to do is take the output of users and pipe that into another command and the other command we're going to do is ogb now ogb is an alias for out grid view you could also type in outgrid out dash grid view if we press enter it's going to open a new window and here we can see the users in a better format and we can do things like filter or sort by different column so i can sort by the given name or i can sort by whether or not it's enabled i can filter so if i wanted to find guest b i can do that by just typing in guest and then b which my space bar is not one to work right now okay whatever keyboard malfunctions oh wow we got a lot of chat going on um so someone's saying how do you start the labs so if you have a member you just need or if you have a membership you just log in if you don't then you can try you can do the free trial and you can just watch through the webinar and you can just cancel after the free trial but i'll get the link for the free trial really quick um let's see cf trial here we go okay that's the link for the free trial you'll sign up um it's gonna ask for your billing information but you're not gonna be billed for seven days so if you sign up you can run the labs through this live stream and then you can just cancel and then you'll have access for seven days but you're not to be charged okay and then if you like it sign up and stay that'd be great okay so now that we have these user accounts what we really want to do is we want to uh only grab the users that we want to copy the groups right we don't want this domain administrator account has nothing to do with what we're trying to do we don't want the guest or the this account down here so what we're going to do is update the search base on this on this get ad user command so we're going to say dash search base and we're going to set that to be the distinguished name of the organizational unit we want to use or basically we're going to tell it hey only look in this organizational unit where these three users exist so if i right click on this ou and i click properties actually first i need to hit view and say advanced features now i can click on server academy i can right click and i can say properties and here i can go to the attribute editor this is something that's only visible if you have advanced features enabled so you have to have this little checkbox turned on now i'm going to scroll down and select the distinguished name i'm going to double click on this and i'm going to copy it and i'll just hit ok and i'll go back to powershell and i'll paste that inside of the dash search base okay so uh if i go ahead and i run this command again if i press f8 i'm by the way i'm highlighting that whole line there and just pressing f8 and that's running the command now if i call users and i pipe that to ogv or outgrid view we only have these three users all right another way that we could grab like the source user if we wanted to would be to say let's make another um another variable we'll call it source user is equal to get dash ad user and we're just going to do identity dash identity and it's going to be user dot a okay we're going to run this just let me run it here because we might just want to make sure that's going to work yeah okay so here we have user a source user is going to be uh the user that will be copying the groups from okay all right so now we have user-a what we need to do here though you'll notice that there's no information about what group that they're a part of and the reason for that is because we're not telling it what properties to gather so by default it's only going to return what it thinks you know the most common things you're going to need but you can tell it to return more or all of the information inside of active directory if i double click on user a and go to attribute editor if i can find it where is it hiding uh maybe the turn off okay i might actually have to search for it hang on there we go i had to close it and reopen it now if we go to attribute editor here you can see these are all the settings of the actual attributes that we can view for this user but you'll notice the output that we have over here these little you know seven or eight lines or whatever it is is nowhere close to all the information that's stored inside of active directory we can get all that information by adding dash properties and then just putting in a star what that's going to do is grab all the properties for that user all the attributes so if i hit f8 now when we scroll up and down we can see all that information that's stored inside of active directory so if i go ahead and just store this into the very or yeah inside the variable source user i can call that variable and i can pass it to ogb and here i can see all the information that i might want to grab so a lot of times you'll grab you'll just say dash properties and you'll put a star and then you'll go through ogv and you'll figure out what properties you actually want to keep so we're trying to figure out which groups this user is a member of so what i'm going to do is look for anything that may give me an indication of what memberships it has and here i can see that we have this member of column or member of property so that's what we're going to want to grab so here's what i'm going to do instead of doing dash properties star we're going to say member of now if i run this so i'm highlighting it and i'm pressing f8 here i can see that we have the member of property and i can see that it's a member of dns admins a member of domain admins and then there should be domain users in here somewhere um okay so let's go ahead and store this into memory and i'll just check on the chat really quick iman game is saying delete system32 you can do that i'll do it at the end for you if you want i'll try or how about this how about we delete everything inside of active directory at the end and just see what happens i'm down if you guys want to do that there's got to be like a delete all command that we can run that would just fry the active directory definitely don't do that at work if you're following along okay all right so now what we need to do is we need to grab the groups that our source user is a member of so we'll call this source groups we're going to make a new variable and this is going to be equal to um let me think about how i'm going to grab this source.user.memberof and if we just call this let's just output this and see what we got in the console so here it gives us two lists and it gives us dns admins and domain admins right it's not listing the domain administrators or domain users group because that's its primary group and it's there by default so what we need to do now is go ahead and split these so uh we actually may need to iterate over this in a for loop but let me try and see if i can split it yeah no i can't split it okay