Windows PowerShell and Manipulating Active Directory

operation wouldn’t alright so this week is all gonna be about week eight hours she’ll Active Directory right this is not due until Friday after all right so Facebook first Active Directory then playing space invaders now hopefully you guys are okay with any in the class on a video game I mean I figure it’s a whole lot more fun than learning how to do other stuff because I mean hey there it is alright so Windows PowerShell Active Directory so this one’s gonna be actually a really minimal project for you guys because there’s not a whole lot here it’s mostly going to be tooling around when I did this as I did everything on Windows Server 2008 r2 alright so everything here works on Windows Server 2008 r2 so you need Active Directory running up and configured let’s try to get to here while I’m here unless someone else wants to help someone get set up a natural directory for stalling issues with DNS you need to have Windows PowerShell a Windows PowerShell addressed directory is right here so you guys can see all the things you can do and Windows PowerShell with Active Directory we’re just gonna cover a couple of the things that you would normally do on a given day and then a couple of users in Active Directory that we can manipulate so we’re gonna play around with a couple of people alright so when you set it up you just go ahead you set up Active Directory like you would at any other time and again if we’re having problems with us let’s get this part knocked out today while I’m here other than that it would be wim our trusty assistant it would be helping you alright so again you just set it up one of the cool thing though is do you click on the ad PowerShell tool link that’s going to show up you’re actually gonna see an Active Directory module for PowerShell resources at the bottom of that screen alright so this is a really handy link if you forget stuff it’s right there at the bottom of the screen so you can actually address it right off the bat and yeah I kind of underlined it and circled it with my the one that’s underlined trying to make it and this is what it looks like just in case so you’ve got it right so you can kind of read through the changes that they made and all the other things so it’s really kind of cool and yes I know that I did this an internet explorer switch yep I know but it was it was what I had we all have some all right do you remember to run dcpromo to get the thing up and running all right then you run through it you go in your case your Active Directory should be on your own if you just use like I just used instructor Highline edu and there’s no domain named instructor to Highline dot edu so I was really lucky domain functional matter doesn’t issue doesn’t matter not in this case because again you’re really just gonna make an isolated after directories so you can do things DNS and all the features for the eighty process unless you’re the DNS Antichrist then we’ll need to work on that some more and then run Active Directory users and computers because that’s really where we’re gonna be if you don’t remember how to get there and start Administrative Tools after the Directory users and computers does in case you don’t remember or you have never done it before so make sure the ad works this is a convertor you want to be so you kind of want to see your domain and then you want to go to users and you should see all the inbuilt users just to see yourself and a couple of other people guest user which is always fun alright and you want to make a couple of users an ad right so just make a couple years so I made Jane frost and monkey person Jane frost and monkey person just because I really wanted something to remember that was really really easy monkeys I have this thing about flying monkeys we all know this it’s a all right now when you install Active Directory and you install it correctly you should see in your main screen Active Directory module or PowerShell and this is mostly where we’re gonna be working in alright so we’ll make your life tons easier if you just have access to this no you don’t have to look anything up it just goes right there and boom you’re into the whole process alright to verify it works right to make sure that you have all the things when you open it up just do a get module minus sign list alright so you can see all the Active Directory modules that are in there already so you can actually see what new modules have been imported into your PowerShell alright kind of makes it interesting so remember get module a minus sign list gives you what it gives you all the list of modules that are in there whoo-hoo all right now let’s listen to check out a user all right so we want to do get 80 user Jack Frost so we need to use their login name not necessarily the full name you just need to have their login alias right and what it will do is you say get add user Jack Frost what we’ll do is we’ll cop up everything that it knows about Jack Frost all right so whatever user you make there’s everything it knows about it and if you just made really minimal users then your list is really really short

