a few powershell scripts

.gitattributes

@@ -0,0 +1,22 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs     diff=csharp
+*.sln    merge=union
+*.csproj merge=union
+*.vbproj merge=union
+*.fsproj merge=union
+*.dbproj merge=union
+
+# Standard to msysgit
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain

.gitignore

@@ -0,0 +1,36 @@
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# =========================
+# Operating System Files
+# =========================
+
+# OSX
+# =========================
+
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must ends with two \r.
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes

check-repadmin.bat

@@ -0,0 +1 @@
+repadmin /replsum /bysrc /bydest /sort:delta > "c:\scheduled tasks\repadmin-output.txt"

delete users over 30 days.ps1

@@ -0,0 +1,8 @@
+Stop-Transcript
+Start-Transcript -path C:\scripts\deltusers.log -Append
+get-date
+$90Days = (get-date).adddays(-30)
+#Get-ADUser -SearchScope OneLevel -SearchBase "ou=disabled users,dc=contoso,dc=com" -filter {(lastlogondate -notlike "*" -OR lastlogondate -le $90days) -AND (passwordlastset -le $90days) -AND (enabled -eq $false)} -Properties lastlogondate, passwordlastset | Select-Object name, lastlogondate, passwordlastset 
+Get-ADUser -SearchScope OneLevel -SearchBase "ou=disabled users,dc=contoso,dc=com" -filter {(lastlogondate -notlike "*" -OR lastlogondate -le $90days) -AND (passwordlastset -le $90days) -AND (enabled -eq $false)} -Properties lastlogondate, passwordlastset | foreach-object {"deleting " + $_ ;Remove-ADObject $_ -confirm:$false}
+get-date
+Stop-Transcript

export BL keys.ps1

@@ -0,0 +1,21 @@
+$keys = Get-ADObject -LDAPFilter "(&objectcategory=CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=contoso,DC=com)"
+#$keys | ft DistinguishedName -AutoSize #> out2.txt
+$EncryptedComputers = @{}
+foreach($key in $keys)
+{
+    $extractedcomp=$key.distinguishedname.substring($key.DistinguishedName.LastIndexOf("CN=")) #$key.DistinguishedName.TrimStart("CN=" + $key.Name).substring(4)
+    #if ($extractedcomp.Contains(":00")){break}
+    if ($EncryptedComputers.ContainsKey($extractedcomp))
+    {
+        $encryptedcomputers.set_item($extractedcomp,[int]($encryptedcomputers.get_item($extractedcomp) + 1))
+        #echo "true"
+    } 
+    else
+    {
+        $encryptedcomputers.add($extractedcomp,[int](1))
+        #echo "false"
+    }
+}
+$EncryptedComputers.GetEnumerator()| Sort-Object Value -Descending |select-object -Property name, value  | Export-Csv -Delimiter (";") -NoTypeInformation -Path "c:\scripts\bitlocker Keys.csv"
+
+#there is a known issue where the $keys.name does not match up with $keys.distingueshedname if the distingueshed name has a "\" which is important for line 6