so now that we have the source groups let me make sure i store this into memory okay i'm going to say source groups press enter we have these groups but this isn't in a very usable format what we really want to grab is just domain admins right here and then dns admins that way we can say hey i want to add my other users to the domain admins into the domain dns admins group okay so let's iterate over those groups so we're going to do a for each loop here uh and instead of describing us for each loop let's say iterate over each 80 group okay and we'll say four each let's see for each group in source groups press enter okay we can just call we can just call the variable group and i'll explain what's going to happen here in a second okay if i press f8 here we're going to get a very similar output to what we get up here in source. source groups what's happening is it's iterating over each line inside of the source groups variable so this variable contains two lines the first line is this dns admins group and the second line is the domain admins group right so we're able to run commands on each of those lines individually one at a time so what's going to happen is i'm just going to press f9 here to insert a page break actually i think i have to save the script first so let me hit ctrl s and say we'll call this copy groups okay so if i add if i press f9 now i can add a pause so i'm gonna hit f5 it's gonna start the script and now i can see the actual uh script while it's processing right so i'm gonna hit f11 to step so what's happening is it's going inside of this variable source groups which you can see here has two lines dns admins at the top and domain admins at the bottom and it's assigning the first line or the first item in the array to the variable group so right now the group is equal to dns admins now if i run this again on the next iteration group is equal to domain admins so tell me in the chat if that makes sense or if that doesn't make sense because i know a lot of people you know can get lost on the uh for each and how like looping over things work okay make sense the band okay looks like everyone's got it um okay cool everyone understands awesome so what we're going to do now is we're going to extract we're going to manipulate the text so that we pull out only this dns admins group name because this is the name of the group that we want so the way that we're going to do that is with the split command so i'm just going to hit debug and say stop debugger that way i can see or we can see exactly you know we can restart the script so i'm going to take off this line break and we're going to say we'll make a new variable we'll say this group is equal to group and we're going to say dot split and first we're going to split it based off of commas so let's go split in quotation marks comma and then let's end it right there and let's just output this group and just see what we get i'm gonna again i'm gonna end a or add a page break or line break and i'll hit f5 and we'll see what happens so i'm gonna say in the future don't this is just telling me that it's about to save it because i pressed f5 anytime you're about to run a powershell script it's gonna save it okay so here's what we got so now we have an array that consists of cn it consists of like five or six items the first line in this array is cn equals dns admins cn equals users dc equals ad and then server academy and then com this is the distinguished name of the group right so now what we need to do is again we if we split this based off the equal sign we're going to be able to iterate or kind of extrapolate into that array even further so i'm going to add another split and we're going to split all these values off of the equal sign so first we're going to call i'm going to go ahead and hit i'm going to end the in the debugger here we're going to first tell it that hey we only want to get the first line because we're not really interested in the organizational unit that the group is a member of and or the group is located we're not interested in the domain or anything like that all we really want is this first item so if do an opening uh bracket or brace and we do a zero and a closing brace that's going to tell us that hey use the first line inside of this array so now if i hit f5 and i run this what's going to happen is and i hit f11 now this group is equal to cn equals dns admins right so we can do another split and we can split it based off the equal sign so that uh cn will be equal to the zero index and dns evans will be equal to the one index right so i'm going to again let me go ahead and just end this really quick again i'm going to hit period i'm going to say split and this time we're going to say split off of the equal sign and we're going to call the first array in the index so now we're taking this line we're going to split it into another array and i'll just go ahead and delete this so you guys can see what happens before we do that and i'll go ahead and just press f5 again i'll hit f11 here now you'll see we have a new array and this array consists of two lines and the first line is cn and the second line is what we actually want which is the group name dns admins so if we tell it that hey uh let's just grab the second entry in this array we know it's going to be equal to dns admins right so i'm going to end the debugger and in the opening brace and the square and this is like with the square i think it's called a brace it's an opening i should know that i feel like but it's like the opening uh bracket and then the closing bracket i guess it would probably be a bracket i don't know now i'm curious who knows what is that is that a bracket or a brace or maybe it's neither it's a bracket okay sorry so the break the brace is the uh this is a brace right here and these are brackets so there we go got that figured out okay so let's go ahead and just press f9 let's just run the script and what should happen is it should put out it should output dns admins and it should output uh domain admins so let's go ahead and press f5 and just see what happens okay and that's exactly what happened so now we have these two uh these two group names that we can run a function on right so if we say we can do something like write host right dash host now that we have this information add our users to the group named and i'll just wrap that in quotation marks if i hit f5 it says add the users to the group names dns admins and domain admins so this is where the power of what we've just done comes into play we're running this against three users right but it doesn't matter if this user's variable up here it right now it only contains three users it doesn't matter if it contains a thousand users or a hundred thousand it's going to do the same thing and it's gonna copy the groups for you right so this is a super powerful