AD GPO & SW Deploy - devinziegler/Devin-Tech-Journal GitHub Wiki

Navigating AD in PowerShell

I will go over some cmdlets that are used in this lab. These will include:

New-ADOrganizationalUnit
Get-ADOrganizationalUnit
Get-ADObject
Move-ADobject
Remove-ADOrganizationalUnit
Set-ADObject

Listing OUs in AD

Use the cmdlet Get-ADOrganizationalUnit to list OUs in AD. More documentation for this cmdlet can be found here: Microsoft Learn

Here is an example command for listing all OUs:

Get-ADObject -Filter 'Name -like "*"' | Format-Table Name, Distinguised Name -A

Making OUs in AD

Making a new OU will make use of the New-ADOrganizationalUnit cmdlet. More documentation for this cmdlet can be found here: Microsoft Learn

Here is an example command for making a new OU in my devin.local domain called Software Deploy.

New-ADOrganizationalUnit -Name "Software Deploy" -Path "DC=devin,DC=local"

Deleting OUs in AD

Deleting an OU in some cases requires two steps. First we have to remove the Accidental Deletion Protection, then we can delete the OU. This will require two cmdlets:

Get-ADOrganizationalUnit Microsoft Learn
Remove-OrganizationalUnit Microsoft Learn

Here is an example of me deleting an OU called Test OU using the following commands:

Get-ADOrganizationalUnit -Identify "OU=Test OU,DC=devin,DC=local" | Set-ADObject -Protected

Moving Objects Between OUs in AD

Objects can be moved into OUs using the Move-ADObject cmdlet. More information can be found here: Microsoft Learn

Here is an example of me moving my named user from Test OU into Software Deploy:

Move-ADObject -Identity "CN=devin.ziegler,OU=Test OU,DC=devin,DC=local" -TargetPath "OU=Software Deploy,DC=devin,DC=local"

These full paths can get a little complicated so I recommend scripting and saving these paths to a variable that is easier to remember.

Event Logs

Windows event log is an in-depth record of events related to the system, security, and application stored on a Windows operating system. Event logs can be used to track system and some application issues and forecast future problems.

Viewing Logs in PowerShell

Viewing Event Logs in PowerShell will make use of the Get-WinEvent cmdlet. More information about the cmdlet can be found here: Microsoft Learn

Here is an example of me locating a log for successful putty installation.

Get-EventLog -LogName System -InstanceId 302

This example relies on the fact that you know the instanceId for the given log

When the instanceId is unknown, you can use the -Message flag to locate keywords that might be in the message. For example:

Get-EventLog -LogName System -Message "*putty*"

This will search the System logs for all log entries that contain putty in the instanceId Message.