get-members.ps1

@@ -0,0 +1,107 @@
+<#
+.synopsis
+script will output to screen and csv file in the same path as script the members of this group and the attributes requested
+
+.description
+if using the -attributes switch it will only take a array of strings (1 or many) of attributes. 
+prerequisite includes AD module for powershell and powershell 2.
+
+.example
+.\get-members.ps1 identity
+
+.example
+.\get-members.ps1 -groupname identity
+
+.example
+$customattributes="givenname","sn","mail","employeeid"
+.\get-members.ps1 identity -attributes $customattributes
+
+#>
+[cmdletbinding()]
+param(
+    [parameter(mandatory=$true,position=1)]
+    [string]$groupname,
+
+    [parameter(mandatory=$false)]
+    [string[]]$attributes=("sn","GivenName","mail")
+)
+$filepath = split-path -parent $MyInvocation.MyCommand.Definition
+if ($filename.Substring($filename.Length-1) -eq "\")
+{
+    $filename = $filepath + $groupname + ".csv"
+}
+else
+{
+    $filename = $filepath + "\" + $groupname + ".csv"
+}
+$members=$null
+$members = Get-ADGroupMember $groupname -Recursive
+$admembers=@()
+$params=@{'properties'=$attributes}
+foreach ($member in $members)
+{
+    $admembers += get-aduser $member -Properties $attributes
+}
+if ($admembers -ne $null)
+{
+    [string]$message=($admembers | ft -Property $attributes -AutoSize)
+    Write-Verbose $message
+    $admembers | select-object $attributes | Export-Csv -Delimiter "," -NoTypeInformation -Path $filename
+    $message="file " + $filename + " Created."
+    Write-Verbose $message
+    Wait-Event -Timeout 30
+}
+
+
+#old query
+#$members = Get-ADGroupMember $groupname -Recursive | % {
+#	$group=$_
+#	get-aduser $_ -Properties GivenName,surname,mail | select @{n="Group";e={$group}},GivenName,surname,mail 
+#}
+
+#function Load_Module
+#{
+#    param (
+#        [parameter(Mandatory = $true)][string] $name
+#    )
+#
+#    $retVal = $true
+#
+#    if (!(Get-Module -Name $name))
+#    {
+#        $retVal = Get-Module -ListAvailable | where { $_.Name -eq $name }
+#
+#        if ($retVal)
+#        {
+#            try
+#            {
+#                Import-Module $name -ErrorAction SilentlyContinue
+#            }
+#
+#            catch
+#            {
+#                $retVal = $false
+#            }
+#        }
+#    }
+#
+#    return $retVal
+#}
+#
+#$moduleName = "ActiveDirectory"
+#
+#try 
+#{
+#    if (load_module $moduleName)
+#    {
+#        Write-Host "Loaded $moduleName"
+#    }
+#    else
+#    {
+#        Write-Host "Failed to load $moduleName"
+#    }
+#}
+#catch 
+#{
+#    Write-Host "Exception caught: $_" 
+#}

managedby.ps1

@@ -0,0 +1,11 @@
+$searcher = new-object System.DirectoryServices.DirectorySearcher
+$searcher.filter=”(&(ObjectClass=computer)(Name=$env:computername))”
+$find = $searcher.FindOne()
+$thispc = $find.GetDirectoryEntry()
+
+$searcher.filter=”(&(ObjectClass=user)(samAccountName=$env:username))”
+$find = $searcher.FindOne()
+$me = $find.GetDirectoryEntry()
+
+$thispc.InvokeSet(“ManagedBy”,$($me.DistinguishedName))
+$thispc.SetInfo()

port check.ps1

@@ -0,0 +1,42 @@
+#53            TCP UDP Domain Name System (DNS) 
+#88            TCP UDP Kerberos—authentication system 
+#123               UDP Network Time Protocol (NTP)—used for time synchronization
+#135           TCP UDP DCE endpoint resolution (domain controllers-to-domain controller and client to domain controller operations)
+#139           TCP UDP NetBIOS NetBIOS Session Service 
+#389           TCP UDP Lightweight Directory Access Protocol (LDAP) 
+#445           TCP     Microsoft-DS Active Directory, Windows shares & Microsoft-DS SMB file sharing
+#464           TCP UDP Kerberos Change/Set password 
+#636           TCP UDP Lightweight Directory Access Protocol over TLS/SSL (LDAPS)
+#1025-5000     TCP     RPC low port range for server under windows 2008 or client under windows vista
+#3268          TCP UDP msft-gc, Microsoft Global Catalog (LDAP service which contains data from Active Directory forests)
+#3269          TCP UDP msft-gc-ssl, Microsoft Global Catalog over SSL (similar to port 3268, LDAP over SSL) 
+#3389          TCP UDP Microsoft Terminal Server (RDP) officially registered as Windows Based Terminal (WBT) 
+#47001         TCP     WinRM - Windows Remote Management Service
+#49152-65535   TCP     RPC high port range required for server 2008 server or windows vista client or higher
+
+$ports=53,88,135,139,389,445,464,636,3268,3269,3389,47001,49153
+$servers=$null
+
+$ErrorActionPreference="silentlycontinue"
+function get-portstatus([string]$ip,[int]$port)
+{
+    $t = New-Object Net.Sockets.TcpClient $ip, $port
+    catch [exception]
+    {
+    }
+    if($t.Connected)
+    {
+        write-host ($ip + ":" + $port + " is operational") -NoNewline
+    }
+    else
+    {
+        write-warning ("can't access Port " + $ip + ":" + $port)
+    }
+ }
+foreach($server in $servers)
+{
+    foreach($port in $ports)
+    {
+        get-portstatus -ip $server -port $port
+    }
+}