thing thanks luke this is uh yeah you're right it is a um bracket let me just check on chat okay so let me show this here yeah chad got it down man he's got the uh yeah that's sweet that's a really nice one-liner yeah that's awesome i'm gonna run this just for fun let me see if i can copy it in here okay so if i go here and i say type text type keyboard text paste that in there so it looks like you're saying uh group membership is equal to g80 group membership dash identity template i'm not sure what template is supposed to be and then group membership yeah because i don't have these variables declared yeah so this is this is an awesome one-liner this is really cool i like this very cool yeah and the reason most likely i'm guessing why you have this air action is because uh sometimes you'll try like when we run this we're gonna get errors because uh user a is already a member of domain admins and dns admins so you can kind of make that so it doesn't show up with the red if you wanted to but it doesn't bother me to see those errors that's kind of one of the things that you want to see in my opinion um i want to know if it's airing out even if i expect to see an error then that's fine uh yeah i'm aware of it's a variable but i'm just not sure what template is supposed to be oh like source groups i think is what you're saying uh okay hash is saying are you gonna post a replay yes i will post a replay next friday what's up cj thanks man appreciate you giving me a shout out okay so let's go ahead and do this um all right we're going to go ahead and add the active directory group member so we're going to say add dash a.d group member and we're going to say identity the identity of the group is going to be this group okay and the members we could just pass uh really what we could do let's see here source we should we should be able to just pass in users but i'm not sure if this is going to work but we can try it i'm just going to run this and see what's going to happen i'm not sure this is going to work this f8 okay so i think it worked so i passed my users object to the add 80 group member now let's go into active directory and just check to make sure that it added the groups perfect so group b is now a member of domain admins and domain users and same thing for user c okay all right now here's something cool that we can do um because we're running a little bit early on time let's create uh i'm gonna wait i didn't mean to close active directory i'm gonna open that back up let's create a bunch of users and do the exact same thing so i'm just going to delete these guys and let's make another for each loop or we'll just write a for loop so we'll say four i is equal to zero i'm doing this off of memory while i is less than we'll say how about we make a thousand users right or let's just do a hundred so then we're gonna increase i i gotta double check that my syntax is right here i haven't done this in a while uh so i'm just gonna run this and this should output um yeah okay perfect all right so this for loop is gonna repeat a hundred times so what we're gonna do here is we're gonna create a hundred active directory user accounts um and we're gonna need a way to grab unique first name so we need some kind of like name generation so what i'm gonna do is random name generator i'm just going to google search a random name generator all right and we'll put this on the i'll put on the c drive if i can i'm not sure if the permissions will let me so we'll say new text document random names we'll call random dash names.txt okay and then inside of here we're going to start pasting a bunch of names okay here we go all right oh got it yeah so template is the users right perfect yeah so like the source user okay i need to find a website can someone help me find a website that can generate a list of a bunch of names doesn't matter any like doesn't matter i just need a list of names on one line at a time uh let's see how do i do this okay generate a name how many okay so i'm looking here i'm looking for some kind of website that can do this i'm just going to drag this over here so you guys can see what i'm doing so we're going to come up with a 100 random names and then we're going to create a user account for all of those users okay how many names we need a hundred um okay let's just hit generate random names and see what happens why do these not ever work uh can you make these random okay so don't let you do 50 at a time okay so let me get rid of this generate names all right perfect okay here's 50 names so i'm just going to do that again and i'm going to copy it into the so i found it guys all right so i'm just going to paste that into here and it's going to start typing it then i'm going to generate another 50 names this is going to take forever at the rate that this thing copies but oh well here we go how crazy would it be if you put in one of our names your real name that'd be cool be like winning the lottery except there's no money okay cool so now let's do the next 50. uh see if i can paste that in there okay cool now let's put in the last 50 so here we're going to have a hundred names that we're going to be able to create uh user accounts for change i think we're i think it's almost done jake doyle lloyd aguilar isaiah grimes these names go pretty good together bruno fitzgerald allie pitts marissa blake okay cool i think i just need to clean up at the top here all right so how about we write a little uh script that's going to create um all these user accounts in active directory right we'll just do that pretty easily um so we actually don't need to do this kind of for loop um we'll make a variable called new users and this is going to be equal to get dash content and we're going to say dash path c backslash and randomnames.txt okay so if i run this this should let load all those names into uh new users into this variable okay so we can call like new user zero is gonna be edward eduardo more press one and so it's gonna i'm gonna be able to iterate over these so we're gonna say for each and we'll say new user in new users and we'll write a command new dash uh first actually we need to generate passwords so let's see here um let's declare the path and the path is going to be this path so i think we actually already have this in the script here we go so we'll copy this path to our organizational unit okay now we need to generate a password password is equal to and uh i'm going to write a function get random strings uh let's see and we'll i'll have to write that function first so let's go up here and say function um generate we'll call it generate string password dash string password actually i want to string a password like that might as well make it look pretty right okay then we're going to pass length and characters okay so here's how we're going to use this function this is going