Author Archives: Albert van Boerum

Copy files with progress indicator with Powershell


Copy files with progress indicator with Powershell


List AD group membership readable


If you want to get a list of all the AD groups a user is member of you can use

This will give you a overview of the groups the user is a member of. It is however not easy to read. To get a list use Get-ADPrincipalGroupMembership. This will give you a list with one groupname per line.



To view the hierarchical structure:


Note that the last result does not display the domain users

Grand access to a user mailbox


To grand access to a user mailbox use the you have to Add Mailbox permissions to the mailbox.

In this example the user avanboerum gets full access to the mailbox of johndoe.

Remove old logfiles from Exchange servers


You can use Powershell to remove old logfiles from exchange servers. Those logfiles are located on the Client Access Servers (CAS servers) in the inetpub folders.

To remove the files older then 60 days use this script.

Fill in your own CAS servers on the variable $servers line. You can use as many as you want to.


Use Windows Forms to generate GUI messagebox


a usefull post from: credits for Jaap Brasser

While it is great that PowerShell can do so many things in the background without having to interact with it, occasionally it might be useful to have a graphical notification. For example, when a job finishes or when input is required in order for the script to be able to continue. For this purpose a popup window can be displayed; this is possible using the Windows.Forms namespace and in particular the MessageBox class.

The following example will display a MessageBox form with an OK button and the ‘Hello World’ text:

The MessageBox class can accept more arguments than just a single string. To explore the possible constructors the Show method can be called without any parameters displaying all OverloadDefinitions. In the following code the OverloadDefinitions and the total count of possible definitions will be displayed:

The output from the previous command shows that it is possible to change the MessageBoxButtons and that it is possible to add a MessageBoxIcon. The GetNames method of the Enum class can be called to enumerate the possible entries for these options:

The parameters for Title, Caption, MessageBoxButtons and MessageBoxIcon will be specified to create a new MessageBox. The output will be stored in the $MessageBox variable and can be used for further execution in the script:

For more information about the MessageBox class and to view all the definitions have a look at its MSDN entry:

MessageBox Class

Check a service on alle servers


You can use this script when you want to check multiple servers for the status of a service.

This script gets all the servers from the AD and test is they are available. Next it checks if there is a service with the name backupexecagent* and then displays the status.

The script below is not the most efficient script but it does the trick.

If someone knows how to make this run faster… please let me know.

Move files older then x hours


Schedule a task if you need to move files older then x hours to an other folder.


Find files on all workstations with powershell


You can find files on all workstations with powershell with a short code.

First make a list off computernames and put them into a variable

Next use Invoke-Command to send the Get-ChildItem to those computers.

Notice that I create a new table entry for the computername in this line. It uses the computername environment variable:

Get FSMO roles with powershell


You used to use the command “netdom /query fsmo” to determine where the Operation Master Roles are located on you domain controllers. You can get FSMO roles with powershell in several different ways. Some of them are:

An other way to display the information is.

To move the FSMO roles to an other server:


Powershell: Get users last logon date from AD


The lastlogon time is kept on every domain controller in the AD. So, if you want to find out what the last logon time and dat of u user is, you have to check all the domain controllers.

When you check all the properties of a user using:

You get a lot of information. The most important are:

lastLogon : 130709985039216673
LastLogonDate : 12-3-2015 09:08:56
lastLogonTimestamp : 130706213360820511

The LastLogonDate is the one that is kept on the domain controller and is not replicated to other domain controllers.

The LastLogonTimestamp is the one you need. This is however a format we cannot read but we can convert it to a normal readable value.

First we need to put this into a variable so we can extract the value later.

Next we use the [datetime]::FromFileTime. This converts the unreadable number to a normal format. We do this while using only the value of the variable.

And voila, the correct format is displayed

donderdag 12 maart 2015 09:08:56


Use powershell to reset password and unlock account


A neat script to choose the users OU in the AD, select the user and lets you choose what to do. Reset a password or unlock the users account.

The script uses the out-gridview with -passtru command to ask for your input.


Simplistic GUI for Powershell input


I ran into a simple example of how you can use out-gridview with the -OutputMode switch (like -Passthru). It creates a simplistic GUI for Powershell input.

  • This script displays all servers in your domain and lets you select multiple.
  • Then it provides you with a list of powershell scripts in c:\scripts and lets you choose one.
  • At last it will run the script on those servers and presents the output in a gridview.

All kudos for Mike Robbins


Blog for MVA: Using PowerShell for Active Directory


Get to the Microsoft Virtual Academy and follow the course: “Using PowerShell for Active Directory” with Jason Helmick and Ashley McGlone (GoateePFE)

The blog of this session and the session itself are online available.

Great blog with lots of code on Powershell and active directory.

Some topics that are being addressed are:

  • Users and Groups
  • Quering
  • Forensics
  • Recovery
« Older Entries Recent Entries »