provision-deprovision count.ps1

@@ -0,0 +1,116 @@
+<#
+.SYNOPSIS
+will return the number of provisions and deprovisions in AD by the week and also provide a breakdown by opco
+.DESCRIPTION
+does not require special rights to run
+#>
+$ErrorActionPreference = "Stop"
+([System.Datetime] $date = $(get-date)) > $null
+$lastsunday = -($date.DayOfWeek.value__)
+$i=$lastsunday
+$companycount=@{}
+$companystats=@()
+do
+{
+    $checktime = (get-date).adddays($i)
+    $endofweek = (get-date).adddays($i+7)
+    $users=Get-ADUser -Filter {whencreated -ge $checktime -and whencreated -le $endofweek} -Properties whencreated,extensionattribute3 -SearchBase "OU=User Accounts,OU=Users,OU=Accounts,DC=contoso,DC=com" | where {$_.Enabled -eq “True”} 
+    "total active users created the week of " + $checktime.ToShortDateString() + " are " + $users.length
+    $companycount=@{}
+    foreach ($user in $users)
+    {
+        if ($user.extensionattribute3 -eq $null)
+        {
+            $user.extensionattribute3="blank"
+        }
+        if ($companycount -eq $null)
+        {
+            $companycount.add($user.extensionattribute3,1)
+        }
+        else
+        {
+            if ($companycount.contains($user.extensionattribute3))
+            {
+                $companycount.($user.extensionattribute3)=($companycount.($user.extensionattribute3) + 1)
+            }
+            else
+            {
+                $companycount.add($user.extensionattribute3,1)
+            }
+        }
+    }
+    foreach ($key in $companycount.GetEnumerator())
+    {
+        $companystat=New-Object System.Object
+        $companystat | Add-Member -MemberType NoteProperty -Name company -Value $key.Name
+        $companystat | Add-Member -MemberType NoteProperty -Name count -Value $key.Value
+        $companystat | add-member -MemberType NoteProperty -Name date -Value $checktime.ToShortDateString()
+        $companystats+=$companystat
+    }
+    $i=$i-7
+}
+while ($i -ge -31)
+
+$companies = $companystats.company | Sort-Object | Get-Unique
+$dates     = $companystats.date | Get-Unique
+$companytable=@()
+foreach ($companyid in $companies)
+{
+    $tablerow=new-object System.Object
+    $tablerow | Add-Member -MemberType NoteProperty -Name companyid -Value $companyid
+    foreach ($date in $dates)
+    {
+        $record=$companystats.Where{$_.company -eq $companyid -and $_.date -eq $date.ToShortDateString()}
+        if ($record -ne $null)
+        {
+            $tablerow | Add-Member -MemberType NoteProperty -Name $date.ToShortDateString() -Value $record[0].count
+        }
+        else
+        {
+            $tablerow | Add-Member -MemberType NoteProperty -Name $date.ToShortDateString() -Value 0
+        }
+    }
+    $companytable+=$tablerow
+}
+
+
+
+#$users=Get-ADUser -Filter {whencreated -le $checktime} -Properties whencreated -SearchBase "OU=User Accounts,OU=Users,OU=Accounts,DC=contoso,DC=com" | where {$_.Enabled -eq “True”} 
+#"total active users created before the week of " + $checktime.ToShortDateString() + " are " + $users.length
+<#
+$i=$lastsunday
+do
+{
+    $checktime = (get-date).adddays($i)
+    $endofweek = (get-date).adddays($i+7)
+    $users=Get-ADUser -Filter {whenchanged -ge $checktime -and whenchanged -le $endofweek} -Properties whenchanged -searchscope OneLevel -SearchBase "OU=Disabled Users,DC=contoso,DC=com" | where {$_.Enabled -ne “True”} 
+    "users disabled the week of " + $checktime.ToShortDateString() + " is " + $users.Count
+    $companycount=@{}
+    foreach ($user in $users)
+    {
+        if ($user.extensionattribute3 -eq $null)
+        {
+            $user.extensionattribute3="blank"
+        }
+        if ($companycount -eq $null)
+        {
+            $companycount.add($user.extensionattribute3,1)
+            $user.extensionattribute3
+        }
+        else
+        {
+            if ($companycount.contains($user.extensionattribute3))
+            {
+                $companycount.($user.extensionattribute3)=($companycount.($user.extensionattribute3) + 1)
+            }
+            else
+            {
+                $companycount.add($user.extensionattribute3,1)
+            }
+        }
+    }
+    $companycount    
+    $i=$i-7
+}
+while ($i -ge -31)
+#>