to generate a random password for each user i mean really that might be overkill we could probably just assign them all the same password for this lab environment but why not it'd be kind of fun uh actually i'll ask you guys what would you guys rather do would you rather see me write a function to generate a random password for each user or would you rather i just make one password and skip that all right cool function generate random password awesome all right let's do it okay so we're going to call this let me just go ahead and load this into memory so we're going to say generate string password okay and we're going to say oops dash the length we'll do how about 14 characters and the characters that we're going to use i'll just use every character uh regular numbers and special so i'll do all my numbers so these are all the possible characters that the password can contain so now i'm holding shift and i'm entering all those numbers and i'm going to do every letter so i'm just like going down my keyboard so this is going to give our function all the possible combinations that it can do and then i'll do the same thing but capital letters okay okay obviously there's other special characters uh but this is good enough all right so it's gonna generate it's gonna pick 14 of these characters at random it'll combine them together and then it's going to pass it back to us all right that's the idea so up here what we need to do is uh we're going to make a variable called random and random is going to be equal to 1 through the length all right and then we're going to pass that to let's see for each dash object get dash random and the maximum is going to be equal to the length i'm sorry characters.length i can spell that right make sure character is that length okay all right now let's go down here we're going to declare private variable actually don't know okay anyways all right let's return a string and the string is going to be characters and then we're going to say random okay let's load this into memory and make sure it works really quick okay so every time i call this function it's going to give me a different password yes i want to extend my lab it's going to give me a different password down here in the bottom okay so i'm pressing i highlighted the function and uh you know what to save us time instead of having to call this up here why don't we just stick this down here we'll call this variable characters and we know we want it to be the same for every user so we don't need to pass that so uh we don't need this we're just gonna say 14 characters let me press f8 again oops didn't mean to do that that was an accident i have to reload this into memory okay so now if we say generate string password length 14 it's going to give us 14 characters now i can also i could do something like this say length 24 and it's gonna give me a 24 character password every time i run it i'm gonna get a different password okay so that's how you generate or write your own little kind of password generator and then you could also you know give it more complex uh passwords by adding more characters there's all kinds of more characters that we could have used but yeah this is just a start okay all right so now that we have this password what we really have to do is we have to convert this to a secure string so we need to take this uh let's see what is the best way to do this probably wrap this inside of a sub expression operator so what that's going to do is just uh consider this to be a string and we're going to say convert to dash secure string because active directory requires that you uh let me see here convert to your secure stream let's say string active directory requires that you use a secure string and not just pass it as a plain uh text right so you have to use this command convert to secure string before trying to create an active directory user account with a password okay so let's run this command and make sure that it works okay so now we get system.string uh that's perfect that's what we need when we're creating active directory accounts and every time that this function runs it's going to generate a new random password and then it's going to store it as a secure string powershell object all right yes and there's also uh you can also write there's system.web.security.membership there are built-in things that you can also do uh or built-in utilities that you can use to generate passwords as well okay so now that we got this password what we're going to do is say create new ad user okay and if we actually just say right dash host and we could just put output saying creating user account for and just say new user with password and then do call the variable password you're going to see what is essentially going to happen when we run this so let me hit f8 uh here it's creating this this is now granted i haven't created anything yet but essentially what's happening is it's going to create all these user accounts and it's going to use this password which you can't see it's it's because it's a secure string um all right so but this is going to do it it's going to do a lot of work for us all right uh so let's go ahead and get rid of that line and we'll say new dash 80 user and the new ad user is going to be let's see here um we'll say the name oh yeah we need to grab their first name and split it so first name is equal to new user dot split and we're gonna split it off of the space delimiter because every name here has a space in between the first name and the last name all right so we're gonna equal that to the first in the values and we're going to do the same thing for last name so last name is equal to new user split and then we're going to get the second half so the after the space will be the last name before the space will be the first name right so if we run this hit f8 if i output i can test this in the bottom here just say first name press enter angelica and then last name is wall okay so now we have first name and last name so let's go ahead and just call that so we're going to say new user the name is going to be equal to new user because it's first and last name uh we'll say dash given name is going to be first name and i'm wrapping these inside of quotes surname is going to be of course the last name and using tab tab completion as much as possible to limit the amount of errors that i can be making here okay what else do i need to add here let's do their sam account name now i'm going to make a new variable up here and call it username and that's going to be equal to in quotes first name dot last name and i need to test this to make sure this is going to work uh let me just hit f8 here and see what the username is going to be yeah so for angela angelica wall it's going to be angelica dot wall that's going to be your username so sam account name is going to be equal to username