hmm yes yeah we’re gonna get there yeah yeah well we’ll get that well get there now one of the things I thought that was really interesting is the cost of the user said those are like really really handy at times all right user sins are cool because it points to the location in this security access manager database underneath these system Windows 32 blah blah blah blah blah said is this is a subject identifier it’s a unique identifier for every object in the system once you know it said you know what you’re dealing with all right you can disable an account or an able account so we can go ahead and we can disable Jack Frost so disable minus sign ad account Jack Frost and that kills him he’s dead zone dad can’t do anything with it can’t well again can’t make bacon doesn’t know how to do orange juice so when we’re done we kind of need to enable them so it’s enable minus sign ad account and Jack Frost and he’s up and running back exactly where he was without a password change so if you need to disable someone for a little bit because you have to do an investigation on them just disable them for a little bit let them call the helpdesk while you’re off doing your thing and then enable them later on so kind of a neat forensics kind of way of looking at things excuse me all right now when you’re interacting what you can do is you could if you want to go straight into and actually interact with the ad you need to go from PowerShell to PowerShell director to do that you just type in SL ad and it will take you to this command prompt you see this command prompt that’s really really good now one of the things I discovered yesterday is that there’s a shortcut notation within PowerShell and I didn’t notice before SL actually means set location so you so there’s already some macros in there for some of the cool stuff you can do so if you see someone using a sow that means they’re using something called set location I don’t want you to go to a specific location and the powershell map so i thought that was really kind of a cool thing so you could also type set location set minus sign location ad and it would do the same thing so it depends on if you want to use the macro or not so it’s kind of a neat handy shortcut get help get minus sign help will yep so it’d be set – on location space get minus sign help and it will give you everything in this big huge yeah and it’s really a mess but it’s there if you want it come back to me on that one we’ll roll back around on that one all right so if you type in dirt while you’re there right while you’re in there you’ll see the instructor configuration schema domain DNS zones and forest DNS zone so you’ll see all the stuff it you’ll see it by its distinguished name and what ends up happening when you’re running around in here you actually have to do everything by its f DQ n it’s fully qualified domain name so it’s that location what you want to do is you want to enter your Active Directory so you would do a set – location or SL DC equals your fully qualified domain name right and then you should be able to see that that you’re here with your command prompt you do this command and then your command prompt stretches all the way across the string but it tells you exactly where you are in Active Directory which is good all right and then verify by entering der and it will show you everything that’s part of that domain all right again this is not going to be a really hard exercises for week 8 yes sir ok I’ll fix it alright nope these are good alright so we’ll show you that we have a user out of place right that we have another user out of place that we have a container for users with some of the users sky ape and Jack Frost ended up kind of floating out there as users but they’re not in the right bucket sky 8 is a really good comic book all right set your location to see end users do a dirt and you’ll see all the users that are part of this either by user or by group so again fairly straightforward you just kind of move through it like you would move through a regular system instead of CD at set location all right container name so CN container name is users so inside the container users I have all these people will get there alright now you can map your actor

directory is a drive by using the new PS drive command alright so if you don’t want to go through all this SL ad a set location into this and all the rest of it you can actually map it out as a as a drive so you can do new PS drive name the instructor the PS provider active directory from route ad just goes straight to here and what you’ll do is you’ll see a mapping then that will actually go ahead and set it up so that all you have to do is CD into instructor and you end up inside of the active directory room mm-hmm yeah if you map it as a new PS drive at CD but it kind of makes it a little bit easier to tool around in there because then you can make a bunch of shortcuts as drives that will look like in your regular drive mapping mm-hmm so if you remember from week one when we typed in PS drive and you saw those other drives you could just CD into you can actually make your root user container its own drive as far as PowerShell is concerned so it’s kind of a neat shortcut if you don’t want to type all this stuff to get there you just map it as a new drive and call it good so that was kind of interesting if you get an item right if you want to get properties for the Sam account name for everybody that’s inside that container right so what we did is we pulled up the container users as part of instructor Highline edu and we wanted the property of all the account names all right here the access manager account names and this will cop out everybody that works in here and how it worked there kind of a neat way of finding out who all’s in a particular container so get item another really good command and then you can also use wildcards which I thought was really nice so if you just want to do properties for everybody that’s in there you just wildcard it and you can figure out it will just drop the whole list and then you can export that as a CSV however you want to do it alright export is an HTML page shove it on the Internet life is wonderful security wise not so much but that’s the rest of it but it really does it coughs out a lot of information about who’s who when they were made all the rest of it so kind of a neat trick all right so there’s a script to debug in here and this is your objective is to debug this script to add users right if you’ve got a couple users that you can play around with so what it does is you basically import the module active directory so make sure the actor active directory is loaded right and for each users you want to import off of CSV something called my users CSV so you’ll need to make that alright so where each user in users they have an oh you an organizational unit of Department they belong to it’s like I belong this vif department all right you guys belong to the CIS department so you could be CIS but you can leave these intact if you want to your domain though should be your name Highline GTU alright so you kind of want to organize this a little bit write detailed name first you first last name Dan Morrill guy 8 Jack FRA all that kind of good stuff first name last name user first name write as part of the Sam account user principal Sam mydomain.com so it’d be Jack froth at instructor Highline edu you figure out what you need to put into the CSV table by reading the code there’s kind of a neat way you working in a spreadsheet right now and so you’re gonna have a oh you detailed first name first name first letter of last name Sam account which is their use their first name right user principal Sam at their email address all right logon script if they have a login script you can leave this blank so if you want to pop up consent to monitoring you can put that in there hold on til I’m done all right home der if they’ve got one or if it doesn’t work they may have actually a home der that’s you have to actually do directly so there’s two ways of doing this if this fails it will go to here all right new ad user and then start putting in they’re done you start doing all the rest of this it says the password never expires to true which is it bad all right so how would we fix that yep exactly you set it to false if you don’t want their password if you want their password to expire right and then you can also change it to password as blank if you want it to be but I didn’t do that alright so this is the script you’re going to be working with and what you’re gonna do is you’re gonna cop out a spreadsheet that has all these little odds and sods in it right so the script on the preceding page requires a CSV of usernames and what places they exist right that’s your first product we’re week’ well then look at how the