and then there's another one what is it user principal name right user user principal name is also going to be username and i'm just going to scroll over here okay uh account password i'm going to keep pressing tab so i get what i want is going to be equal to password and let's see we'll say enabled is equal to dollar sign true that passes the boolean to say hey that you should enable this account so that we can log into it or someone can log into if they need to okay the last thing we need to do is pass the path so we're going to say path i think this last name and we'll say it's equal to dollar sign path so it's going to create a hundred user accounts inside of this server academy organizational unit i think we're ready to go on this but let's go ahead and just try it and see what happens uh check on the comments um some people are asking for help making a vpn app no i can't help you with that on the live stream sorry about that uh what we do is one is server type related training i don't know any the first thing about creating a vpn app so that's a pretty in-depth thing i have friends who do run companies that do stuff like that but it's definitely not very straightforward uh okay cool greetings from austria what's up sinking boat i hope your sinking boat is not too sinking all right uh what's up x pros nice to see you buddy all right so i'm going to go ahead and highlight this and run it and let's just see what happens it may or may not work so i highlighted the text and i pressed f8 and it's processing so that's a good time i don't see any red errors yet we can open active directory also and hit f5 and wow we just made a ton of new user accounts so if i scroll down here we can see that we have tons and for some reason this user account was disabled that's interesting i wonder if that oh hilarious so the random password that we generated was not secure enough that's so funny so we generated a password the random password function returned a password that wasn't as secure maybe it by by just chance only selected all the lowercase letters or something like that i really wish i could see what the password was but there's no way to do that now um but yeah so that's probably why i'm assuming that's why that user account was disabled but that's okay all right so inside of here we need to find user a so what we're going to do is let's say we want to copy all of these domain admins the domain admins and dns admins membership to all of these users like i showed you before it'd be a pain to do this by hand right so what we're going to do is just rerun this line of code up here because we're going to grab this information so here we have our source user so i press f8 this is user a and i still have source groups which is dns admins domain admins so now if i run our little function here this should let me just make sure i grab this one in memory this should copy all of those groups to all of our active directory users inside the ou all right so let's go ahead and highlight this and press f8 and see what happens all right it already completed so now let's just double check the work i'm going to go here i'm going to press f5 to refresh and let's open angelica wall if i get a member of here we can see it added the groups if i check this user same thing added all the groups all right so it looks like it worked pretty much like a charm so that is i hope that was helpful to you guys that is how you can go about using powershell to automate uh and save yourself a lot of time we created a within the space of about 15 minutes we created a hundred user accounts and then we added groups active directory groups to all of those hundred user accounts uh with powershell in less than for sure less than 30 minutes so that uh would take you out it might take you days it might take you weeks to manually do that and then that doesn't account for uh human error you know i mean you might miss a few groups on a few users so using powershell is a must i need some water i've been talking a lot okay lydia's asking me how to get the first letter of the first name variable and the whole letter uh to make the sam here's what you can do all right so i still have this first name variable loaded into memory so if i hit the dollar sign i say first name it's angelica and the last name is equal to hill right if i call first name and i just passed this opening brace and closing brace or oh boy i'm confused again brace versus bracket bracket right if i call the opening bracket at zero and the closing bracket it's going to give me the first letter of the first name so if i want to construct a variable and just call it uh let's see first initial this is gonna be a terrible very name but first initial last name oh man this is such a bad variable name i could wrap this inside of a subexpression operator and i could say dot last name right and then if i wrap this inside of quotes and i'll wrap this inside of a sub expression operator also what this is going to return is a dot wall so now if i call first initial last name i have a dot wall hopefully that answers your question what's up helen someone says install temple os i don't know what that is temple os i'm looking it up it's a biblical themed lightweight operating system that's interesting definitely never heard of that that's funny yeah you learned something every day it was released in november 2017. that's hard to believe it looks like it's from like 2005 from what i can see as far as screenshots hey jessica thanks man awesome glad i hope you guys uh are enjoying it thank you phillip awesome face i'm glad you enjoy it man that's awesome cool so yeah so that's how you would go about grabbing uh the first letters if it's a string and you give it that opening bracket and you say zero it's going to grab the first character if i say first name and oops not that one yeah if i say first name uh one it's going to grab the next letter and so forth so i can grab all the letters in the string just by iterating these numbers here but zero is always going to be the first uh first letter so if you want to grab a it's always going to be zero and it's inside of a bracket yeah yeah the beast now has it down someone's asking what about export members part of a group i'm not sure what you mean by export numbers but if you want to find get the members that are inside of a group i believe let me double check myself get dash 80 group member i think it's get 80 group member so if we go here and we say get dash ad group i'm going off of memory here and we say the identity of the group is dns admins and press enter that's going to give us all the users now you're saying you want to export that uh we could say export csv let me make sure i typed that right yeah and then you can say path uh and then end quote c backslash dns admin members dot csv press enter now i have a list on my c drive oops it was right there and if i had excel i could look at this but i don't have excel but this is all the users and you can open this with excel and look at it in a spreadsheet form so if that's what you wanted that's how you would do that cool so alright so we talked about blowing up active directory doing something very destructive in this lab we're still going to do that i think that could be fun i should have that should be like a uh ritual at the end of all my live streams we should just like destroy just do as much damage as we can all right someone look up something really destructive you can do to active directory and we'll do it all right so let's see here i would like to find a it would be really nice if i could copy backwards out of this lab that i would love to be able to do that i don't know that i can though uh let me go over here what i'm going to do is just put up the features page of server accounting while i try and figure this out i'm going to try and copy this code off for you guys so that you can see uh so that when i do post the um when i post the replay you guys will have this code below the video because that'll help you guys that way you don't you can copy and paste instead of having to try and type it in manually so i just need to log into my email while that's loading i'll show you guys for those of you who aren't familiar with server academy um this is the lab that we're using serveracademy.com we offer these it labs you run in your browser so it's an in-browser rdp they're real it sandboxes and there's several labs that go from beginner to expert we offer a certificate of completion and there's the different training modules that we have so active directory um dns you know group policy sccm powershell and things like that uh then you can view our curriculum um so yeah we do offer a free seven-day trial so you guys want to give that a shot go ahead all right let me find let me find a way before i blow up this computer to um save this i think i can go to like paste bin or something like that that would probably work paste then i just sent your link to 20 of my tech friends cool man thank you faze i really appreciate that uh why don't i use vs code is ic better hmm good question um i prefer to do my powershell coding in the ise every literally every other language i a thousand percent prefer uh vs code so without a doubt yeah definitely prefer pvs code okay here we go so what do i do i've never i've used this like one time what happens if i hit paste oh that's not what i wanted i'll also give you guys this link if you guys want to do it create new paste did it work okay guys here is the script that i used if you guys want it oops okay paste bin.com let me make sure i get it right here i can't copy and paste backwards you can copy and paste into a lab but you can't go the other way so pastebin.com [Music] rqcm4puz let's make sure that's it okay here we go guys oh awesome man uh offer off ref des tv that's awesome i'm glad you enjoyed it and you should definitely check out server academy because it's full of training like this um so there we go there's the script i used i'm gonna go ahead and just make sure i save that for you guys all right did anybody find anything destructive to do to my lab it doesn't look like it yet um delete so luke's saying delete the ntds files we can do that [Music] i'm liking it i kind of want to see what happens if i just go in active directory and just delete everything that i can or we could go in the active directory schema and delete a bunch of stuff that could be cool yeah like what happens if i just click here and just say delete i imagine there's going to be oh man oh man all right i'll hold off on that for a second now this is the part of active server academy where it's not hands-on it's not practical and you should never do it awesome andre yeah i agree with shia um the ise is super out of date i did not know that vs code has first price support for microsoft that is good that's really cool to know yeah so maybe it dude maybe it is time to make the switch all right all right we're gonna do this we're gonna delete everything inside of the system we're just gonna say yes to all and just see what happens okay it's saying so it's not allowing me to delete some of this stuff this is stuff that i've never seen before okay so it wouldn't let me delete that let's try program data i wonder if i can just delete it at the root oh man dude manage service accounts see ya lost and found keys oh yeah form foreign principle security groups nobody uses these anyways oh well let me delete it there we go definitely don't need the domain controller user account okay won't let me do it uh let's try and delete some built-in user accounts and just see what happens all right let's go under c windows all right here we go here we go luke this one's for you okay not let me do it i wonder if i run powershell as an administrator yeah so i'm guessing that a lot of this stuff is in use so it's not letting me delete it but let's just dude ctrl a hit delete and see what happens yeah man this is awesome oh right sorry luke uh i got the link i got the link i got the link i'm pasting it here uh here we go boom there you go man and it's also gonna be on the server the uh link will also be on server academy so i always upload these replays under live room recordings so for those of you who are watching on youtube or at server academy uh you can check the live streams here so this is group policy was the last one that we did and uh active directory before that then we did sccm application deployments uh we worked with powershell apis so if you guys go here to live room and then recordings uh you can access that and then here's the link to launch the it lab for last week but i also included the actual code that i wrote in this live stream below the video here so that'll be all published live next friday yeah breaking networks you spend so much time building them when was the last time you broke a computer network i don't know when the last time i did it so it is fun i'm gonna let's find out what the most most destructive powershell command is if anybody knows any uh shout them out oh wow there's a uh so there's one to wipe your partition that's kind of cool let's see if that'll work all right so we're going to go down here add a couple new lines don't worry guys this is not inside of the code that that i shared with you guys uh type text clipboard text so this says new new dash partition disk number one um so basically it looks like it's trying to overwrite oh i messed that up i need to redo that oops okay hold on uh paste that and type text type clipboard text paste that in there hit okay oh get processed and then pipe it to stop process that's a good one all right uh let's give that one a shot all right i'm gonna run this yeah okay