script could be set up to show and this the CSV file save a detailed name first name first letter Sam etc right build a CSV with those headers and there are a couple of entries and then attempt to import the import may not work right especially if we don’t have what set what policy to what that execution policy to unrestricted very good very good all right and if you can’t try to screencap your users in your active directory so I would get the spreadsheet and I would get the screen cap of a successful import if you can alright because I’m asking you to do something a little bit more complex here and you guys don’t program in dotnet and I know that and I’m good with that all right this is why week 9 is gonna be so much more interesting but that’s basically what you need to do I’m really gonna be looking at your CSV file to make sure that you were able to read the title headings in the code all right so what I’m really gonna be looking for is a CSV with a couple of people in here that matches all this stuff out right because remember all these are variables just like you did in Linux drifting if it’s a variable it’s something to declare if we’ve declared it then it has to have an object in there all right so each one of these things presided by a dollar sign is really what’s going to be in your PSD file and then this is your operational code and then this user Prince Prince II matches that user princey all right you want to make sure that you don’t double up on that you point back to it in the spreadsheet so it kind of makes that so this is what I’m looking for and if you are successful and you can get it to actually go in God’s cool I want you to at least attempts to do the import right it will either work or it won’t work it’s a black and white issue all right if you’re running out of time on Friday the 31st just send me your spreadsheet and I’m good with that now the fun part is what comes after yes ma’am you had a question yes we were studying in variables 1 1 2 3 1 2 3 4 first letter first letter first name equals first name substring okay yep mm-hmm yeah you can just leave that straight no it’s a pop-up that’s either a warning or something else you don’t have to create it you just need to be able to point to something that’s like a consent to monitoring all right then just use what you got use what you got if you’re already up and running just use what you got and I’m fine with that all right so kind of makes sense anybody got any questions are we good all right now there’s one other thing I kind of want to bring up before we really get going all right into this I want to kind of bring up week 9 I’ve been trying to figure out a way to make this the last week of this class a lot of fun so the last week of class we’re gonna do a little bit of ASCII art and we’re going to make space invaders game all right so if you get done with Facebook and you get done with Active Directory I’m gonna start looking at the code that’s in here right and look at the PowerPoint and kind of walk you through a little bit of it all right we’ll do more when I come back ok but I want to make sure you guys know that week 9 is available to you if you want to go make some really gorgeous ASCII art or you want to just play space invaders on your computer right either way I’m good with it they do they do I just want you guys to know that that’s there so if you whip through everything and you get all this stuff done there’s more to do but this will be your last project all right the space invaders game in the Asghar the last thing to do in this class and I’ll be looking for your space invaders game on June 10th yes sir the ASCII arts really easy yeah the space in the space invaders game is actually kind of fun and you know I might as well take advantage of the fact that you’re working on a Windows box and got some really cool graphics and we can do graphics and PowerShell in ways we can’t do in Linux scripting so I decided to have fun with the last week hopefully no one mine does anybody have any objections to having fun are you sure you do okay sure I mean I can give you something like backing up users out of

Active Directory if you want okay all right so that’s basically how the rest of the class goes right and you carry on and you’ll carry through in your own speed and at your own pace and I’m good with that how many people have Active Directory up and running and good to go alright how many people need help with Active Directory and getting it up and running and more stuff because between me and wim I want to try to get you guys all up and running by the end of today so you’ve got it all right so it kind of makes sense all right what you got we’re on camera what you got okay well I’ll come over and help you in a minute all right so this is your video this is what we got when I come back we’ll go through and we’ll actually go through the code of the video game so you guys can can see how this thing works and get it running