empty pipe why is there an empty pipe there oh my god okay does it need to be so this code okay whatever that one didn't work all right let's see this get dash process and we're going to pipe that to stop dash process f5 of course i do yes to all oh wow nice see ya you get the award that's awesome oh man that's awesome cheer are you a member of server academy i'm gonna give you a free month send me an email at pauletteserveracademy.com that is awesome we totally fried it okay yeah yeah uh send me an email at paul server academy.com i'm going to give you i'll give you free uh three months free how about that paul server accounting.com just hit me up that is awesome all right let's see if we can reboot it and see what happens uh reset reboot machine yes okay i need to take out the windows server installation media yeah vitor you're right it would take ages to download it or delete everything through the windows explore you right if it comes back up we'll do that oh no so luke are you saying that you accidentally delete luke said for those of you that can't see the chat um i did my accident was that i didn't double click on the profiles but i moved it so i think he's saying he accidentally was that inside of active directory okay i'm gonna i'm gonna move remove that from the chat shia just because i don't want other people to see it but i got it cool i can't believe that the server is actually booting back up that's hilarious i guess we didn't delete anything from the nta ntds yet but that uh dude that one command get process stop process that's pretty sweet all right we're gonna log back in we're not done with this yet all right let's see what we can do to this thing yeah let's just look up powershell recursive delete um it probably remove dash object so let me just see move dash oh remove dash item recursive and we'll just see what we can delete just from we'll start from the c drive alright so we'll run this as administrator okay we're gonna say cdc drive um or let's just go to windows and we'll just say um uh path can we i'm not sure if we can do it like this but i'm gonna do a backslash star i'm not sure if that'll work okay let me see what these errors are for oh yeah so access is denied right so it's denying access to a lot of this stuff i'm not sure that this is deleting anything man i'm glad you're able to fix that luke that that's definitely a massive problem i think we're freeing up space i just saw the hard drive number change i couldn't tell if it was going up or down so it looks like they have a lot of built-in uh security measures to keep you from doing this let's see if we can delete registry keys um this is way too much fun it should not be this much fun all right here we're going to hit ctrl c we're going to say remove dash item and the path is going to be h k l m and let's just do software okay and we'll say recurse hmm sub tree does not exist come on we have this server can't be this we have to we have to destroy the server someone gave me some suggestions uh fbi so we just finished up a live stream training on active directory automation with powershell i'll be posting the replay later on next friday but right now i'm just deleting everything in active directory so if the fbi has any ideas on how to do that hit me up i'm sure you guys do oh i have to do okay there we go we're making some progress now all right we're going to type the clipboard text uh let's try this we're going to declare this as path that's going to be the path that we're going to try to delete [Music] and yes i want to extend the lab okay let's go to type text yeah you hate when powershell does the red screen yeah that's my life with powershell oh yeah so they got all these yeah they're like really protected locking it down i'm surprised that we can log in let's check uh let's go back to active directory and see if we can see what kind of damage we can do there oh wow what's happening try that again see if we can just delete stuff in here manually oh that's funny yeah so now it's actually giving us errors when we're trying to access so it was deleting stuff so i wonder if we can redeclare path as this oh yeah we're starting to have problems now nice oh i think we made okay cool so i can't open server manager anymore remove dash item target directory recurs dash force yeah we did run through that um so oh yeah we may have won we may have finally gotten victory let's go move dash item let's do let's say dash path c backslash and then dash recurse i think we need to do a star right someone's asking are we i t fleet we used to operate under that name but now we're uh at server academy uh fbi's saying you're too dumb to understand this nah man we're just we're literally just messing around trying to delete everything on a computer because we're done working on it uh so the server academy labs are just little lab environments you can play around and uh you know this is pretty much what we're doing right now so here's another command so cmd we're gonna run rd let's try let's see what happens here someone's saying is that good i'm not sure what is that good means what we're doing is not is not good i can't right click and run stuff as administrator anymore okay let me see i don't think this is oh it's already administrator okay type text oh wow oh yeah so it's giving me access denied so it looks like we've deleted everything that doesn't have some kind of protection i wonder if we changed the security on it i wonder if we could do that it's gonna see windows yeah another way you can really mess up your computer networks is by messing up the security options right oh yeah so we can't edit it because we deleted stuff let's see if we can go under advanced and let's see if we can add change permission oh yeah dude this computer is totally hosed we can't even we can't even edit the permissions of the directory cool man this thing's really having a heyday most of these are access to night it looks like but maybe it's getting through with a few deletes yeah so change the owner of the directory i was trying to do that but it doesn't oh i think i deleted too much in the registry editor because if i go down here if i click on edit it just gives me this error can open access control editor the activation requires a display name to be present under the cls id key which i'm assuming we already deleted so there's that all right let's go to see what we can do in program files same thing yeah so we already ran through these before i think the get process stop process was the best command let's see if we can make these some of these services that windows relies on see if we can oh i can't search the search isn't working what's possible is just going slow because i have so many of these big commands running oops didn't mean to do that yeah this is not looking good boys and ladies uh services is what i was trying to search for i don't think i can open it though uh let's go to administrative tools maybe we can just find it here services oh yeah man i think we may have won on this uh all right so someone's saying go to yeah so i tried going um security and then going to advance but you get the same error so if i try to like say change permissions i get the same error cls id i think we might have beaten this computer effective access let's see if we can do any of this let's see if we can do everyone that looks like that doesn't exist anymore also services so yeah registrator is completely locked up let's rerun this oh yeah try the windows r button right uh so let me see here let me get the virtual keyboard here so we're gonna hit windows r nothing is happening we might be able to launch it from command prompt let me try that if i can find where is command from hiding that was always we could do it through powershell also open a new powershell instance oh and it closes right away services.msc is that right i don't know if that's the right yeah we i don't think it'll i don't think it's gonna start someone's saying use dism restore health yeah this won't work an error occurred while initiating calm security i'm telling you this screen right here is like the devil it's just having way too much fun deleting all this stuff okay so i'm saying at the top was change owner so yeah click change i get the same error here uh cls id yeah so it won't let me do any of that unfortunately unfortunately i think we may have so yeah should we try restarting it and seeing if we can log in let me see if i can get oh i shouldn't have closed that powershell because i can't get server manager to open all right let's see if we can log in see if we can log out and log back in let's restart the computer so robin was saying d e l uh c windows system 32 yeah we definitely did that uh we may have to do a hard boot here because it's not wanting to restart so i'm just going to turn it off okay so now the machine's like completely powered off i'm gonna go ahead and hit the start button and start it back up and just see what happens i should just oh your device or pc needs to be repaired oh bummer you'll need to use recovery tools if you don't have any installation media i do have installation media but we're not going to repair it so damage done so like i was saying with the server academy it labs all i got to do is say end uh just cancel or say mark it as complete hit ok and then if i wanted to i could launch another lab um and just have a new instance up and running so that was the active directory users and computers if i click on launch now i have an up and running a working it lab so yeah that's what's so great about these labs you can have fun like that mess around and it's no big deal but guys i think that's gonna wrap it up uh we finally beat the vm thank you for helping me do that uh i hope you guys enjoyed the live stream i hope you guys uh were able to learn some stuff today again if you enjoy this type of training please subscribe like the video of course and also if you want to take your it creates the next level or your skills to the next level make sure you give the server academy free trial a try i'll post that link down here in the description it's server academy dot com slash cf slash trial and that page looks like this i'll show you guys really quick robin's saying uh nice training cool man i'm really glad you enjoyed it thank you very much for checking it out actually that's probably the bad link what you'd want to do is do here let me say or organic trial i think it's the link now now i'm not sure what the link is so i gotta go find the link yeah but thank you guys for coming and checking this out uh if you guys have requests for the next lab that we're gonna do uh make sure that you um let me know either email me or just comment on this video so i can see what you guys want uh i the last this was actually done off of request the whole like nested loops um how to copy active directory group memberships from one user to another that's all based off of requests so i try to make these live streams as practical to you guys as possible uh it helps me also stay connected with you guys so i understand um you know what you guys are wanting to learn so just let me know um again give server academy a try it helps me out we're a small business we trained a lot of people uh in pretty much every country in the world but we're still getting just getting started so uh if you guys want you can hit up that page i think in the link that i just pasted on youtube for those of you who aren't a member uh this page kind of explains everything that we offer like these it labs that you're seeing here but yeah there's online it labs there's the step-by-step videos it's skill certification things like that uh there's a little video here that kind of gives you a walk through the platform but everything you'll learn you can view the actual curriculum there and then we have like a q a and then you can if you guys are interested you can sign up here at the bottom um but this is the actual curriculum that we teach there's nine modules and it's everything from installing configuring the server active directory group policy dns dhcp and the list goes on you can check that out here but uh this is everything that you can learn inside and all these are video lectures uh step-by-step instructions and things like that so it's just like what you got today is a little taste the videos are pretty short you know i try to keep them anywhere from five to ten minutes long so it's easy to hop in and just digest a few lectures and then hop back off all right guys well that's gonna wrap it up for today thanks for hanging out with me for this uh the past hour or so hour and a half uh again this this replay will be live uh next friday yeah so seven days from today this replay will be live on the site and yeah make sure you subscribe to the calendar we have on the uh calendar at the bottom of the live stream page serveracademy.com live wait i'm not going to go there because last time i did this i ended the live stream for like everyone like 20 times so i'm not going to do that but at the bottom of that page you can see that uh and that has the calendar for when i'm running the next live stream and things like that okay awesome dark that's really cool i'm glad that you're enjoying the training that's good that that is very that makes me happy definitely cool all right well everyone have a good weekend have a good friday and i will see you guys in the next live stream bye you

Info

Channel: Server Academy

Views: 30,341

Rating: 4.9695239 out of 5

Keywords: Server Academy, Windows Server, Active Directory, IT Training for Beginners

Id: 3k9xcPtE7Cs

Channel Id: undefined

Length: 82min 13sec (4933 seconds)

Published: Fri Nov 13 2020